[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3586102.3586135acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiccnsConference Proceedingsconference-collections
research-article

Smart Contract Vulnerability Detection Based on Critical Combination Path and Deep Learning

Published: 24 July 2023 Publication History

Abstract

Ethereum is currently one of the most popular blockchain platforms. Smart contracts are an important part of blockchain. Because developers lack understanding of contract security and the huge value of contracts themselves, contracts are often attacked. Therefore, how to effectively detect smart contract vulnerabilities has become a crucial issue. This paper uses deep learning to detect vulnerabilities, which can get rid of dependence on expert experience. In order to solve the problem of poor detection effect caused by excessive noise, this paper proposes a vulnerability detection technology based on critical combination path and deep learning. The critical combination path only contains code related to vulnerabilities, eliminating many invalid codes, thus greatly reducing the impact of noise. At the same time, by analyzing the characteristics of assembly code, a normalization method is proposed to remove many homogeneous codes. The normalized critical combination paths are then vectorized using SimHash, and then converted to grayscale images for classification using a neural network. The experimental results show that the proposed scheme is effective.

References

[1]
N. SZABO. The Idea of Smart Contracts. [EB/OL]. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html, 1997.
[2]
Buterin, V. A next-generation smart contract and decentralized application platform[EB/OL], https://cryptorating.eu/whitepapers/Ethereum/Ethereum_white_paper.pdf, 2014.
[3]
Dannen C. Solidity programming[M]//Introducing Ethereum and Solidity. Apress, Berkeley, CA, 2017: 69-88.
[4]
Lin I C, Liao T C. A survey of blockchain security issues and challenges[J]. Int. J. Netw. Secur., 2017, 19(5): 653-659.
[5]
Chinen Y, Yanai N, Cruz J P, RA: Hunting for re-entrancy attacks in ethereum smart contracts via static analysis[C]//2020 IEEE International Conference on Blockchain (Blockchain). IEEE, 2020: 327-336.
[6]
Mehar M I, Shier C L, Giambattista A, Understanding a revolutionary and flawed grand experiment in blockchain: the DAO attack[J]. Journal of Cases on Information Technology (JCIT), 2019, 21(1): 19-32.
[7]
Chen Libo,Yin Tingting,Ni Yuandong,Zhang Chao. ERC20 Smart Contract Integer Overflow Series Vulnerability Disclosure[J]. Information Technology and Network Security,2018,37(08):3-6.
[8]
Atzei N, Bartoletti M, Cimoli T. A survey of attacks on ethereum smart contracts (sok)[C] // International conference on principles of security and trust. Springer, Berlin, Heidelberg, 2017: 164-186.
[9]
GAO Feng. Difficulty in fixing blockchain smart contract vulnerabilities[J]. Computer & Networking, 2018, 44(12): 50-51.
[10]
King J C. Symbolic execution and program testing[J]. Communications of the ACM, 1976, 19(7): 385-394.
[11]
Hu Kai,Bai Xiaomin,Gao Lingchao,Dong Aiqiang. Formal verification method of smart contract[J].Research on Information Security, 2016,2(12):1080-1089.
[12]
Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Smartcheck: Static analysis of ethereum smart contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. 2018: 9-16.
[13]
Huang H D . Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks[A].//2018 IEEE International Conference On BigData[C], Seattle, WA, USA :IEEE,2018.
[14]
Daian P, Guth D, Hathhorn C, Runtime verification at work: A tutorial[C]//International Conference on Runtime Verification. Springer, Cham, 2016: 46-67.
[15]
Kalra S, Goel S, Dhawan M, Zeus: analyzing safety of smart contracts[C]//Ndss. 2018: 1-12.
[16]
Gurfinkel A, Kahsai T, Komuravelli A, The SeaHorn verification framework[C]//International Conference on Computer Aided Verification. Springer, Cham, 2015: 343-361.
[17]
Allen F E. Control flow analysis[J]. ACM Sigplan Notices, 1970, 5(7): 1-19.
[18]
Luu L, Chu D H, Olickel H, Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 2016: 254-269.
[19]
Chang J, Gao B, Xiao H, sCompile: Critical path identification and analysis for smart contracts[C]//International Conference on Formal Engineering Methods. Springer, Cham, 2019: 286-304.
[20]
Zhuang Y, Liu Z, Qian P, Smart Contract Vulnerability Detection using Graph Neural Network[C]//IJCAI. 2020: 3283-3290.
[21]
Huang H D . Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks[A].//2018 IEEE International Conference On BigData[C], Seattle, WA, USA :IEEE,2018.
[22]
Wood G. Ethereum: A secure decentralised generalised transaction ledger[J]. Ethereum project yellow paper, 2014, 151(2014): 1-32.
[23]
Ni S, Qian Q, Zhang R . Malware identification using visualization images and deep learning[J]. Computers & Security, 2018, 77(AUG.):871-885.
[24]
Manku G S, Jain A, Das Sarma A. Detecting near-duplicates for web crawling[C]//Proceedings of the 16th international conference on World Wide Web. 2007: 141-150.
[25]
Gao Z, Jayasundara V, Jiang L, Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding[C]//2019 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 2019: 394-397.
[26]
LIU Yashu. Research on feature extraction and classification of malicious code based on machine learning[D].Beijing Jiaotong University,2020.
[27]
SEC-BIT. Awesome-Buggy-Erc20-Tokens [EB/OL]. https://github.com/sec-bit/awesome-buggy-erc20-tokens, 2019.

Cited By

View all
  • (2024)Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature ReviewElectronics10.3390/electronics1312229513:12(2295)Online publication date: 12-Jun-2024
  • (2023)Exploiting Bytecode Analysis for Reentrancy Vulnerability Detection in Ethereum Smart Contracts2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361441(0779-0783)Online publication date: 14-Nov-2023

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICCNS '22: Proceedings of the 2022 12th International Conference on Communication and Network Security
December 2022
241 pages
ISBN:9781450397520
DOI:10.1145/3586102
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 July 2023

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • National Key R&D Program of China

Conference

ICCNS 2022

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)67
  • Downloads (Last 6 weeks)5
Reflects downloads up to 14 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature ReviewElectronics10.3390/electronics1312229513:12(2295)Online publication date: 12-Jun-2024
  • (2023)Exploiting Bytecode Analysis for Reentrancy Vulnerability Detection in Ethereum Smart Contracts2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361441(0779-0783)Online publication date: 14-Nov-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media