Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (9): 368-375.doi: 10.11896/jsjkx.241000007

• Information Security • Previous Articles     Next Articles

Vulnerability Detection Method Based on Deep Fusion of Multi-dimensional Features from Heterogeneous Contract Graphs

ZHOU Tao, DU Yongping, XIE Runfeng, HAN Honggui   

  1. College of Computer Science,Beijing University of Technology,Beijing 100124,China
  • Received:2024-10-08 Revised:2025-02-25 Online:2025-09-15 Published:2025-09-11
  • About author:ZHOU Tao,born in 2000,postgraduate.Her main research interests include deep learning and smart contract vulnerability detection.
    HAN Honggui,born in 1983,professor,Ph.D supervisor.His main research interests include machine learning and artificial intelligence.
  • Supported by:
    National Key Research and Development Program of China(2022YFB3305802) and National Natural Science Foundation of China(92267107).

PDF (PC)

8

Abstract: Smart contracts are pieces of code that execute automatically on the blockchain,and the safety problem is critical due to their irreversibility and close links to financial transactions.However,the current smart contract vulnerability detection technology still faces problems such as low feature extraction efficiency,low detection accuracy,and over-reliance on expert rules.In order to solve these problems,this paper proposes a vulnerability detection method based on multi-dimensional feature deep fusion of heterogeneous contract graph.Firstly,the code of smart contract data is denoised,and the data set is expanded by data enhancement method of code function exchange,and represented as heterogeneous contract graph.Secondly,the high-dimensional semantic representation of nodes in the smart contract graph is efficiently obtained by combining graph embedding technology and code pre-training technology.Finally,the dual heterogeneous graph attention network is designed to deeply integrate the node features learned in two dimensions to achieve more accurate vulnerability detection.The experimental results for different types of vulnerabilities show that the overall performance of the proposed method has been improved,and the average F1 index is higher than 77.72%.In the case of denial of service vulnerability detection,the F1 value is up to 84.88%,which is significantly improved by 10.62% and 22.34% compared with the traditional deep learning method and the graph topology detection method respectively.The proposed method not only improves the detection efficiency and accuracy,but also reduces the dependence on expert rules by learning node characteristics,providing a more reliable guarantee for the security of smart contracts.

Key words: Smart contract, Pre-trained model, Graph embedding, Graph attention network, Vulnerability detection, Blockchain

CLC Number: 

