Research And Application Of Smart Contract Vulnerability Detection Method Based On Multi-Objective Identification And Ensemble Learning

In recent years,blockchain has been booming and continues to receive widespread social attention.As a decentralized system architecture,the emergence of smart contracts has given blockchain a user-defined logic,which has greatly increased its applicability.In the last decade,the blockchain platform represented by Ethereum has been increasingly used in various real-world scenarios,including energy trading and distribution,financial markets,and trusted healthcare,among which smart contracts,as executable applications of Ethereum,carry great economic value.However,the sharing of blockchain resources has led to frequent security problems of smart contracts,and the decentralized nature has further aggravated the seriousness of the problem.Therefore,to ensure the safe and reliable operation of smart contracts,their security risks should be assessed before they are deployed.The existing automated verification methods face problems such as insufficient coverage and dimensional explosion,making them difficult to apply on large-scale smart contracts.Data-driven approaches have achieved significant performance improvements in smart contract vulnerability detection,but the various methods have low reuse rates with each other and have saturated features.The focus of this paper is to improve the reuse rate between different vulnerability models,improve the saturation problem of contract vulnerability features and thus improve the accuracy and efficiency of smart contract vulnerability auditing.In addition,this paper also considers the multi-model integration problem and proposes a smart contract vulnerability detection method based on multi-target identification and integrated learning.The main research work and innovative results of this paper are as follows:(1)Inspired by image recognition,we propose a method for multiple and potential vulnerability identification in smart contracts based on multi-target recognition technology.The objective detection and identification method in the image recognition scenario is extended to smart contract vulnerability detection.Through the study of EVM bytecode preprocessing and symbolic execution techniques,a dataset optimization method is proposed to extract only vulnerability-related subsequences from lengthy opcode sequences,achieving a significant reduction of feature data dimensionality and noise.According to the usage scenarios of smart contract codes,the corresponding deactivation word list is constructed,the opcodes are categorized by attributes and actions,and the co-occurrence matrix is constructed as two dimensions of a two-dimensional matrix,respectively,with the matrix elements determined by the co-occurrence frequency of the corresponding opcodes,and the co-occurrence frequency is determined by the number of occurrences of the corresponding opcodes of the sample contracts,to achieve the preliminary construction of an implicit feature matrix containing potential vulnerability features.(2)We propose an integrated learning model to reduce the dependency on data sets through the study of integrated learning techniques.To address the problems of data dependence and the high cost of a single neural network,we construct a novel structure of integrated learning models and make each model learn from a different focus through multiple rounds of cross-validation to enrich data features and improve data utilization.To address the problem of simple superposition of hybrid models,the weights of submodels in the overall model are dynamically adjusted to achieve the purpose of reducing the impact of over-fitting or under-fitting sub-models on the performance of the integrated model.Further optimization and processing of opcode sequences are achieved by introducing infographics to reduce data noise and embedding dimension and improve the problem of the inability to extract implicit features and inadequate feature extraction.The validity of the model is verified based on over 21,000 sample contracts.With constant error,integrated learning not only reduces the size of training data but also effectively improves the accuracy and robustness of vulnerability prediction.(3)The dataset is constructed from real-world smart contracts running on Ether,the model is trained and tested,and the accuracy,recall,and F1 score of the multiobjective identification and integrated learning-based smart contract vulnerability detection system are evaluated,and the experimental results show that the system has good robustness and generalization ability.