摘要
针对传统智能合约漏洞检测方法对于源代码信息挖掘不充分的问题,本研究聚焦于智能合约最具代表性的整数溢出漏洞,提出一种语义和结构特征融合的智能合约漏洞检测方法。该方法首先通过智能合约的操作码序列获取漏洞的语义特征,然后构建合约的控制流程图,传入图注意力网络中进行训练,得到其特征表示。接着使用双向长短期记忆网络和注意力机制进行训练获得漏洞代码的上下文序列特征,并将提取的语义和结构特征相结合进行漏洞检测。实验结果表明,本文中提出的算法在数据集中的F_(1)分数和准确率分别为95.86%和95.08%,与其他传统检测方法相比有较明显的性能提升。
Aiming at the problem that traditional smart contract vulnerability detection methods were not sufficient for source code information mining,we focused on one of the most representative vulnerabilities of smart contracts,namely integer overflow vulnerability,and proposed a smart contract vulnerability detection method that integrated semantic and structural features.In this method,the semantic features of vulnerabilities were obtained from the opcode sequence of smart contracts,and then the control flow diagram of the contract was constructed and trained into the graph attention network to obtain the feature representation.Then,the bidirectional long short-term memory network and attention mechanism were used to obtain the context sequence features of the vulnerability code,and the extracted semantic and structural features were combined for vulnerability detection.The experimental results show that the F_(1) score and accuracy of the proposed algorithm in the dataset are 95.86%and 95.08%,respectively,which has obvious performance improvement compared with other traditional detection methods.
作者
林彦君
张龑
LIN Yanjun;ZHANG Yan(School of Cyberspace Security,Hubei University,Wuhan 430062,China;School of Computer Science and Information Engineering,Hubei University,Wuhan 430062,China)
出处
《湖北大学学报(自然科学版)》
CAS
2024年第4期531-539,共9页
Journal of Hubei University:Natural Science
基金
国家自然科学基金(61977021)资助。
关键词
整数溢出
智能合约
漏洞检测
深度学习
integer overflow
smart contracts
vulnerability detection
deep learning
