林彦君,张龑

• 1:湖北大学网络空间安全学院
• 2:湖北大学计算机与信息工程学院

摘要(Abstract)：

针对传统智能合约漏洞检测方法对于源代码信息挖掘不充分的问题，本研究聚焦于智能合约最具代表性的整数溢出漏洞，提出一种语义和结构特征融合的智能合约漏洞检测方法。该方法首先通过智能合约的操作码序列获取漏洞的语义特征，然后构建合约的控制流程图，传入图注意力网络中进行训练，得到其特征表示。接着使用双向长短期记忆网络和注意力机制进行训练获得漏洞代码的上下文序列特征，并将提取的语义和结构特征相结合进行漏洞检测。实验结果表明，本文中提出的算法在数据集中的F_1分数和准确率分别为95.86%和95.08%,与其他传统检测方法相比有较明显的性能提升。

关键词(KeyWords)： 整数溢出;智能合约;漏洞检测;深度学习

Abstract:

Keywords:

基金项目(Foundation): 国家自然科学基金(61977021)资助

作者(Author): 林彦君,张龑

参考文献(References)：

• [1] 沈鑫，裴庆祺，刘雪峰.区块链技术综述[J].网络与信息安全学报，2016,2(11):11-20.
• [2] ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts (sok)[C]//Principles of Security and Trust:6th International Conference,POST 2017,Springer Berlin Heidelberg,2017:164-186.
• [3] LAI E M,LUO W J.Static analysis of integer overflow of smart contracts in ethereum[C]//Proceedings of the 2020 4th International Conference on Cryptography,Security and Privacy.Nanjing,2020:110-115.
• [4] PRAITHEESHAN P,PAN L,YU J S,et al.Security analysis methods on ethereum smart contract vulnerabilities:a survey[EB/OL].2019:arXiv:1908.08605.http://arxiv.org/abs/1908.08605.pdf.
• [5] 钱鹏，刘振广，何钦铭，等.智能合约安全漏洞检测技术研究综述[J].软件学报，2022,33(8):3059-3085.
• [6] ZHUANG Y,LIU Z G,QIAN P,et al.Smart contract vulnerability detection using graph neural networks[C]//Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence.Yokohama,2021:3283-3290.
• [7] KIM Y.Convolutional neural networks for sentence classification[EB/OL].2014:arXiv:1408.5882.http://arxiv.org/abs/1408.5882.pdf.
• [8] 窦乔，吕博文，汪洲，等.基于TextCNN模型的文本意图识别算法改进研究[J].武汉理工大学学报，2023,45(8):133-139.
• [9] GRAVES A,SCHMIDHUBER J.Framewise phoneme classification with bidirectional LSTM and other neural network architectures[J].Neural Netw,2005,18(5/6):602-610.
• [10] GULATI A,QIN J,CHIU C C,et al.Conformer:convolution-augmented transformer for speech recognition[EB/OL].2020:arXiv:2005.08100.http://arxiv.org/abs/2005.08100.pdf.
• [11] VASWANI A,SHAZEER N,PARMAR N,et al.Attention is all you need[C]//Proceedings of the 31st International Conference on Neural Information Processing Systems.Long Beach,2017:6000-6010.
• [12] 张潆藜，马佳利，刘子昂，等.以太坊Solidity智能合约漏洞检测方法综述[J].计算机科学，2022,49(3):52-61.
• [13] LI Z,ZOU D Q,XU S H,et al.VulDeePecker:a deep learning-based system for vulnerability detection[EB/OL].2018:arXiv:1801.01681.http://arxiv.org/abs/1801.01681.pdf.
• [14] KIPF T N,WELLING M.Semi-supervised classification with graph convolutional networks[EB/OL].2016:arXiv:1609.02907.http://arxiv.org/abs/1609.02907.pdf.
• [15] 陆璐，赖锦雄.基于胶囊网络和注意力机制的智能合约漏洞检测方法[J].华南理工大学学报(自然科学版),2023,51(5):36-44.
• [16] BHARGAVAN K,DELIGNAT-LAVAUD A,FOURNET C,et al.Formal verification of smart contracts:short paper[C]//Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security.Vienna,2016:91-96.
• [17] JEZEK K.Ethereum data structures[EB/OL].2021:arXiv:2108.05513.http://arxiv.org/abs/2108.05513.pdf.
• [18] 董伟良，刘哲，刘逵，等.智能合约漏洞检测技术综述[J/OL].软件学报：1-25[2023-11-19].https://doi.org/10.13328/j.cnki.jos.006810.
• [19] ZHUANG Y,LIU Z G,QIAN P,et al.Smart contract vulnerability detection using graph neural networks[C]//Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence.Yokohama,2021:3283-3290.
• [20] WANG Y C,ZHAO J J,ZHANG Y L,et al.Smart contract symbol execution vulnerability detection method based on CFG path pruning[C]//Proceedings of the 5th ACM International Symposium on Blockchain and Secure Critical Infrastructure.Melbourne,2023:132-139.
• [21] MIKOLOV T,CHEN K,CORRADO G,et al.Efficient estimation of word representations in vector space[EB/OL].2013:arXiv:1301.3781.http://arxiv.org/abs/1301.3781.pdf.
• [22] LECUN Y,BOTTOU L,BENGIO Y,et al.Gradient-based learning applied to document recognition[J].Proc IEEE,1998,86(11):2278-2324.
• [23] LIU Z G,QIAN P,WANG X Y,et al.Combining graph neural networks with expert knowledge for smart contract vulnerability detection[J].IEEE Trans Knowl Data Eng,2023,35(2):1296-1310.
• [24] CHAWLA N V,BOWYER K W,HALL L O,et al.SMOTE:synthetic minority over-sampling technique[J].Jair,2002,16:321-357.
• [25] LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.Vienna,2016:254-269.
• [26] TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.SmartCheck:static analysis of ethereum smart contracts[C]//2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).Gothenburg,2018:9-16.
• [27] LIU Z G,QIAN P,WANG X,et al.Smart contract vulnerability detection:from pure neural network to interpretable graph feature and expert pattern fusion[EB/OL].2021:arXiv:2106.09282.http://arxiv.org/abs/2106.09282.pdf.
• [28] 赵波，上官晨晗，彭小燕，等.基于语义感知图神经网络的智能合约字节码漏洞检测方法[J].工程科学与技术，2022,54(2):49-55.