基于高效代码嵌入的以太坊智能合约漏洞检测模型

IF 0.5 4区计算机科学 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

International Journal of Data Warehousing and Mining Pub Date : 2023-03-22 DOI:10.4018/ijdwm.320473

Zhigang Xu, Xingxing Chen, Xinhua Dong, Hongmu Han, Zhongzhen Yan, Kangze Ye, Chaojun Li, Zhiqiang Zheng, Haitao Wang, Jiaxi Zhang

{"title":"基于高效代码嵌入的以太坊智能合约漏洞检测模型","authors":"Zhigang Xu, Xingxing Chen, Xinhua Dong, Hongmu Han, Zhongzhen Yan, Kangze Ye, Chaojun Li, Zhiqiang Zheng, Haitao Wang, Jiaxi Zhang","doi":"10.4018/ijdwm.320473","DOIUrl":null,"url":null,"abstract":"Efficient and convenient vulnerability detection for smart contracts is a key issue in the field of smart contracts. The earlier vulnerability detection for smart contracts mainly relies on static symbol analysis, which has high accuracy but low efficiency and is prone to path explosion. In this paper, the authors propose a static method for vulnerability detection based on deep learning. It first disassembles Ethereum smart contracts into opcode sequences and then converts the vulnerability detection problem into a natural language text classification problem. The word vector method is employed to map each opcode to a uniform vector space, and the opcode sequence matrix is trained by the TextCNN method to detect vulnerabilities. Furthermore, a code obfuscation method is given to enhance and balance the dataset, while three different opcode sequence generation methods are proposed to construct features. The experimental results verify that the average prediction accuracy of each smart contract exceeds 96%, and the average detection time is less than 0.1 s.","PeriodicalId":54963,"journal":{"name":"International Journal of Data Warehousing and Mining","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Efficient Code-Embedding-Based Vulnerability Detection Model for Ethereum Smart Contracts\",\"authors\":\"Zhigang Xu, Xingxing Chen, Xinhua Dong, Hongmu Han, Zhongzhen Yan, Kangze Ye, Chaojun Li, Zhiqiang Zheng, Haitao Wang, Jiaxi Zhang\",\"doi\":\"10.4018/ijdwm.320473\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Efficient and convenient vulnerability detection for smart contracts is a key issue in the field of smart contracts. The earlier vulnerability detection for smart contracts mainly relies on static symbol analysis, which has high accuracy but low efficiency and is prone to path explosion. In this paper, the authors propose a static method for vulnerability detection based on deep learning. It first disassembles Ethereum smart contracts into opcode sequences and then converts the vulnerability detection problem into a natural language text classification problem. The word vector method is employed to map each opcode to a uniform vector space, and the opcode sequence matrix is trained by the TextCNN method to detect vulnerabilities. Furthermore, a code obfuscation method is given to enhance and balance the dataset, while three different opcode sequence generation methods are proposed to construct features. The experimental results verify that the average prediction accuracy of each smart contract exceeds 96%, and the average detection time is less than 0.1 s.\",\"PeriodicalId\":54963,\"journal\":{\"name\":\"International Journal of Data Warehousing and Mining\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2023-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Data Warehousing and Mining\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.4018/ijdwm.320473\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Data Warehousing and Mining","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.4018/ijdwm.320473","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

高效、便捷的智能合约漏洞检测是智能合约领域的关键问题。早期的智能合约漏洞检测主要依靠静态符号分析，准确率高但效率低，容易发生路径爆炸。本文提出了一种基于深度学习的静态漏洞检测方法。它首先将以太坊智能合约反汇编为操作码序列，然后将漏洞检测问题转换为自然语言文本分类问题。采用词向量方法将每个操作码映射到统一的向量空间，并通过TextCNN方法训练操作码序列矩阵进行漏洞检测。在此基础上，提出了一种代码混淆方法来增强和平衡数据集，并提出了三种不同的操作码序列生成方法来构建特征。实验结果验证，每个智能合约的平均预测准确率超过96%，平均检测时间小于0.1 s。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Efficient Code-Embedding-Based Vulnerability Detection Model for Ethereum Smart Contracts

Efficient and convenient vulnerability detection for smart contracts is a key issue in the field of smart contracts. The earlier vulnerability detection for smart contracts mainly relies on static symbol analysis, which has high accuracy but low efficiency and is prone to path explosion. In this paper, the authors propose a static method for vulnerability detection based on deep learning. It first disassembles Ethereum smart contracts into opcode sequences and then converts the vulnerability detection problem into a natural language text classification problem. The word vector method is employed to map each opcode to a uniform vector space, and the opcode sequence matrix is trained by the TextCNN method to detect vulnerabilities. Furthermore, a code obfuscation method is given to enhance and balance the dataset, while three different opcode sequence generation methods are proposed to construct features. The experimental results verify that the average prediction accuracy of each smart contract exceeds 96%, and the average detection time is less than 0.1 s.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Data Warehousing and Mining COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.40

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Data Warehousing and Mining (IJDWM) disseminates the latest international research findings in the areas of data management and analyzation. IJDWM provides a forum for state-of-the-art developments and research, as well as current innovative activities focusing on the integration between the fields of data warehousing and data mining. Emphasizing applicability to real world problems, this journal meets the needs of both academic researchers and practicing IT professionals.The journal is devoted to the publications of high quality papers on theoretical developments and practical applications in data warehousing and data mining. Original research papers, state-of-the-art reviews, and technical notes are invited for publications. The journal accepts paper submission of any work relevant to data warehousing and data mining. Special attention will be given to papers focusing on mining of data from data warehouses; integration of databases, data warehousing, and data mining; and holistic approaches to mining and archiving