基于预训练与新型时序图神经网络的智能合约漏洞检测方法OA北大核心CSTPCD
Smart contract vulnerability detection method based on pre-training and novel timing graph neural network
针对现有深度学习漏洞检测方法对合约字节码特征挖掘不足、漏洞语义表征不精准,且传统图神经网络模型对合约语句的时序信息学习能力不足,提出一种基于预训练与时序图神经网络的智能合约漏洞检测方法.首先,通过预训练模型将智能合约字节码建模为漏洞语义感知的合约图结构.其次,结合自注意力机制,设计了一种新颖的基于事件驱动的时序图神经网络模型,实现对合约执行中时序信息的有效抽取.最后,聚焦于可重入漏洞、时间戳依赖漏洞以及Tx.origin身份认证漏洞,通过120 932份真实合约数据集进行大量的评估实验,结果表明所提方法的检测效果显著优于现有方法.
To address the limitations of current deep learning-based methods in extracting contract bytecode features and representing vulnerability semantics,as well as the shortcomings of the traditional graph neural networks in learning tem-poral information from contract statements,a method for detecting vulnerabilities in contracts was proposed based on pre-trained and temporal graph neural network.Firstly,the pre-trained model was used to transform smart contract byte-code into a vulnerability semantics-aware contract graph structure.Then,combined with a self-attention mechanism,the event-driven temporal graph neural network was designed to extract temporal information during contract execution.Fi-nally,focusing on reentrant vulnerabilities,timestamp dependency vulnerabilities,and Tx.origin authentication vulner-abilities,extensive experiments were conducted on a dataset of 120 932 actual contracts.The results show that the pro-posed method significantly outperforms existing approaches.
庄园;樊泽楷;王诚;孙建国;李耀麟
哈尔滨工程大学计算机科学与技术学院,黑龙江 哈尔滨 150001西安电子科技大学杭州研究院,浙江 杭州 311231北京理工大学计算机学院,北京 100081
计算机与自动化
区块链智能合约漏洞检测预训练模型图神经网络
blockchainsmart contractvulnerability detectionpre-training modelgraph neural network
《通信学报》 2024 (009)
101-114 / 14
国家自然科学基金资助项目(No.62202121);国家重点研发计划基金资助项目(No.2022YFB4400703);中央高校基本科研业务费专项资金资助项目(No.3072022TS0604)The National Natural Science Foundation of China(No.62202121),The National Key Research and Develop-ment Program of China(No.2022YFB4400703),The Fundamental Research Funds for the Central Universities(No.3072022TS0604)
评论