Research On Smart Contract Vulnerability Detection Technology Based On Machine Learning

In recent years,with the rapid development of blockchain technology,smart contracts have been applied by more and more people in real life.Smart contracts make use of the decentralized and programmable characteristics of blockchain to transform traditional contracts into codes and deploy them on the blockchain platform,which greatly reduces transaction costs and improves transaction efficiency.But smart contracts bring with them security risks.Security incidents caused by smart contract vulnerabilities occur frequently,resulting in a large amount of economic losses.Discovering security vulnerabilities in contracts in advance is one of the key ways to prevent them from being exploited.However,the existing smart contract vulnerability detection methods cannot fully meet the needs of large-scale smart contract vulnerability detection in terms of vulnerability detection capability and efficiency.In view of the above problems,the paper analyzes the current situation of smart contract and the shortcomings of existing smart contract vulnerability detection technology,and makes an in-depth study of smart contract vulnerability detection technology based on machine learning.The main research work and achievements are as follows:(1)Feature extraction and vectorization of smart contracts is the first step of vulnerability detection of smart contracts using machine learning methods.Feature processing results have an important impact on detection results,and there is still a lack of an effective feature processing method.To solve this problem,this paper proposes a vectorization method of opcodes based on smart contract text.This method classifies opcodes on the basis of considering the structural characteristics of contract opcodes,and uses N-Gram(n=2)algorithm and TF-IDF algorithm to convert simplified opcodes into vectors.In addition,9-dimensional statistical features are extracted according to vulnerability logic to enrich vector expression,retain contract information to the maximum extent,and fully reflect the structural features and call relationships of smart contracts.By comparing the method with other feature extraction methods,the results show that the method can make the maximum F1-score value reach 0.961 in logistic regression model training,which is better than other feature extraction methods.(2)A smart contract may have multiple vulnerabilities,so vulnerability detection of smart contracts is a multi-label learning problem.If a vulnerability is simply assigned to a binary classification model and the potential relationship between tags is completely ignored,the detection capability of the classifier may be reduced.To solve this problem,this paper applies classifier chain to smart contract vulnerability detection,and proposes a smart contract vulnerability detection method based on improved classifier chain.This method uses chain to label correlation modeling,and uses classifier chain for vulnerability classification training,which fully reflects the common internal correlation of different vulnerability causes.The experiment evaluated 16,439 validated smart contracts deployed on Ethereum,and finally obtained an average F1-Score value of 0.963,which was significantly improved compared with previous work.Meanwhile,for the classifier chain,the chain sequence optimization algorithm is proposed,combining the particle swarm optimization algorithm and genetic algorithm to find the optimal solution of vulnerability tag sequence.Experimental results show that the F1-Score value and hamming loss value of the optimal solution are 0.967 and 0.0166 respectively,which is significantly improved compared with the performance of the common classifier chain.