Abstract
Smart contracts are decentralized applications running on the blockchain to meet various practical scenario demands. The increasing number of security events regarding smart contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on the blockchain. Faced with the increasing quantity of contracts, it is an emerging issue to effectively and efficiently detect vulnerabilities in smart contracts. Existing methods of detecting vulnerabilities in smart contracts like Oyente mainly employ symbolic execution. This method is very time-consuming, as the symbolic execution requires the exploration of all executable paths in a contract. In this work, we propose an efficient model for the detection of vulnerabilities in Ethereum smart contracts with machine learning techniques. The model is able to effectively and fast detect vulnerabilities based on the patterns learned from training samples. Our model is evaluated on 49502 real-world smart contracts and the results verify its effectiveness and efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ethereum Official Website. https://etherscan.io. Accessed 14 July 2019
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts. IACR Cryptol. ePrint Arch. 2016, 1007 (2016)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint. arXiv:1809.03981 (2018)
Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Pap. 3, 37 (2014)
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)
Chen, T., et al.: Towards saving money in using smart contracts. In: 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER), pp. 81–84. IEEE (2018)
Cover, T.M., Hart, P., et al.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21–27 (1967)
Dannen, C.: Introducing Ethereum and Solidity. Springer, Berlin (2017). https://doi.org/10.1007/978-1-4842-2535-6
Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10
He, N., Wu, L., Wang, H., Guo, Y., Jiang, X.: Characterizing code clones in the Ethereum smart contract ecosystem. arXiv preprint. arXiv:1905.00272 (2019)
Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217. IEEE (2018)
Jiang, B., Liu, Y., Chan, W.: ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269. ACM (2018)
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS (2018)
Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Future Gener. Comput. Syst. (2017)
Lin, I.C., Liao, T.C.: A survey of blockchain security issues and challenges. IJ Netw. Secur. 19(5), 653–659 (2017)
Liu, X., Liu, J., Zhu, S., Wang, W., Zhang, X.: Privacy risk analysis and mitigation of analytics libraries in the android ecosystem. IEEE Trans. Mobile Comput. (2019)
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)
Nakamoto, S., et al.: Bitcoin: a peer-to-peer electronic cash system (2008)
Praitheeshan, P., Pan, L., Yu, J., Liu, J., Doss, R.: Security analysis methods on Ethereum smart contract vulnerabilities: a survey. arXiv preprint. arXiv:1908.08605 (2019)
Suykens, J.A., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)
Wang, W., Guan, X., Zhang, X.: Processing of massive audit data streams for real-time anomaly intrusion detection. Comput. Commun. 31(1), 58–72 (2008). https://doi.org/10.1016/j.comcom.2007.10.010
Wang, W., Guyet, T., Quiniou, R., Cordier, M., Masseglia, F., Zhang, X.: Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowl.-Based Syst. 70, 103–117 (2014)
Wang, W., Li, Y., Wang, X., Liu, J., Zhang, X.: Detecting android malicious apps and categorizing benign apps with ensemble of classifiers. Future Gener. Comput. Syst. 78, 987–994 (2018)
Wang, W., Shang, Y., He, Y., Li, Y., Liu, J.: BotMark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf. Sci. 511, 284–296 (2020)
Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)
Wang, W., Zhao, M., Wang, J.: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J. Ambient Intell. Humaniz. Comput. 10(8), 3035–3043 (2019)
Wang, X., Wang, W., He, Y., Liu, J., Han, Z., Zhang, X.: Characterizing android apps’ behavior for effective detection of malapps at large scale. Future Gener. Comput. Syst. 75, 30–45 (2017)
Acknowledgements
The work reported in this paper was supported in part by Natural Science Foundation of China, under Grant U1736114.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Song, J., He, H., Lv, Z., Su, C., Xu, G., Wang, W. (2019). An Efficient Vulnerability Detection Model for Ethereum Smart Contracts. In: Liu, J., Huang, X. (eds) Network and System Security. NSS 2019. Lecture Notes in Computer Science(), vol 11928. Springer, Cham. https://doi.org/10.1007/978-3-030-36938-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-36938-5_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36937-8
Online ISBN: 978-3-030-36938-5
eBook Packages: Computer ScienceComputer Science (R0)