Fine-grained Vulnerability Detection Based on Hierarchical Attention Networks and Integral Gradients
Smart contracts are decentralized applications that run on blockchain platforms and are widely used in many fields,in-cluding digital currencies,the Internet of Things,and supply chains.Research on vulnerability detection in smart contracts is of great importance for securing digital assets and maintaining the reliability and stability of contracts.One of the current main-stream researches is to use deep learning models to automatically learn code features,so as to detect vulnerabilities in smart con-tracts.It has high accuracy,but has limitations in vulnerability interpretation and cannot provide fine-grained vulnerability infor-mation.To address the problem that the current deep learning-based smart contract vulnerability detection model cannot effective-ly provide fine-grained vulnerability explanation and lacks of fine-grained labels,a fine-grained vulnerability detection method based on hierarchical attention network and integral gradient is proposed.Using hierarchical attention network for coarse-grained vulnerability detection,the word attention encoding layer and function attention encoding layer are constructed by two attention layers to learn the function-level and contract-level representations of the source code,respectively,to pay attention to the various tokens and statements of the code;and then the integrated gradient method is used to provide fine-grained explanations and calcu-late the contribution of code statements to vulnerability prediction,to obtain the vulnerability statements related to vulnerabili-ties,so as to realise the statement-less tags in the case of word-level and statement-level vulnerability interpretation.Experimental results on real Ethereum datasets SmartbugsWilds,SmartbugsCurated and SolidiFIBenchmark show that the proposed method achieves an average accuracy of more than 80%on five vulnerability types,with a 6%improvement in the accuracy of vulnerabili-ty interpretation,which can locate the vulnerable code more accurately and help developers to review contracts.
NETL
NSTL
万方数据
