Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (12): 326-333.doi: 10.11896/jsjkx.231000174

• Information Security • Previous Articles     Next Articles

Fine-grained Vulnerability Detection Based on Hierarchical Attention Networks and Integral Gradients

LI Qiuyue1,3, HAN Daojun1,2, ZHANG Lei1, XU Tao1   

  1. 1 School of Computer and Information Engineering, Henan University, Kaifeng, Henan 475004, China
    2 Henan Engineering Research Center of Intelligent Technology and Application, Henan University, Kaifeng, Henan 475004, China
    3 School of Computer and Artificial Intelligence, Henan Finance University, Zhengzhou 450002, China
  • Received:2023-10-25 Revised:2024-04-04 Online:2024-12-15 Published:2024-12-10
  • About author:LI Qiuyue,born in 1998,postgraduate.Her main research interests include information security and blockchain.
    HAN Daojun,born in 1979,Ph.D, professor,is a member of CCF(No.28531).His main research interests include information security and blockchain.
  • Supported by:
    University Young Core Instructor Foundation of Henan Province(2020GGJS027),National Natural Science Foundation of China(42371433) and Key Science and Technology Program of Henan Province(232102240020,232102211056).

PDF (PC)

130

Abstract: Smart contracts are decentralized applications that run on blockchain platforms and are widely used in many fields,including digital currencies,the Internet of Things,and supply chains.Research on vulnerability detection in smart contracts is of great importance for securing digital assets and maintaining the reliability and stability of contracts.One of the current mainstream researches is to use deep learning models to automatically learn code features,so as to detect vulnerabilities in smart contracts.It has high accuracy,but has limitations in vulnerability interpretation and cannot provide fine-grained vulnerability information.To address the problem that the current deep learning-based smart contract vulnerability detection model cannot effectively provide fine-grained vulnerability explanation and lacks of fine-grained labels,a fine-grained vulnerability detection method based on hierarchical attention network and integral gradient is proposed.Using hierarchical attention network for coarse-grained vulnerability detection,the word attention encoding layer and function attention encoding layer are constructed by two attention layers to learn the function-level and contract-level representations of the source code,respectively,to pay attention to the various tokens and statements of the code;and then the integrated gradient method is used to provide fine-grained explanations and calculate the contribution of code statements to vulnerability prediction,to obtain the vulnerability statements related to vulnerabilities,so as to realise the statement-less tags in the case of word-level and statement-level vulnerability interpretation.Experimental results on real Ethereum datasets SmartbugsWilds,SmartbugsCurated and SolidiFIBenchmark show that the proposed method achieves an average accuracy of more than 80% on five vulnerability types,with a 6% improvement in the accuracy of vulnerability interpretation,which can locate the vulnerable code more accurately and help developers to review contracts.

Key words: Smart contract, Vulnerability detection, Attention mechanism, Integrative gradients

CLC Number: 

