基于预训练技术和专家知识的重入漏洞检测

Reentrancy Vulnerability Detection Based on Pre-training Technology and Expert Knowledge

随着区块链中智能合约的安全问题日益突出,智能合约的漏洞检测任务逐渐成为研究的热点。然而,目前的智能合约重入漏洞检测技术主要是符号执行、静态分析、形式化验证和模糊测试等传统的检测方法,这些检测方法不仅存在较高的误报率和漏报率,而且检测精度较低。同时,基于深度学习的方法也有其独特的局限性。针对这些问题,文中提出了一种将预训练技术与传统的专家知识相融合的检测方法,同时将智能合约进行切片处理,以此减小无关数据对模型的影响。文中聚焦于重入漏洞的检测,在203716份合约数据集上进行实验。实验结果表明,基于预训练技术和专家知识的智能合约重入漏洞检测方法具有96.2%的精确率、97.7%的召回率以及96.9%的F1分数,检测效果均优于现有的检测方法。

As the security issues of smart contracts in blockchain become increasingly prominent,the vulnerability detection tasks of smart contracts have gradually become a research hotspot.However,the current smart contract reentrancy vulnerability detection technologies are mainly traditional detection methods such as symbolic execution,static analysis,formal verification and fuzzing.These detection methods not only have high false positive rate and false negative rate,but also have low detection accuracy.At the same time,methods based on deep learning also have their unique limitations.In response to these problems,this paper proposes a detection method that combines pre-training technology and traditional expert knowledge,and at the same time slices smart contracts to reduce the impact of irrelevant data on the model.This paper focuses on the detection of reentrancy vulnerability and conducts experiments on 203716contract data sets.Experimental results show that the smart contract reentrancy vulnerability detection method based on pre-training technology and expert knowledge has an accuracy rate of 96.2%,a recall rate of97.7%and a F1score of 96.9%,which are better than existing detection methods.