计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (9): 368-375.doi: 10.11896/jsjkx.241000007

• 信息安全 • 上一篇    下一篇

基于异构合约图多维度特征深度融合的漏洞检测方法

周涛, 杜永萍, 谢润锋, 韩红桂   

  1. 北京工业大学计算机学院 北京 100124
  • 收稿日期:2024-10-08 修回日期:2025-02-25 出版日期:2025-09-15 发布日期:2025-09-11
  • 通讯作者: 韩红桂(rechardhan@bjut.edu.cn)
  • 作者简介:(zhoutao_work@163.com)
  • 基金资助:
    国家重点研发计划(2022YFB3305802);国家自然科学基金(92267107)

Vulnerability Detection Method Based on Deep Fusion of Multi-dimensional Features from Heterogeneous Contract Graphs

ZHOU Tao, DU Yongping, XIE Runfeng, HAN Honggui   

  1. College of Computer Science,Beijing University of Technology,Beijing 100124,China
  • Received:2024-10-08 Revised:2025-02-25 Online:2025-09-15 Published:2025-09-11
  • About author:ZHOU Tao,born in 2000,postgraduate.Her main research interests include deep learning and smart contract vulnerability detection.
    HAN Honggui,born in 1983,professor,Ph.D supervisor.His main research interests include machine learning and artificial intelligence.
  • Supported by:
    National Key Research and Development Program of China(2022YFB3305802) and National Natural Science Foundation of China(92267107).

PDF (PC)

8

摘要: 智能合约是在区块链上自动执行的代码,具有不可逆性且与金融交易密切相关,故其安全问题至关重要。然而,当前智能合约漏洞检测技术仍面临特征提取效率低、检测精度低以及过度依赖专家规则等问题。对此,提出一种基于异构合约图多维度特征深度融合的漏洞检测方法。首先,针对智能合约数据集的代码进行去噪处理,采用代码函数交换等数据增强方法扩充数据集,进而将其表示为异构合约图。其次,结合图嵌入技术以及代码预训练技术高效获取智能合约图以及对应操作码中节点的高维度语义表示。最后,设计双层异构图注意力网络深度融合在两种维度下学习到的节点特征,以实现高效的漏洞检测。针对不同类型漏洞的实验结果表明,所提方法整体表现较对比方法均有所提升,F1指标平均值高于77.72%,在拒绝服务漏洞类型的检测上表现最佳,F1值最高达到84.88%,较传统的深度学习方法和图拓扑检测方法分别提升了10.62%和22.34%。所提方法不仅提高了检测的效率和准确性,而且通过学习节点特征减少了对专家规则的依赖,为智能合约的安全性提供了更为可靠的保障。

关键词: 智能合约, 预训练模型, 图嵌入, 图注意力网络, 漏洞检测, 区块链

Abstract: Smart contracts are pieces of code that execute automatically on the blockchain,and the safety problem is critical due to their irreversibility and close links to financial transactions.However,the current smart contract vulnerability detection technology still faces problems such as low feature extraction efficiency,low detection accuracy,and over-reliance on expert rules.In order to solve these problems,this paper proposes a vulnerability detection method based on multi-dimensional feature deep fusion of heterogeneous contract graph.Firstly,the code of smart contract data is denoised,and the data set is expanded by data enhancement method of code function exchange,and represented as heterogeneous contract graph.Secondly,the high-dimensional semantic representation of nodes in the smart contract graph is efficiently obtained by combining graph embedding technology and code pre-training technology.Finally,the dual heterogeneous graph attention network is designed to deeply integrate the node features learned in two dimensions to achieve more accurate vulnerability detection.The experimental results for different types of vulnerabilities show that the overall performance of the proposed method has been improved,and the average F1 index is higher than 77.72%.In the case of denial of service vulnerability detection,the F1 value is up to 84.88%,which is significantly improved by 10.62% and 22.34% compared with the traditional deep learning method and the graph topology detection method respectively.The proposed method not only improves the detection efficiency and accuracy,but also reduces the dependence on expert rules by learning node characteristics,providing a more reliable guarantee for the security of smart contracts.

