通过领域特征和透明解释增强细粒度智能合约漏洞检测

IF 5.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Reliability Pub Date : 2025-04-24 DOI:10.1109/TR.2025.3551356

Qing Huang;Yu He;Zhenchang Xing;Min Yu;Xiwei Xu;Qinghua Lu

{"title":"通过领域特征和透明解释增强细粒度智能合约漏洞检测","authors":"Qing Huang;Yu He;Zhenchang Xing;Min Yu;Xiwei Xu;Qinghua Lu","doi":"10.1109/TR.2025.3551356","DOIUrl":null,"url":null,"abstract":"Smart contracts, which automatically execute transactions based on predefined conditions, play a crucial role in asset and money exchanges. Due to their involvement in significant financial transactions, these contracts are attractive targets for hackers, leading to substantial financial losses through exploitable vulnerabilities. While various program analysis methods such as Oyente, Mythril, and Securify have been proposed to address these security concerns, they rely on rule-based patterns that are time-consuming to develop and offer limited coverage. Deep learning methods present an alternative by automatically learning code features to detect vulnerabilities. However, existing approaches face critical challenges, including feature limitations and lack of interpretability. To address these gaps, we propose the interpretable smart contract vulnerability detector, a Graph Isomorphism Network (GIN)-based vulnerability prediction model for smart contracts, enhanced with code subgraph explanations. Our approach identifies and incorporates 43 domain-specific features, augmenting GIN with domain knowledge attention mechanisms to improve vulnerability prediction. In addition, we develop an interpreter called SubgraphV, which provides explanations for vulnerability predictions through interpreted subgraphs. Our model demonstrates superior performance over traditional tools, achieving F1 score improvements from 0.254 to 0.489 on a dataset of 103 smart contract function vulnerabilities. SubgraphV outperforms existing explainability methods like GNNexplainer, PGExplainer, and SubgraphX in pinpointing vulnerabilities, accurately reflecting vulnerability patterns, and enhancing the understanding of vulnerabilities.","PeriodicalId":56305,"journal":{"name":"IEEE Transactions on Reliability","volume":"74 3","pages":"4207-4221"},"PeriodicalIF":5.7000,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing Fine-Grained Smart Contract Vulnerability Detection Through Domain Features and Transparent Interpretation\",\"authors\":\"Qing Huang;Yu He;Zhenchang Xing;Min Yu;Xiwei Xu;Qinghua Lu\",\"doi\":\"10.1109/TR.2025.3551356\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart contracts, which automatically execute transactions based on predefined conditions, play a crucial role in asset and money exchanges. Due to their involvement in significant financial transactions, these contracts are attractive targets for hackers, leading to substantial financial losses through exploitable vulnerabilities. While various program analysis methods such as Oyente, Mythril, and Securify have been proposed to address these security concerns, they rely on rule-based patterns that are time-consuming to develop and offer limited coverage. Deep learning methods present an alternative by automatically learning code features to detect vulnerabilities. However, existing approaches face critical challenges, including feature limitations and lack of interpretability. To address these gaps, we propose the interpretable smart contract vulnerability detector, a Graph Isomorphism Network (GIN)-based vulnerability prediction model for smart contracts, enhanced with code subgraph explanations. Our approach identifies and incorporates 43 domain-specific features, augmenting GIN with domain knowledge attention mechanisms to improve vulnerability prediction. In addition, we develop an interpreter called SubgraphV, which provides explanations for vulnerability predictions through interpreted subgraphs. Our model demonstrates superior performance over traditional tools, achieving F1 score improvements from 0.254 to 0.489 on a dataset of 103 smart contract function vulnerabilities. SubgraphV outperforms existing explainability methods like GNNexplainer, PGExplainer, and SubgraphX in pinpointing vulnerabilities, accurately reflecting vulnerability patterns, and enhancing the understanding of vulnerabilities.\",\"PeriodicalId\":56305,\"journal\":{\"name\":\"IEEE Transactions on Reliability\",\"volume\":\"74 3\",\"pages\":\"4207-4221\"},\"PeriodicalIF\":5.7000,\"publicationDate\":\"2025-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Reliability\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10976248/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Reliability","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10976248/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

智能合约根据预先设定的条件自动执行交易，在资产和货币交易中发挥着至关重要的作用。由于涉及重大的金融交易，这些合同对黑客来说是有吸引力的目标，通过可利用的漏洞导致重大的经济损失。虽然已经提出了各种程序分析方法（如Oyente、Mythril和Securify）来解决这些安全问题，但它们依赖于基于规则的模式，这些模式的开发非常耗时，而且覆盖范围有限。深度学习方法通过自动学习代码特征来检测漏洞，提供了另一种选择。然而，现有的方法面临着严峻的挑战，包括特征限制和缺乏可解释性。为了解决这些差距，我们提出了可解释的智能合约漏洞检测器，这是一种基于图同构网络（GIN）的智能合约漏洞预测模型，增强了代码子图解释。我们的方法识别并整合了43个领域特定的特征，用领域知识关注机制来增强GIN，以改进漏洞预测。此外，我们开发了一个名为SubgraphV的解释器，它通过解释的子图为漏洞预测提供解释。我们的模型表现出优于传统工具的性能，在103个智能合约功能漏洞的数据集上实现了从0.254到0.489的F1分数提升。在精确定位漏洞、准确反映漏洞模式和增强对漏洞的理解方面，SubgraphV优于现有的解释性方法，如gnexplainer、PGExplainer和SubgraphX。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhancing Fine-Grained Smart Contract Vulnerability Detection Through Domain Features and Transparent Interpretation

Smart contracts, which automatically execute transactions based on predefined conditions, play a crucial role in asset and money exchanges. Due to their involvement in significant financial transactions, these contracts are attractive targets for hackers, leading to substantial financial losses through exploitable vulnerabilities. While various program analysis methods such as Oyente, Mythril, and Securify have been proposed to address these security concerns, they rely on rule-based patterns that are time-consuming to develop and offer limited coverage. Deep learning methods present an alternative by automatically learning code features to detect vulnerabilities. However, existing approaches face critical challenges, including feature limitations and lack of interpretability. To address these gaps, we propose the interpretable smart contract vulnerability detector, a Graph Isomorphism Network (GIN)-based vulnerability prediction model for smart contracts, enhanced with code subgraph explanations. Our approach identifies and incorporates 43 domain-specific features, augmenting GIN with domain knowledge attention mechanisms to improve vulnerability prediction. In addition, we develop an interpreter called SubgraphV, which provides explanations for vulnerability predictions through interpreted subgraphs. Our model demonstrates superior performance over traditional tools, achieving F1 score improvements from 0.254 to 0.489 on a dataset of 103 smart contract function vulnerabilities. SubgraphV outperforms existing explainability methods like GNNexplainer, PGExplainer, and SubgraphX in pinpointing vulnerabilities, accurately reflecting vulnerability patterns, and enhancing the understanding of vulnerabilities.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Reliability 工程技术-工程：电子与电气

CiteScore

12.20

自引率

8.50%

发文量

153

审稿时长

7.5 months

期刊介绍： IEEE Transactions on Reliability is a refereed journal for the reliability and allied disciplines including, but not limited to, maintainability, physics of failure, life testing, prognostics, design and manufacture for reliability, reliability for systems of systems, network availability, mission success, warranty, safety, and various measures of effectiveness. Topics eligible for publication range from hardware to software, from materials to systems, from consumer and industrial devices to manufacturing plants, from individual items to networks, from techniques for making things better to ways of predicting and measuring behavior in the field. As an engineering subject that supports new and existing technologies, we constantly expand into new areas of the assurance sciences.