摘要
随着区块链技术的广泛应用,智能合约的安全问题引起广泛关注。针对智能合约源码向字节码转化会丢失部分语义信息,而现有深度学习漏洞检测方法不能很好地检测重入漏洞和时间戳漏洞等问题,本文提出一种基于特征调制图神经网络的智能合约源码漏洞检测方法(GNN-film)。首先,分析重入漏洞和时间戳漏洞的特点,使用智能合约源码构建图结构并将其精简化;其次,搭建基于特征级线性调制的图神经网络模型,利用该网络模型强大的特征调制能力对合约漏洞特征进行精确表示;最后,将精简化后的图结构数据输入搭建的模型中获得检测结果。实验结果显示,本文方法对重入漏洞和时间戳漏洞检测的准确率达到91.00%和91.64%,相较基于图神经网络的方法分别提升了4.20百分点和9.70百分点,证明本文方法对相关漏洞检测的能力要优于其他检测工具。
With the wide use of blockchain technology,the security of smart contracts has attracted wide attention.The conversion of smart contract source code to bytecode will lose some semantic information,and the existing deep learning vulnerability detection methods cannot detect reentrancy vulnerabilities and timestamp vulnerabilities well.This paper proposed a smart contract source vulnerability detection method(GNN-film)based on feature-wise modulation graph neural network.Firstly,the characteristics of reen‐trancy vulnerabilities and timestamp vulnerabilities were analyzed,the graph structure was constructed and simplified by using smart contract source code.Secondly,constructing the model of feature-wise linear modulation graph neural network,and getting accurate representation of contract vulnerability features by using the powerful feature modulation ability of the model.Finally,put simplified graph structure data into the model to obtain the detection results.The experimental results show that the detection accuracy of reentrancy vulnerability and timestamp vulnerability is 91.00%and 91.64%respectively,which is 4.20 and 9.70 percentage points higher than that of graph neural network method.It is proved that the detection ability of this method for related vulnerabilities is better than other detection tools.
作者
师自通
师智斌
刘冬明
石琼
龚晓元
SHI Zitong;SHI Zhibin;LIU Dongming;SHI Qiong;GONG Xiaoyuan(School of Computer Science and Technology,North University of China,Taiyuan 030051,China)
出处
《中北大学学报(自然科学版)》
CAS
2024年第5期601-607,共7页
Journal of North University of China(Natural Science Edition)
关键词
智能合约
漏洞检测
重入漏洞
时间戳漏洞
特征调制图神经网络
smart contract
vulnerability detection
reentrancy vulnerability
timestamp vulnerability
feature-wise linear modulation graph neural network