摘要
针对现有深度学习漏洞检测方法对合约字节码特征挖掘不足、漏洞语义表征不精准,且传统图神经网络模型对合约语句的时序信息学习能力不足,提出一种基于预训练与时序图神经网络的智能合约漏洞检测方法。首先,通过预训练模型将智能合约字节码建模为漏洞语义感知的合约图结构。其次,结合自注意力机制,设计了一种新颖的基于事件驱动的时序图神经网络模型,实现对合约执行中时序信息的有效抽取。最后,聚焦于可重入漏洞、时间戳依赖漏洞以及Tx.origin身份认证漏洞,通过120932份真实合约数据集进行大量的评估实验,结果表明所提方法的检测效果显著优于现有方法。
To address the limitations of current deep learning-based methods in extracting contract bytecode features and representing vulnerability semantics,as well as the shortcomings of the traditional graph neural networks in learning temporal information from contract statements,a method for detecting vulnerabilities in contracts was proposed based on pre-trained and temporal graph neural network.Firstly,the pre-trained model was used to transform smart contract bytecode into a vulnerability semantics-aware contract graph structure.Then,combined with a self-attention mechanism,the event-driven temporal graph neural network was designed to extract temporal information during contract execution.Finally,focusing on reentrant vulnerabilities,timestamp dependency vulnerabilities,and Tx.origin authentication vulnerabilities,extensive experiments were conducted on a dataset of 120932 actual contracts.The results show that the proposed method significantly outperforms existing approaches.
作者
庄园
樊泽楷
王诚
孙建国
李耀麟
ZHUANG Yuan;FAN Zekai;WANG Cheng;SUN Jianguo;LI Yaolin(Collage of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China;Hangzhou Institute of Technology,Xidian University,Hangzhou 311231,China;School of Computer Science and Technology,Beijing Institute of Technology,Beijing 100081,China)
出处
《通信学报》
EI
CSCD
北大核心
2024年第9期101-114,共14页
Journal on Communications
基金
国家自然科学基金资助项目(No.62202121)
国家重点研发计划基金资助项目(No.2022YFB4400703)
中央高校基本科研业务费专项资金资助项目(No.3072022TS0604)。
关键词
区块链
智能合约
漏洞检测
预训练模型
图神经网络
blockchain
smart contract
vulnerability detection
pre-training model
graph neural network
