面向大数据的通用高效多模态智能合约漏洞检测框架

IF 7.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Big Data Pub Date : 2024-03-20 DOI:10.1109/TBDATA.2024.3403376

Wenjuan Lian;Zikang Bao;Xinze Zhang;Bin Jia;Yang Zhang

{"title":"面向大数据的通用高效多模态智能合约漏洞检测框架","authors":"Wenjuan Lian;Zikang Bao;Xinze Zhang;Bin Jia;Yang Zhang","doi":"10.1109/TBDATA.2024.3403376","DOIUrl":null,"url":null,"abstract":"A vulnerability or error in a smart contract will lead to serious consequences including loss of assets and leakage of user privacy. Established smart contract vulnerability detection tools define vulnerabilities through symbolic execution, fuzz testing, and other methods requiring extremely specialized security knowledge. Even so, with the development of vulnerability exploitation techniques, vulnerability detection tools customized by experts cannot cope with the deformation of existing vulnerabilities or unknown vulnerabilities. The vulnerability detection based on machine learning developed in recent years studies vulnerabilities from different dimensions and designs corresponding models to achieve a high detection rate. However, these methods usually only focus on some features of smart contracts, or the model itself does not have universality. Experimental results on the publicly large-scale dataset SmartBugs-Wild demonstrate that this paper's method not only outperforms existing methods in several metrics, but also is scalable, general, and requires less domain knowledge, providing a new idea for the development of smart contract vulnerability detection.","PeriodicalId":13106,"journal":{"name":"IEEE Transactions on Big Data","volume":"11 1","pages":"190-207"},"PeriodicalIF":7.5000,"publicationDate":"2024-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Universal and Efficient Multi-Modal Smart Contract Vulnerability Detection Framework for Big Data\",\"authors\":\"Wenjuan Lian;Zikang Bao;Xinze Zhang;Bin Jia;Yang Zhang\",\"doi\":\"10.1109/TBDATA.2024.3403376\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A vulnerability or error in a smart contract will lead to serious consequences including loss of assets and leakage of user privacy. Established smart contract vulnerability detection tools define vulnerabilities through symbolic execution, fuzz testing, and other methods requiring extremely specialized security knowledge. Even so, with the development of vulnerability exploitation techniques, vulnerability detection tools customized by experts cannot cope with the deformation of existing vulnerabilities or unknown vulnerabilities. The vulnerability detection based on machine learning developed in recent years studies vulnerabilities from different dimensions and designs corresponding models to achieve a high detection rate. However, these methods usually only focus on some features of smart contracts, or the model itself does not have universality. Experimental results on the publicly large-scale dataset SmartBugs-Wild demonstrate that this paper's method not only outperforms existing methods in several metrics, but also is scalable, general, and requires less domain knowledge, providing a new idea for the development of smart contract vulnerability detection.\",\"PeriodicalId\":13106,\"journal\":{\"name\":\"IEEE Transactions on Big Data\",\"volume\":\"11 1\",\"pages\":\"190-207\"},\"PeriodicalIF\":7.5000,\"publicationDate\":\"2024-03-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Big Data\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10535206/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Big Data","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10535206/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

智能合约中的漏洞或错误将导致严重的后果，包括资产损失和用户隐私泄露。现有的智能合约漏洞检测工具通过符号执行、模糊测试和其他需要极其专业的安全知识的方法来定义漏洞。尽管如此，随着漏洞利用技术的发展，专家定制的漏洞检测工具无法应对现有漏洞或未知漏洞的变形。近年来发展起来的基于机器学习的漏洞检测从不同的维度对漏洞进行研究，并设计相应的模型，以达到较高的检测率。然而，这些方法通常只关注智能合约的某些特征，或者模型本身不具有通用性。在公开大规模数据集SmartBugs-Wild上的实验结果表明，本文方法不仅在多个指标上优于现有方法，而且具有可扩展性、通用性和较少的领域知识要求，为智能合约漏洞检测的发展提供了新的思路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Universal and Efficient Multi-Modal Smart Contract Vulnerability Detection Framework for Big Data

A vulnerability or error in a smart contract will lead to serious consequences including loss of assets and leakage of user privacy. Established smart contract vulnerability detection tools define vulnerabilities through symbolic execution, fuzz testing, and other methods requiring extremely specialized security knowledge. Even so, with the development of vulnerability exploitation techniques, vulnerability detection tools customized by experts cannot cope with the deformation of existing vulnerabilities or unknown vulnerabilities. The vulnerability detection based on machine learning developed in recent years studies vulnerabilities from different dimensions and designs corresponding models to achieve a high detection rate. However, these methods usually only focus on some features of smart contracts, or the model itself does not have universality. Experimental results on the publicly large-scale dataset SmartBugs-Wild demonstrate that this paper's method not only outperforms existing methods in several metrics, but also is scalable, general, and requires less domain knowledge, providing a new idea for the development of smart contract vulnerability detection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Big Data Multiple-

CiteScore

11.80

自引率

2.80%

发文量

114

期刊介绍： The IEEE Transactions on Big Data publishes peer-reviewed articles focusing on big data. These articles present innovative research ideas and application results across disciplines, including novel theories, algorithms, and applications. Research areas cover a wide range, such as big data analytics, visualization, curation, management, semantics, infrastructure, standards, performance analysis, intelligence extraction, scientific discovery, security, privacy, and legal issues specific to big data. The journal also prioritizes applications of big data in fields generating massive datasets.