Abstract
The paper is devoted to methods of detecting vulnerabilities of smart contracts using machine learning. The purpose of the study is to improve the accuracy of detecting the reentrancy vulnerability of smart contracts by implementing new machine learning models. A thorough analysis of the current literature was performed and the shortcomings of the existing tools for detecting vulnerabilities of smart contracts were identified. In particular, insufficient accuracy and low adaptability of existing models to new vulnerabilities were noted. To solve these problems, a new model based on a kind of recurrent neural networks with a gating mechanism, namely a bidirectional GRU with an attention mechanism, was proposed to detect the reentrancy vulnerability at the Solidity code level. Using the Word2vec model, the source code of smart contracts was transformed into an array of vectors and used as input to the neural network. Precision, recall and F-beta score were used to evaluate the developed model. 500 smart contract source codes from the Ethereum blockchain were used to train the model, 250 of which had the reentrancy vulnerability. The constructed model was compared with Simple RNN, LSTM, BLSTM, BGRU and BLSTM-ATT models. The obtained results showed that the developed model is ahead of the listed models. The closest values of the metrics were obtained by the BLSTM-ATT model, while the developed BGRU-ATT model uses significantly fewer parameters that need to be optimized, which reduces the training time of the model to detect new vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, Bitcoin (2009). https://bitcoin.org/bitcoin.pdf
Zheng, Z.: An overview of blockchain technology: architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data (BigData Congress), pp. 557–564. Boston (2017)
Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 442–446. IEEE, Austria (2017)
Chen, W., et al.: Detecting Ponzi schemes on Ethereum: towards healthier blockchain technology. In: Proceedings of the 2018 World Wide Web Conference, pp. 1409–1418. (2018)
Cho, K., Merrienboer, V., Gulcehre, C.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language, pp. 1724–1734, Doha (2014). https://doi.org/10.48550/arXiv.1406.1078
Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. In: 25th Annual Network and Distributed System Security Symposium, San Diego (2018). https://doi.org/10.14722/ndss.2018.23158
Mou, L., Li, G., Jin, Z.: TBCNN: a tree-based convolutional neural network for programming language processing. In: AAAI 2016: Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence, pp. 1287–1293 (2016)
Yuhang, S., Lize, G.: Attention-based machine learning model for smart contract vulnerability detection. In: Journal of Physics: Conference Series (2021)
Peng, Q., Zhenguang, L., Qinming, H., Zimmermann, R., Wang, Z.: Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access 8, 19685–19695 (2020). https://doi.org/10.1109/ACCESS.2020.2969429
Cahuantzi, R., Chen, X., Güttel, S.: A comparison of LSTM and GRU networks for learning symbolic sequences (2021)
Manoj, P.: Most common smart contract bugs of 2020. Solidified (2020). https://medium.com/solidified/most-common-smart-contract-bugs-of-2020-c1edfe9340ac
Tikhomirov, S., et al.: SmartCheck: static analysis of Ethereum smart contracts. In: IEEE 1st International Workshop on Computer Society, pp. 9–16. IEEE, Gothenburg (2018)
Komleva, N.O., Tereshchenko, O.I.: Requirements for the development of smart contracts and an overview of smart contract vulnerabilities at the solidity code level on the Ethereum platform. Herald Adv. Inf. Technol. 6(1), 54–68 (2023). https://doi.org/10.15276/hait.06.2023.4
Hajdu, A., Jovanovic, D.: Solc-verify: a modular verifier for solidity smart contracts. In: Chakraborty, S., Navas, J.A. (eds.) VSTTE 2019. LNCS, vol. 12031, pp. 161–179. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41600-3_11
Wisam, A., Musa, M., Bilal, I.: An overview of bag of words; importance, implementation, applications, and challenges. In: 2019 International Engineering Conference (IEC), pp. 200−204. Erbil (2019). https://doi.org/10.1109/IEC47844.2019.8950616
Cavnar, W., Trenkle, J.: N-Gram-based text categorization. In: Proceedings of the Third Annual Symposium on Document Analysis and Information Retrieval (2001)
Sherstinsky, A.: Fundamentals of recurrent neural network (RNN) and long short-term memory (LSTM) network. In: Physica D: Nonlinear Phenomena, vol. 404 (2020). https://doi.org/10.1016/j.physd.2019.132306
Junyoung, C., Caglar, G., KyungHyun, C., Yoshua, B.: Empirical evaluation of gated re-current neural networks on sequence modeling. In: NIPS 2014 Deep Learning and Repre-sentation Learning Workshop (2014). https://doi.org/10.48550/arXiv.1412.3555
Soydaner, D.: Attention mechanism in neural networks: where it comes and where it goes. Neural Comput. Appl. 34, 13371–13385 (2022). https://doi.org/10.1007/s00521-022-07366-3
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: The Network and Distributed System Security Symposium, California (2018). https://doi.org/10.14722/ndss.2018.23082
Ferreira, J., Cruz, P., Durieux, T., Abreu, R.: SmartBugs: a framework to analyze solidity smart contracts. In: 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020). Melbourne (2020). https://doi.org/10.48550/arXiv.2007.04771
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tereshchenko, O., Komleva, N. (2023). Vulnerability Detection of Smart Contracts Based on Bidirectional GRU and Attention Mechanism. In: Antoniou, G., et al. Information and Communication Technologies in Education, Research, and Industrial Applications. ICTERI 2023. Communications in Computer and Information Science, vol 1980. Springer, Cham. https://doi.org/10.1007/978-3-031-48325-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-48325-7_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-48324-0
Online ISBN: 978-3-031-48325-7
eBook Packages: Computer ScienceComputer Science (R0)