  • TP309
[1]DONG W L,LIU Z,LIU K,et al.Survey on Vulnerability Detection Technology of Smart Contracts[J].Journal of Software,2023,35(1):38-62.
[2]ZHANG Y L,MA J L,LIU Z A,et al.A Survey of vulnerability detection methods for Ethereum Solidity smart contracts[J].Computer Science,2022,49(3):52-61.
[3]NGUYEN H H,NGUYEN N M.MANDO-HGT:Heteroge-neous Graph Transformers for Smart Contract Vulnerability Detection[C]//2023 IEEE/ACM 20th International Conference on Mining Software Repositories(MSR).IEEE,2023:334-346.
[4]PARVEEN N,CHAKRABARTI P,HUNG B T,et al.Twitter sentiment analysis using hybrid gated attention recurrent network[J].Journal of Big Data,2023,10(1):50.
[5]CAI J,LI B,ZHANG J,et al.Combine sliced joint graph with graph neural networks for smart contract vulnerability detection[J].Journal of Systems and Software,2023,195:111550.
[6]LUO F,LUO R,CHEN T,et al.Scvhunter:Smart contract vulnerability detection based on heterogeneous graph attention network[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering.2024:1-13.
[7]PASQUA M,BENINI A,CONTRO F,et al.Enhancing Ethereum smart-contracts static analysis by computing a precise Control-Flow Graph of Ethereum bytecode[J].Journal of Systems and Software,2023,200:111653.
[8]ZHEN Z,ZHAO X,ZHANG J,et al.DA-GNN:A smart contract vulnerability detection method based on Dual Attention Graph Neural Network[J].Computer Networks,2024,242:110238.
[9]SHAHBAZ M,SURESH L,REXFORD J,et al.Elmo:Source routed multicast for public clouds[C]//Proceedings of the ACM Special Interest Group on Data Communication.2019:458-471.
[10]WANG B,XIE Q,PEI J,et al.Pre-trained language models inbiomedical domain:A systematic survey[J].ACM Computing Surveys,2023,56(3):1-52.
[11]DEVLIN J,CHANG M W,LEE K,et al.BERT:pre-training of deep bidirectional transformers for language understanding[C]//Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics:Human Language Technologies.Stroudsburg,PA:ACL,2019:4171-4186.
[12]GUO D,REN S,LU S,et al.GraphCodeBERT:Pre-trainingCode Representations with Data Flow[C]//International Conference on Learning Representations.2021.
[13]ZHANG F,GUO D,TANG D,et al.CodeBERT:A Pre-Trained Model for Programming and Natural Languages[C]//Findings of the Association for Computational Linguistics:EMNLP.2020:1536-1547.
[14]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019:8-15.
[15]FERREIRA J F,CRUZ P,DURIEUX T,et al.Smartbugs:Aframework to analyze solidity smart contracts[C]//Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering.2020:1349-1352.
[16]GHALEB A,PATTABIRAMAN K.How effective are smartcontract analysis tools? evaluating smart contract static analysis tools using bug injection[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:415-427.
[17]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1186-1189.
[18]DURIEUX T,FERREIRA J F,ABREU R,et al.Empirical review of automated analysis tools on 47,587 ethereum smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.2020:530-541.
[19]CHOUDHARY K,DECOST B.Atomistic line graph neural network for improved materials property predictions[J].Computational Materials,2021,7(1):185.
[20]ZHANG Y C,TANG M.A Theoretical Analysis of DeepWalk and Node2vec for Exact Recovery of Community Structures in Stochastic Blockmodels[J].IEEE Transactions on Pattern Analy-sis and Machine Intelligence,2023,46(2):1065-1078.
[21]DONG Y,CHAWLA N V,SWAMI A.metapath2vec:Scalable representation learning for heterogeneous networks[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2017:135-144.
[22]YU Y,SI X,HU C,et al.A review of recurrent neural networks:LSTM cells and network architectures[J].Neural computation,2019,31(7):1235-1270.
[1] ZHONG Boyang, RUAN Tong, ZHANG Weiyan, LIU Jingping. Collaboration of Large and Small Language Models with Iterative Reflection Framework for Clinical Note Summarization [J]. Computer Science, 2025, 52(9): 294-302.
[2] GAO Long, LI Yang, WANG Suge. Sentiment Classification Method Based on Stepwise Cooperative Fusion Representation [J]. Computer Science, 2025, 52(9): 313-319.
[3] ZHU Shihao, PENG Kexing, MA Tinghuai. Graph Attention-based Grouped Multi-agent Reinforcement Learning Method [J]. Computer Science, 2025, 52(9): 330-336.
[4] FENG Yimeng, FENG Yan, XIE Sijiang, ZHANG Qing. Proxy-based Bidirectional Coin Mixing Mechanism of Blockchain [J]. Computer Science, 2025, 52(8): 385-392.
[5] LI Mengxi, GAO Xindan, LI Xue. Two-way Feature Augmentation Graph Convolution Networks Algorithm [J]. Computer Science, 2025, 52(7): 127-134.
[6] YE Jiale, PU Yuanyuan, ZHAO Zhengpeng, FENG Jue, ZHOU Lianmin, GU Jinjing. Multi-view CLIP and Hybrid Contrastive Learning for Multimodal Image-Text Sentiment Analysis [J]. Computer Science, 2025, 52(6A): 240700060-7.
[7] FANG Rui, CUI Liangzhong, FANG Yuanjing. Equipment Event Extraction Method Based on Semantic Enhancement [J]. Computer Science, 2025, 52(6A): 240900096-9.
[8] TANG Lijun , YANG Zheng, ZHAO Nan, ZHAI Suwei. FLIP-based Joint Similarity Preserving Hashing for Cross-modal Retrieval [J]. Computer Science, 2025, 52(6A): 240400151-10.
[9] LI Yingjian, WANG Yongsheng, LIU Xiaojun, REN Yuan. Cloud Platform Load Data Forecasting Method Based on Spatiotemporal Graph AttentionNetwork [J]. Computer Science, 2025, 52(6A): 240700178-8.
[10] BAO Shenghong, YAO Youjian, LI Xiaoya, CHEN Wen. Integrated PU Learning Method PUEVD and Its Application in Software Source CodeVulnerability Detection [J]. Computer Science, 2025, 52(6A): 241100144-9.
[11] SHI Enyi, CHANG Shuyu, CHEN Kejia, ZHANG Yang, HUANG Haiping. BiGCN-TL:Bipartite Graph Convolutional Neural Network Transformer Localization Model for Software Bug Partial Localization Scenarios [J]. Computer Science, 2025, 52(6A): 250200086-11.
[12] ZHAO Chanchan, WEI Xiaomin, SHI Bao, LYU Fei, LIU Libin, ZHANG Ziyang. Edge Computing Based Approach for Node Trust Evaluation in Blockchain Networks [J]. Computer Science, 2025, 52(6A): 240600153-8.
[13] ZHANG Xuming, SHI Yaqing, HUANG Song, WANG Xingya, HU Jinchang, LU Jiangtao. Survey of Open-source Software Component Vulnerability Detection and Automatic RepairTechnology [J]. Computer Science, 2025, 52(6): 1-20.
[14] WANG Jinghong, WU Zhibing, WANG Xizhao, LI Haokang. Semantic-aware Heterogeneous Graph Attention Network Based on Multi-view RepresentationLearning [J]. Computer Science, 2025, 52(6): 167-178.
[15] WANG Pu, GAO Zhanyun, WANG Zhenfei, SONG Zheli. BDBFT:A Consensus Protocol Based on Reputation Prediction Model for IoT Scenario [J]. Computer Science, 2025, 52(5): 366-374.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.