Font Size: a A A

Smart Contract Vulnerability Detection Based On Deep Learning

Posted on:2022-07-08Degree:MasterType:Thesis
Country:ChinaCandidate:C K ShenFull Text:PDF
GTID:2518306500450344Subject:Computer Science and Technology
Abstract/Summary:PDF Full Text Request
With the increasing research and exploration in the field of blockchain in recent years,such as the national implementation of digital currency,food safety traceability,cross-border transactions mutual trust,and the massive transactions of various virtual currencies based on blockchain technology.This cutting-edge technology,which seems very distant to the general public,is gradually penetrating into every aspect of everyone’s life.But while entrants are going crazy about the technological revolution,in the dark corners of the blockchain network,hackers are working tirelessly to exploit the vulnerabilities lurking in smart contracts,a protocol deployed on the ethereum platform to automatically execute transactions.Such protocols,once deployed by developers,cannot be changed by code,which is one of the key properties of blockchain-tamper-evident.With more than $10 billion in economic losses caused by vulnerabilities,it is important to detect them.Smart contract vulnerability detection can help developers discover possible vulnerabilities in contracts in a timely manner.Finding and fixing vulnerabilities at an early stage can greatly reduce the risk of deployed contracts being hacked,and even virtually eliminate malicious attacks.Research on vulnerability detection for smart contracts has not been around for long,but it has made some headway.Early research often required domain experts to specify some hard rules to define vulnerability patterns and find potential vulnerabilities through formal verification,symbolic execution,program analysis,etc.The audit process is poorly automated,poorly generalized,has a high false alarm rate,and may also require manual intervention for secondary auditing.With the booming development of deep learning technology and the increasing arithmetic power of hardware,it has become possible for machines to understand text information and automatically find vulnerability features from it for detection.In this paper,we focus on Solidity,the most commonly used language for smart contracts.based on the literature,we first collect the eligible annotated Solidity data from the Ethernet platform to distinguish the presence or absence of vulnerabilities.Since the source code is unstructured text,it is necessary to do data pre-processing on the code,i.e.(1)Solidity is converted to abstract syntax tree;(2)abstract syntax tree is converted to structured sequence.Then the processed sequences are input to the model proposed in this paper for parameter fitting.The model is mainly divided into three parts:(1)word embedding matrix construction;(2)feature learning;(3)vulnerability classification detection.The word embedding part will be unfolded in conjunction with the Code BERT pre-training model supporting high-level programming languages,and does not fix its weight parameters so that they participate in training together.The feature learning part employs a hybrid attention mechanism encoder that combines Bi-GRU,single-headed attention and multi-headed attention for deep feature extraction of structured information.In the vulnerability classification detection part,the extracted features will be classified,and a cost-sensitive loss function is fitted due to the existence of imbalance in the data samples.Based on the above method,this paper uses fivefold cross-validation to train the whole data and designs four research questions to explore the effectiveness and performance of the method.The outcomes of experiments prove that the proposed method has outstanding performance in terms of accuracy,false alarm rate and efficiency for vulnerability detection of smart contracts.It can well help developers of smart contracts to detect the existence of vulnerabilities before deployment.The possibility of vulnerabilities being exploited is reduced and economic losses are reduced.
Keywords/Search Tags:Smart Contract, Vulnerability Detection, Attention Mechanism, Structured Sequence, Cost-Sensitive Loss
PDF Full Text Request
Related items