  • TP391
[1]NAKAMOTO S.Bitcoin A Peer-to-Peer Electronic Cash System[J/OL].https://bitcoin.org/bitcoin.pdf.
[2]BUTERIN V.A next Generation Smart Contract & Decentra-lized Application Platform[J/OL].https://ethereum.org/669c9e2e2027310b6b3cdce6e1c52962/Ethereum_Whitepaper_-_Buterin_2014.pdf.
[3]SZABO N.Smart Contracts:Building Blocks for Digital Markets[J/OL].https://www.fon.hum.uva.nl/rob/Courses/Information-InSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html.
[4]ZOU W,LO D,KOCHHAR P S,et al.Smart Contract Development:Challenges and Opportunities[J].IEEE Transactions on Software Engineering,2021,47:2084.
[5]SCHAR F.Decentralized Finance:On Blockchain and SmartContract-Based Financial Markets[J].Federal Reserve Bank of St,2020,103(2):153-174.
[6]ZHANG Y,KASAHARA S,SHEN Y,et al.Smart Contract-Based Access Control for the Internet of Things[J].IEEE Internet of Things Journal,2018,6:1594-1605.
[7]DUAN B,XIN K,ZHONG Y.Optimal Dispatching of ElectricVehicles Based on Smart Contract and Internet of Things[J].IEEE Access,2020,8:9630-9639.
[8]ATZEI N,BARTOLETTI M,CIMOLI T.A Survey of Attacks on Ethereum Smart Contracts(SoK)[C]//6th International Conference on Principles of Security and Trust(POST) Held as Part of the European Joint Conferences on Theory and Practice of Software(ETAPS).2017:164-186.
[9]FAIRYPROOF.Fairyproof’s Review of 2021 Blockchain Secu-rity[EB/OL].https://fairyproof.com/doc/Fairyproof’sReviewOf2021BlockchainSecurity_012722.pdf.
[10]CHAKRABORTY S,KRISHNA R,DING Y,et al.Deep Lear-ning based Vulnerability Detection:Are We There Yet[J].IEEE Transactions on Software Engineering,2021,48(1):3280-3296.
[11]LI Z,ZOU D,XU S,et al.VulDeeLocator:A Deep Learning-Based Fine-Grained Vulnerability Detector[J].IEEE Transactions on Dependable and Secure Computing,2022,19(4):2821-2837.
[12]LI Y,WANG S,NGUYEN T N.Vulnerability detection withfine-grained interpretations[C]//Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2021:292-303.
[13]NGUYEN V A,LE T,TANTITHAM C K,et al.An Information-Theoretic and Contrastive Learning-based Approach for Identifying Code Statements Causing Software Vulnerability[J].arXiv:2209.10414,2022.
[14]NGUYEN H H,NGUYEN N M,XIE C,et al.MANDO:Multi-Level Heterogeneous Graph Embeddings for Fine-Grained Detection of Smart Contract Vulnerabilities[C]//2022 IEEE 9th International Conference on Data Science and Advanced Analy-tics(DSAA).2022.
[15]SHEN C K.Research on Deep Learning-based Vulnerability Detection Methods for Smart Contracts[D].Wuhan:Wuhan University,2021.
[16]YANG Z,YANG D,DYER C,et al.Hierarchical Attention Networks for Document Classification[C]//Proceedings of the 2016 Conference of the North American Chapter of the Association for Computational Linguistics:Human Language Technologies.2016:1480-1489.
[17]FERREIRA J F,CRUZ P,DURIEUX T,et al.SmartBugs:A Framework to Analyze Solidity Smart Contracts[C]//35th IEEE/ACM International Conference on Automated Software Engineering(ASE).2020:1349-1352.
[18]GHALEB A,PATTAB K.How effective are smart contractanalysis tools? evaluating smart contract static analysis tools using bug injection[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:415-427.
[19]LUU L,CHU D H,OLICKEL H,et al.Making Smart Contracts Smarter[C]//23rd ACM Conference on Computer and Communications Security(CCS).2016:254-269.
[20]MUELLER B.Mythril-Reversing and bug hunting frameworkfor the Ethereum blockchain[Z].https://pypi.org/project/mythril/.
[21]TSANKOV P,DAN A,DRACHSLER C D,et al.Securify:Practical Security Analysis of Smart Contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:67-82.
[22]GU J,WANG Z,KUEN J,et al.Recent advances in convolu-tional neural networks[J].arXiv:1512.07108,2015.
[23]HOCHREITER S,SCHMIDHUBER J.Long Short-Term Me-mory[J].Neural Computing,1997,9(8):1735-1780.
[1] LI Yunchen, ZHANG Rui, WANG Jiabao, LI Yang, WANG Ziqi, CHEN Yao. Re-parameterization Enhanced Dual-modal Realtime Object Detection Model [J]. Computer Science, 2024, 51(9): 162-172.
[2] HU Pengfei, WANG Youguo, ZHAI Qiqing, YAN Jun, BAI Quan. Night Vehicle Detection Algorithm Based on YOLOv5s and Bistable Stochastic Resonance [J]. Computer Science, 2024, 51(9): 173-181.
[3] LIU Qian, BAI Zhihao, CHENG Chunling, GUI Yaocheng. Image-Text Sentiment Classification Model Based on Multi-scale Cross-modal Feature Fusion [J]. Computer Science, 2024, 51(9): 258-264.
[4] LI Zhe, LIU Yiyang, WANG Ke, YANG Jie, LI Yafei, XU Mingliang. Real-time Prediction Model of Carrier Aircraft Landing Trajectory Based on Stagewise Autoencoders and Attention Mechanism [J]. Computer Science, 2024, 51(9): 273-282.
[5] LIU Qilong, LI Bicheng, HUANG Zhiyong. CCSD:Topic-oriented Sarcasm Detection [J]. Computer Science, 2024, 51(9): 310-318.
[6] YAO Yao, YANG Jibin, ZHANG Xiongwei, LI Yihao, SONG Gongkunkun. CLU-Net Speech Enhancement Network for Radio Communication [J]. Computer Science, 2024, 51(9): 338-345.
[7] REN Jiadong, LI Shangyang, REN Rong, ZHANG Bing, WANG Qian. Web Access Control Vulnerability Detection Approach Based on Site Maps [J]. Computer Science, 2024, 51(9): 416-424.
[8] LIU Sichun, WANG Xiaoping, PEI Xilong, LUO Hangyu. Scene Segmentation Model Based on Dual Learning [J]. Computer Science, 2024, 51(8): 133-142.
[9] ZHANG Rui, WANG Ziqi, LI Yang, WANG Jiabao, CHEN Yao. Task-aware Few-shot SAR Image Classification Method Based on Multi-scale Attention Mechanism [J]. Computer Science, 2024, 51(8): 160-167.
[10] WANG Qian, HE Lang, WANG Zhanqing, HUANG Kun. Road Extraction Algorithm for Remote Sensing Images Based on Improved DeepLabv3+ [J]. Computer Science, 2024, 51(8): 168-175.
[11] XIAO Xiao, BAI Zhengyao, LI Zekai, LIU Xuheng, DU Jiajin. Parallel Multi-scale with Attention Mechanism for Point Cloud Upsampling [J]. Computer Science, 2024, 51(8): 183-191.
[12] PU Bin, LIANG Zhengyou, SUN Yu. Monocular 3D Object Detection Based on Height-Depth Constraint and Edge Fusion [J]. Computer Science, 2024, 51(8): 192-199.
[13] ZHANG Junsan, CHENG Ming, SHEN Xiuxuan, LIU Yuxue, WANG Leiquan. Diversified Label Matrix Based Medical Image Report Generation [J]. Computer Science, 2024, 51(8): 200-208.
[14] WANG Chao, TANG Chao, WANG Wenjian, ZHANG Jing. Infrared Human Action Recognition Method Based on Multimodal Attention Network [J]. Computer Science, 2024, 51(8): 232-241.
[15] ZHANG Lu, DUAN Youxiang, LIU Juan, LU Yuxi. Chinese Geological Entity Relation Extraction Based on RoBERTa and Weighted Graph Convolutional Networks [J]. Computer Science, 2024, 51(8): 297-303.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.