基于预训练与新型时序图神经网络的智能合约漏洞检测方法
Smart contract vulnerability detection method based on pre-training and novel timing graph neural network
庄园 1樊泽楷 1王诚 1孙建国 2李耀麟3
作者信息
- 1. 哈尔滨工程大学计算机科学与技术学院,黑龙江 哈尔滨 150001
- 2. 西安电子科技大学杭州研究院,浙江 杭州 311231
- 3. 北京理工大学计算机学院,北京 100081
- 折叠
摘要
针对现有深度学习漏洞检测方法对合约字节码特征挖掘不足、漏洞语义表征不精准,且传统图神经网络模型对合约语句的时序信息学习能力不足,提出一种基于预训练与时序图神经网络的智能合约漏洞检测方法.首先,通过预训练模型将智能合约字节码建模为漏洞语义感知的合约图结构.其次,结合自注意力机制,设计了一种新颖的基于事件驱动的时序图神经网络模型,实现对合约执行中时序信息的有效抽取.最后,聚焦于可重入漏洞、时间戳依赖漏洞以及Tx.origin身份认证漏洞,通过120 932份真实合约数据集进行大量的评估实验,结果表明所提方法的检测效果显著优于现有方法.
Abstract
To address the limitations of current deep learning-based methods in extracting contract bytecode features and representing vulnerability semantics,as well as the shortcomings of the traditional graph neural networks in learning tem-poral information from contract statements,a method for detecting vulnerabilities in contracts was proposed based on pre-trained and temporal graph neural network.Firstly,the pre-trained model was used to transform smart contract byte-code into a vulnerability semantics-aware contract graph structure.Then,combined with a self-attention mechanism,the event-driven temporal graph neural network was designed to extract temporal information during contract execution.Fi-nally,focusing on reentrant vulnerabilities,timestamp dependency vulnerabilities,and Tx.origin authentication vulner-abilities,extensive experiments were conducted on a dataset of 120 932 actual contracts.The results show that the pro-posed method significantly outperforms existing approaches.
关键词
区块链/智能合约/漏洞检测/预训练模型/图神经网络Key words
blockchain/smart contract/vulnerability detection/pre-training model/graph neural network引用本文复制引用
基金项目
国家自然科学基金资助项目(62202121)
国家重点研发计划基金资助项目(2022YFB4400703)
中央高校基本科研业务费专项资金资助项目(3072022TS0604)
出版年
2024
国家科技期刊平台
NSTL
万方数据