摘要
针对传统智能合约漏洞检测方法检测精度较低、误报率较高,以及基于神经网络的方法对字节码级智能合约特征挖掘不足的问题,提出了一种基于语义感知图神经网络的智能合约字节码漏洞检测方法。首先,以智能合约字节码划分基本块作为节点,并从字节码中提取基本块间的调用关系作为边,以此生成控制流图(control flow graph,CFG),传入图卷积神经网络(graph convolutional network,GCN)中进行训练得到图节点的特征表示;其次,对合约字节码指令序列进行分词,再转化为词向量嵌入到低维空间,传入长短期记忆(long short-term memory,LSTM)网络进行训练,得到字节码语义信息的向量表示;最后,将生成的节点特征和语义特征进行拼接后传入全连接层进行降维,结合语义信息和节点特征对智能合约进行漏洞检测。利用公开数据集中的真实智能合约进行训练和测试,在通过传统方法和人工标签的两类漏洞分类数据集中进行验证。使用本文提出的方法与3种传统智能合约漏洞检测工具及1种基于神经网络的智能合约漏洞检测方法进行对比。实验结果表明本文提出的基于语义感知图神经网络智能合约字节码漏洞检测方法在各类指标上均有较大提升,能够检测出其余4种方法未检测出的具有漏洞的合约,说明在图神经网络中加入字节码语义信息能够有效提升检测精度,降低误报率。
In order to solve the problems of low detection accuracy and high false positive rate of traditional smart contract vulnerability detection methods and less consideration of bytecode level smart contract features in neural networks,a smart contract bytecode vulnerability detection method based on semantic perception graph neural network was proposed.First,in order to generate the control flow graph,the basic blocks divided by the smart contract bytecode were used as the nodes,and the call relationship between the basic blocks was extracted from the bytecode as the edges.Then,control flow graph is transmitted into the graph convolutional network for training to obtain the feature representation of the graph nodes;Afterwards,the contract bytecode instruction sequence is segmented,transformed into a word vector,embedded into a low-dimensional space and transmitted to a long short-term memory network for training.Then,the vector representation of bytecode semantic information was obtained.Finally,the generated node features and semantic features were spliced and transmitted to the full connection layer for dimensional-ity reduction.Combined with semantic information and node features,the vulnerability detection was carried out for smart contracts.The real smart contracts in public dataset were used for training and testing,and verified in two types of vulnerability classification datasets through tradi-tional methods and artificial tags.The method proposed in this paper was compared with three traditional smart contract vulnerability detection tools and one smart contract vulnerability detection method based on neural network.The experimental results showed that the proposed network greatly improves the performance of network in terms of various indicators,and detects the contracts with vulnerabilities which are not detected by the other four methods.It shows that adding the bytecode semantic information to graph neural network can effectively improve the detection accuracy and reduce the false alarm rate.
作者
赵波
上官晨晗
彭小燕
安扬
童俊成
袁安琪
ZHAO Bo;SHANGGUAN Chenhan;PENG Xiaoyan;AN Yang;TONG Juncheng;YUAN Anqi(School of Cyber Sci.and Eng.,Wuhan Univ.,Wuhan 430072,China;Shanghai Aerospace Electronic Communication Equipment Inst.,Shanghai 201109,China;School of Computer Sci.,Wuhan Univ.,Wuhan 430072,China)
出处
《工程科学与技术》
EI
CSCD
北大核心
2022年第2期49-55,共7页
Advanced Engineering Sciences
基金
湖北省重点研发计划项目(2020BAB101
2020BAA003)
上海航天科技创新基金项目(SAST2019–098)
国家自然科学基金联合基金项目(U1936122)
