使用基于块的抽象语法树的联邦图神经网络的以太坊智能合约中的多类漏洞和克隆检测

IF 4.9 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-03-13 DOI:10.1016/j.compeleceng.2025.110220

Shruti Sharma, Ankur Ratmele, Abhay Deep Seth

{"title":"使用基于块的抽象语法树的联邦图神经网络的以太坊智能合约中的多类漏洞和克隆检测","authors":"Shruti Sharma, Ankur Ratmele, Abhay Deep Seth","doi":"10.1016/j.compeleceng.2025.110220","DOIUrl":null,"url":null,"abstract":"<div><div>Smart contracts on blockchain networks autonomously execute applications based on predefined conditions, making their security-critical due to the potential for significant financial losses from vulnerabilities. Current vulnerability detection algorithms commonly rely on expert-defined rules, which are prone to errors and insufficient for identifying complex vulnerability patterns. Given the immutability of smart contracts post-deployment, ensuring security before deployment is essential. This research presents Block-wise Abstract Syntax Tree based Federated Graph Neural Networks (BAST-FeGNN), a novel approach combining block-wise abstract syntax tree and Federated Graph Neural Networks (FeGNN) to detect code clones and multiclass vulnerabilities in Ethereum smart contracts. The BAST-FeGNN method operates in three stages: it first extracts security-related patterns from the base code using an abstract syntax tree; then, it constructs and normalizes a contract graph using FeGNN to capture critical nodes, analyze data and control flows. This integration of graph-based feature extraction with pattern matching allows precise detection of vulnerabilities like access control issues, reentrancy, and unchecked calls, as well as identifying code clones. Finally, the method pools these features for comprehensive vulnerability detection. BAST-FeGNN significantly enhances vulnerability detection accuracy and scalability, outperforming existing models with an accuracy of 95.35%, recall of 95.58%, F1-score of 95.80%, and precision of 96.10%, making it a robust solution for securing blockchain applications.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"123 ","pages":"Article 110220"},"PeriodicalIF":4.9000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Multiclass vulnerability and clone detection in Ethereum smart contracts using Block-wise Abstract Syntax Tree based Federated Graph Neural Networks\",\"authors\":\"Shruti Sharma, Ankur Ratmele, Abhay Deep Seth\",\"doi\":\"10.1016/j.compeleceng.2025.110220\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Smart contracts on blockchain networks autonomously execute applications based on predefined conditions, making their security-critical due to the potential for significant financial losses from vulnerabilities. Current vulnerability detection algorithms commonly rely on expert-defined rules, which are prone to errors and insufficient for identifying complex vulnerability patterns. Given the immutability of smart contracts post-deployment, ensuring security before deployment is essential. This research presents Block-wise Abstract Syntax Tree based Federated Graph Neural Networks (BAST-FeGNN), a novel approach combining block-wise abstract syntax tree and Federated Graph Neural Networks (FeGNN) to detect code clones and multiclass vulnerabilities in Ethereum smart contracts. The BAST-FeGNN method operates in three stages: it first extracts security-related patterns from the base code using an abstract syntax tree; then, it constructs and normalizes a contract graph using FeGNN to capture critical nodes, analyze data and control flows. This integration of graph-based feature extraction with pattern matching allows precise detection of vulnerabilities like access control issues, reentrancy, and unchecked calls, as well as identifying code clones. Finally, the method pools these features for comprehensive vulnerability detection. BAST-FeGNN significantly enhances vulnerability detection accuracy and scalability, outperforming existing models with an accuracy of 95.35%, recall of 95.58%, F1-score of 95.80%, and precision of 96.10%, making it a robust solution for securing blockchain applications.</div></div>\",\"PeriodicalId\":50630,\"journal\":{\"name\":\"Computers & Electrical Engineering\",\"volume\":\"123 \",\"pages\":\"Article 110220\"},\"PeriodicalIF\":4.9000,\"publicationDate\":\"2025-03-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Electrical Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0045790625001636\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625001636","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

区块链网络上的智能合约根据预定义的条件自主执行应用程序，由于漏洞可能造成重大的经济损失，因此其安全性至关重要。目前的漏洞检测算法通常依赖于专家定义的规则，这些规则容易出错，不足以识别复杂的漏洞模式。鉴于智能合约在部署后的不变性，确保部署前的安全性至关重要。本研究提出了基于块智能抽象语法树的联邦图神经网络（BAST-FeGNN），这是一种将块智能抽象语法树和联邦图神经网络（FeGNN）相结合的新方法，用于检测以太坊智能合约中的代码克隆和多类漏洞。BAST-FeGNN方法分三个阶段进行操作：首先使用抽象语法树从基本代码中提取与安全相关的模式；然后，使用FeGNN构建并规范化契约图，捕获关键节点，分析数据并控制流程。这种基于图的特征提取与模式匹配的集成允许精确检测漏洞，如访问控制问题、可重入性和未检查的调用，以及识别代码克隆。最后，该方法将这些特征集中起来进行综合漏洞检测。BAST-FeGNN显著提高了漏洞检测的准确性和可扩展性，其准确率为95.35%，召回率为95.58%，f1得分为95.80%，精度为96.10%，优于现有模型，是区块链应用安全的鲁棒解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Multiclass vulnerability and clone detection in Ethereum smart contracts using Block-wise Abstract Syntax Tree based Federated Graph Neural Networks

Smart contracts on blockchain networks autonomously execute applications based on predefined conditions, making their security-critical due to the potential for significant financial losses from vulnerabilities. Current vulnerability detection algorithms commonly rely on expert-defined rules, which are prone to errors and insufficient for identifying complex vulnerability patterns. Given the immutability of smart contracts post-deployment, ensuring security before deployment is essential. This research presents Block-wise Abstract Syntax Tree based Federated Graph Neural Networks (BAST-FeGNN), a novel approach combining block-wise abstract syntax tree and Federated Graph Neural Networks (FeGNN) to detect code clones and multiclass vulnerabilities in Ethereum smart contracts. The BAST-FeGNN method operates in three stages: it first extracts security-related patterns from the base code using an abstract syntax tree; then, it constructs and normalizes a contract graph using FeGNN to capture critical nodes, analyze data and control flows. This integration of graph-based feature extraction with pattern matching allows precise detection of vulnerabilities like access control issues, reentrancy, and unchecked calls, as well as identifying code clones. Finally, the method pools these features for comprehensive vulnerability detection. BAST-FeGNN significantly enhances vulnerability detection accuracy and scalability, outperforming existing models with an accuracy of 95.35%, recall of 95.58%, F1-score of 95.80%, and precision of 96.10%, making it a robust solution for securing blockchain applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.