ContractGNN：基于漏洞子图和图神经网络的以太坊智能合约漏洞检测

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2024-09-30 DOI:10.1109/TNSE.2024.3470788

Yichen Wang;Xiangfu Zhao;Long He;Zixian Zhen;Haiyue Chen

{"title":"ContractGNN：基于漏洞子图和图神经网络的以太坊智能合约漏洞检测","authors":"Yichen Wang;Xiangfu Zhao;Long He;Zixian Zhen;Haiyue Chen","doi":"10.1109/TNSE.2024.3470788","DOIUrl":null,"url":null,"abstract":"Smart contracts have been widely used for their capability of giving blockchain a user-defined logic. In recent years, several smart contract security incidents have resulted in enormous financial losses. Therefore, it is important to detect vulnerabilities in smart contracts before deployment. Machine learning has been used recently in smart contract vulnerability detection. Unfortunately, due to the loss of information during feature extraction, the detection results are unsatisfactory. Hence, we propose a novel approach called ContractGNN, which combines a new concept of a \n<italic>vulnerability sub-graph</i>\n (VSG) with \n<italic>graph neural networks</i>\n (GNNs). Compared with traditional methods, checking a VSG is more accurate because the VSG removes irrelevant vertexes in the control flow graph. Furthermore, a VSG can be aggregated and simplified, thus improving the efficiency of message passing in a GNN. Based on aggregated VSGs, we design a new feature extraction method that preserves semantic information, the order of opcode, and control flows of smart contracts. Moreover, we compare a large number of GNN classification models and select the best one to implement ContractGNN. We then test ContractGNN on 48,493 real-world smart contracts, and the experimental results show that ContractGNN outperforms other smart contract vulnerability detection tools, with an average F1 score of 89.70%.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"11 6","pages":"6382-6395"},"PeriodicalIF":6.7000,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"ContractGNN: Ethereum Smart Contract Vulnerability Detection Based on Vulnerability Sub-Graphs and Graph Neural Networks\",\"authors\":\"Yichen Wang;Xiangfu Zhao;Long He;Zixian Zhen;Haiyue Chen\",\"doi\":\"10.1109/TNSE.2024.3470788\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart contracts have been widely used for their capability of giving blockchain a user-defined logic. In recent years, several smart contract security incidents have resulted in enormous financial losses. Therefore, it is important to detect vulnerabilities in smart contracts before deployment. Machine learning has been used recently in smart contract vulnerability detection. Unfortunately, due to the loss of information during feature extraction, the detection results are unsatisfactory. Hence, we propose a novel approach called ContractGNN, which combines a new concept of a \\n<italic>vulnerability sub-graph</i>\\n (VSG) with \\n<italic>graph neural networks</i>\\n (GNNs). Compared with traditional methods, checking a VSG is more accurate because the VSG removes irrelevant vertexes in the control flow graph. Furthermore, a VSG can be aggregated and simplified, thus improving the efficiency of message passing in a GNN. Based on aggregated VSGs, we design a new feature extraction method that preserves semantic information, the order of opcode, and control flows of smart contracts. Moreover, we compare a large number of GNN classification models and select the best one to implement ContractGNN. We then test ContractGNN on 48,493 real-world smart contracts, and the experimental results show that ContractGNN outperforms other smart contract vulnerability detection tools, with an average F1 score of 89.70%.\",\"PeriodicalId\":54229,\"journal\":{\"name\":\"IEEE Transactions on Network Science and Engineering\",\"volume\":\"11 6\",\"pages\":\"6382-6395\"},\"PeriodicalIF\":6.7000,\"publicationDate\":\"2024-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network Science and Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10700860/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10700860/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

摘要

智能合约因其赋予区块链用户定义逻辑的能力而被广泛使用。近年来，几起智能合约安全事件造成了巨大的经济损失。因此，在部署前检测智能合约的漏洞非常重要。最近，机器学习被用于智能合约漏洞检测。遗憾的是，由于特征提取过程中的信息丢失，检测结果并不理想。因此，我们提出了一种名为 ContractGNN 的新方法，它将漏洞子图（VSG）的新概念与图神经网络（GNN）相结合。与传统方法相比，检查 VSG 更为准确，因为 VSG 会删除控制流图中的无关顶点。此外，VSG 还可以聚合和简化，从而提高 GNN 中信息传递的效率。基于聚合的 VSG，我们设计了一种新的特征提取方法，它能保留智能合约的语义信息、操作码顺序和控制流。此外，我们还比较了大量 GNN 分类模型，并选择了最佳模型来实现 ContractGNN。实验结果表明，ContractGNN 的性能优于其他智能合约漏洞检测工具，平均 F1 得分为 89.70%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

ContractGNN: Ethereum Smart Contract Vulnerability Detection Based on Vulnerability Sub-Graphs and Graph Neural Networks

Smart contracts have been widely used for their capability of giving blockchain a user-defined logic. In recent years, several smart contract security incidents have resulted in enormous financial losses. Therefore, it is important to detect vulnerabilities in smart contracts before deployment. Machine learning has been used recently in smart contract vulnerability detection. Unfortunately, due to the loss of information during feature extraction, the detection results are unsatisfactory. Hence, we propose a novel approach called ContractGNN, which combines a new concept of a vulnerability sub-graph (VSG) with graph neural networks (GNNs). Compared with traditional methods, checking a VSG is more accurate because the VSG removes irrelevant vertexes in the control flow graph. Furthermore, a VSG can be aggregated and simplified, thus improving the efficiency of message passing in a GNN. Based on aggregated VSGs, we design a new feature extraction method that preserves semantic information, the order of opcode, and control flows of smart contracts. Moreover, we compare a large number of GNN classification models and select the best one to implement ContractGNN. We then test ContractGNN on 48,493 real-world smart contracts, and the experimental results show that ContractGNN outperforms other smart contract vulnerability detection tools, with an average F1 score of 89.70%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.