Key words: Smart contract, Pre-trained model, Graph embedding, Graph attention network, Vulnerability detection, Blockchain

中图分类号: 

  • TP309
[1]DONG W L,LIU Z,LIU K,et al.Survey on Vulnerability Detection Technology of Smart Contracts[J].Journal of Software,2023,35(1):38-62.
[2]ZHANG Y L,MA J L,LIU Z A,et al.A Survey of vulnerability detection methods for Ethereum Solidity smart contracts[J].Computer Science,2022,49(3):52-61.
[3]NGUYEN H H,NGUYEN N M.MANDO-HGT:Heteroge-neous Graph Transformers for Smart Contract Vulnerability Detection[C]//2023 IEEE/ACM 20th International Conference on Mining Software Repositories(MSR).IEEE,2023:334-346.
[4]PARVEEN N,CHAKRABARTI P,HUNG B T,et al.Twitter sentiment analysis using hybrid gated attention recurrent network[J].Journal of Big Data,2023,10(1):50.
[5]CAI J,LI B,ZHANG J,et al.Combine sliced joint graph with graph neural networks for smart contract vulnerability detection[J].Journal of Systems and Software,2023,195:111550.
[6]LUO F,LUO R,CHEN T,et al.Scvhunter:Smart contract vulnerability detection based on heterogeneous graph attention network[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering.2024:1-13.
[7]PASQUA M,BENINI A,CONTRO F,et al.Enhancing Ethereum smart-contracts static analysis by computing a precise Control-Flow Graph of Ethereum bytecode[J].Journal of Systems and Software,2023,200:111653.
[8]ZHEN Z,ZHAO X,ZHANG J,et al.DA-GNN:A smart contract vulnerability detection method based on Dual Attention Graph Neural Network[J].Computer Networks,2024,242:110238.
[9]SHAHBAZ M,SURESH L,REXFORD J,et al.Elmo:Source routed multicast for public clouds[C]//Proceedings of the ACM Special Interest Group on Data Communication.2019:458-471.
[10]WANG B,XIE Q,PEI J,et al.Pre-trained language models inbiomedical domain:A systematic survey[J].ACM Computing Surveys,2023,56(3):1-52.
[11]DEVLIN J,CHANG M W,LEE K,et al.BERT:pre-training of deep bidirectional transformers for language understanding[C]//Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics:Human Language Technologies.Stroudsburg,PA:ACL,2019:4171-4186.
[12]GUO D,REN S,LU S,et al.GraphCodeBERT:Pre-trainingCode Representations with Data Flow[C]//International Conference on Learning Representations.2021.
[13]ZHANG F,GUO D,TANG D,et al.CodeBERT:A Pre-Trained Model for Programming and Natural Languages[C]//Findings of the Association for Computational Linguistics:EMNLP.2020:1536-1547.
[14]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019:8-15.
[15]FERREIRA J F,CRUZ P,DURIEUX T,et al.Smartbugs:Aframework to analyze solidity smart contracts[C]//Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering.2020:1349-1352.
[16]GHALEB A,PATTABIRAMAN K.How effective are smartcontract analysis tools? evaluating smart contract static analysis tools using bug injection[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:415-427.
[17]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1186-1189.
[18]DURIEUX T,FERREIRA J F,ABREU R,et al.Empirical review of automated analysis tools on 47,587 ethereum smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.2020:530-541.
[19]CHOUDHARY K,DECOST B.Atomistic line graph neural network for improved materials property predictions[J].Computational Materials,2021,7(1):185.
[20]ZHANG Y C,TANG M.A Theoretical Analysis of DeepWalk and Node2vec for Exact Recovery of Community Structures in Stochastic Blockmodels[J].IEEE Transactions on Pattern Analy-sis and Machine Intelligence,2023,46(2):1065-1078.
[21]DONG Y,CHAWLA N V,SWAMI A.metapath2vec:Scalable representation learning for heterogeneous networks[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2017:135-144.
[22]YU Y,SI X,HU C,et al.A review of recurrent neural networks:LSTM cells and network architectures[J].Neural computation,2019,31(7):1235-1270.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发