Abstract
With the rapid development of blockchain technology, smart contracts (SCs) applied in digital currency transactions have been widely used. However, SCs often have vulnerability in their code that allow criminals to exploit them to steal associated digital assets. Benefiting from the development of machine learning technology and the improvement of hardware performance, one can use deep learning techniques to analyze code and detect vulnerabilities. This paper proposes an innovative combination of opcode sequences and abstract syntax trees for source code parsing. And a method based on the combination of self-attention mechanism and bidirectional long-short term memory neural network is proposed to detect the vulnerability of SCs after word embedding. Experimentation results show that the two parsing methods can complement each other and effectively improve the accuracy of vulnerability detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tsai, W.-T., et al.: ChainNet. Oriental Publishing House, Beijing (2020)
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Feist, J., Greico, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE (2019)
Liu, H., Liu, C., Zhao, W., et al.: Smashing smart: towards semantic-aware security auditing for Ethereum smart contracts. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 814–819. IEEE (2018)
Mossberg, M., Manzano, F., Hennenfent, E., et al.: Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1186–1189. IEEE (2019)
Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in Ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)
Torres, C.F., Baden, M., Norvill, R., et al.: AEGIS: shielding vulnerable smart contracts against attacks (2020)
Rodler, M., Li, W., Karame, G.O., et al.: Sereum: protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018)
Jiang, B., Liu, Y., Chan, W.K.: Contractfuzzer: fuzzing smart contracts for vulnerability detection. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 259–269. IEEE (2018)
Ashizawa, N., Yanai, N., Cruz, J.P., et al.: Eth2Vec: learning contract-wide code representations for vulnerability detection on Ethereum smart contracts. In: Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure, pp. 47–59 (2021)
Le, Q., Mikolov, T.: Distributed representations of sentences and documents. In: International Conference on Machine Learning. PMLR, pp. 1188–1196 (2014)
Momeni, P., Wang, Y., Samavi, R.: Machine learning model for smart contracts security analysis. In: 2019 17th International Conference on Privacy, Security and Trust (PST), pp. 1–6. IEEE (2019)
Wang, W., Song, J., Xu, G., et al.: Contractward: automated vulnerability detection models for ethereum smart contracts. IEEE Trans. Netw. Sci. Eng. (2020)
Qian, P., Liu, Z., He, Q., et al.: Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access 8, 19685–19695 (2020)
Mikolov, T., Chen, K., Corrado, G., et al.: Efficient estimation of word representations in vector space. Comput. Sci. (2013)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Vaswani, A., Shazeer, N., Parmar, N., et al.: Attention is all you need. Adv. Neural Inf. Process. Syst. 30 (2017)
Sun, Y., Gu, L.: Attention-based machine learning model for smart contract vulnerability detection. J. Phys. Conf. Ser. 1820(1), 012004 (2021)
Zhuang, Y., Liu, Z., Qian, P., et al.: Smart contract vulnerability detection using graph neural network. In: IJCAI, pp. 3283–3290 (2020)
Liu, Z., Qian, P., Wang, X., et al.: Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Trans. Knowl. Data Eng. (2021)
Acknowledgment
This work is supported by Chinese Ministry of Science and Technology (Grant No. 2018YFB1402700).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hu, Z., Tsai, WT., Zhang, L. (2023). Smart-Contract Vulnerability Detection Method Based on Deep Learning. In: Qiu, M., Lu, Z., Zhang, C. (eds) Smart Computing and Communication. SmartCom 2022. Lecture Notes in Computer Science, vol 13828. Springer, Cham. https://doi.org/10.1007/978-3-031-28124-2_43
Download citation
DOI: https://doi.org/10.1007/978-3-031-28124-2_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28123-5
Online ISBN: 978-3-031-28124-2
eBook Packages: Computer ScienceComputer Science (R0)