基于深度学习的智能合约漏洞检测方法  被引量：6

作　　者：张铮 张星娜 吕卓 易龙杨 陈岑 杨文 常昊 王伟[2] ZHANG Zheng;ZHANG Xingna;LV Zhuo;YI Longyang;CHEN Cen;YANG Wen;CHANG Hao;WANG Wei(State Grid Henan Electric Power Research Institute,Zhengzhou 400052,P.R.China;Beijing Jiaotong University,Beijing 100044,P.R.China)

机构地区：[1]国网河南省电力公司电力科学研究院,郑州450052 [2]北京交通大学,北京100044

出　　处：《重庆邮电大学学报（自然科学版）》2022年第5期914-920,共7页Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)

基　　金：国家重点研发计划项目(2020YFB2103802,2020YFB1005604)。

摘　　要：以太坊是当下最流行的区块链平台之一,目前已部署数千万个智能合约,控制了价值数千亿美元的以太坊加密货币。由智能合约漏洞引起的安全事件层出不穷,资金损失尤为严重。针对当前智能合约漏洞检测率较低、检测性能不足的问题,提出了基于深度学习的智能合约漏洞检测方法。编译以太坊智能合约源码,解析其对应的字节码得到操作码数据流,根据以太坊黄皮书中操作码与16进制数的对应关系构建字典,将操作码数据流转化为用16进制数表示的操作码序列。通过对操作码序列进行分析,设计循环神经网络、长短期记忆神经网络和卷积神经网络-长短期记忆神经网络3种不同的深度学习网络结构进行漏洞检测。在真实环境中采集了47527个智能合约,针对智能合约6种漏洞的检测,卷积神经网络-长短期记忆神经网络模型的Macro-F1达到了82.1%。大量的实验结果表明,所提出的模型和方法可实现高效的智能合约漏洞检测。Ethereum has become one of the most popular blockchain platforms.Tens of millions of smart contracts have been deployed to control Ethereum’s cryptocurrency,which is worth hundreds of billions of dollars.Security incidents caused by smart contract vulnerabilities emerge in an endless stream,and capital losses are particularly serious.In order to secure smart contracts,this paper proposes a vulnerability detection method for smart contracts based on deep learning algorithms.First,we compile the source code of the Ethereum smart contracts,and parse the corresponding bytecode to obtain the opcode data stream.Then we build a dictionary based on the correspondence between the opcode and the hexadecimal value in the Ethereum Yellow Paper,and convert the opcode data stream into the operation code sequence represented by hexadecimal number.Second,through the analysis of the operation code sequence,three different deep learning network structures,namely,recurrent neural network,long short-term memory neural network,and convolutional neural network-long short-term memory neural network,are designed for vulnerability detection.Finally,we collect 47527 smart contracts in the wild.Extensive experiments are conducted on these smart contracts.In the detection of vulnerabilities with convolutional neural network-long short-term memory neural network,the Macro-F1 achieves 82.1%for six vulnerabilities.Experimental results demonstrate that the proposed models effectively detect vulnerability in smart contracts.

关 键 词：智能合约 深度学习 漏洞检测 以太坊 区块链 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]