Research On Smart Contract Vulnerabilities Mining Based On GBDT Machine Learning Algorithm

After the full application of smart contracts,the annual financial losses of Ethereum due to contract security vulnerabilities are incalculable,and blockchain security faces severe challenges and threats.How to quickly,accurately and efficiently discover known smart contract security threats is the core focus of current blockchain security research.From the existing research,smart contract vulnerability mining tools are mainly divided into two categories: static analysis and dynamic detection.Static analysis tools rely too much on their own vulnerability library and search syntax,so it is difficult to accurately locate and quickly backtrack and reproduce vulnerabilities;dynamic testing tools will input a large number of useless test cases,which brings a lot of system overhead.And the performance of the vulnerability evaluation values such as TP/TN(True Positive/True Negative)and FP/FN(False Positive/False Negative)is insufficient.In order to solve this problem,this study aims at the difficulties and pain points of the two types of testing tools,and proposes the use of GBDT(Gradient Boosting Decision Tree)machine learning algorithm to improve the vulnerability by collecting the existing contract security vulnerability data sets.The test method of mining efficiency and mining ability is proposed,and the SMTA(Smart Analyzer)contract vulnerability analysis framework tool is proposed.The main contents of this paper are summarized as follows:(1)Research and investigate the mainstream contract vulnerability detection methods,and analyze the core principles and shortcomings.The key to improving the detection capability of contract vulnerabilities lies in high-fine-grained vulnerability feature extraction and reliable vulnerability judgment algorithms;(2)In order to quickly extract feature information,SMTA completes the contract information collection task through the continuous derivation of contract analysis and full automation;in order to improve the accuracy of contract vulnerability judgment,SMTA improves the traditional AST data structure and uses three major feature extraction algorithms,combined with contract parsing to achieve high-fine-grained extraction of full vulnerability features;(3)In order to improve the valuation performance of TP/TN and FP/FN,SMTA adopts the GBDT machine learning algorithm to re-deconstruct the key data information obtained by the feature extraction algorithm,and further improves the analysis and judgment ability of related vulnerabilities.The results show that SMTA has a strong ability to judge common contract vulnerabilities such as integer overflow,reentrancy attack,Do S(Denial of Service)attack,high-risk function and block number/timestamp dependency,and the test effect is obvious compared with other tools.The prediction accuracy of the above five major categories of major security vulnerabilities has reached 87.50%,96.94%,98.61%,98.07%and 99% respectively.Experiments show that the method constructed by SMTA can improve the efficiency and accuracy of contract vulnerability mining.The framework can be applied to the vulnerability analysis of contracts.Developers can use the feature extraction algorithm in the framework to quickly extract the feature attributes of certain types of vulnerabilities in contract files in batches,thereby reducing the cost of code auditing and analysis.For the majority of blockchain users,they can use framework tools to quickly discover security threats,identify high-risk smart contracts,and reduce the risk of users’ electronic currency account assets.