基于本体推理的智能合约漏洞检测系统  被引量：2

作　　者：陈瑞翔 焦健[1] 王若华 CHEN Ruixiang;JIAO Jian;WANG Ruohua(College of Computer Science,Beijing Information Science and Technology University,Beijing 100101,China;Liupanshui Company of China Telecom Co.Ltd.,Liupanshui,Guizhou 553001,China)

机构地区：[1]北京信息科技大学计算机学院,北京100101 [2]中国电信股份有限公司六盘水分公司,贵州六盘水553001

出　　处：《计算机科学》2023年第10期336-342,共7页Computer Science

基　　金：国家自然科学基金(61872044)。

摘　　要：随着区块链的不断发展,基于以太坊的智能合约越发受到各界的广泛关注,但随之而来的是其面临着更多的安全威胁。针对以太坊智能合约的安全问题,出现了各种漏洞检测方法,如符号执行、形式化验证、深度学习等,但现有的检测方法能检测到的漏洞类型大多不全面,缺乏可解释性。针对这些问题,设计并实现了针对Solidity高级语言层面的基于本体推理的智能合约漏洞检测系统。该系统先把智能合约源码解析为抽象语法树,再进行合约信息抽取,利用抽取到的数据信息构建智能合约漏洞检测本体,并使用推理机进行本体推理。实验选取了其他检测工具与本系统进行对比,并使用这几种工具对100份智能合约样本进行检测。实验结果表明,所提系统的检测效果良好,能检测多种类型的智能合约漏洞,并能给出其漏洞的相关信息。Withthe development of the blockchain,smart contract based on Ethereum has attracted more and more attention from all walks of life,but it has also faced more security threats.For the security problems of Ethereum smart contracts,various vulnerability detection methods have emerged,such as symbolic execution,formal verification,deep learning and other technologies.However,most of the existing methods have incomplete detection types and lack interpretability.To solve these problems,a smart contract vulnerability detection system based on ontology reasoning for Solidity high-level language level is designed and implemented.The smart contract vulnerability source code is parsed into an abstract syntax tree,and the information is extracted.The extracted information is used to construct the vulnerability detection ontology,and the reasoning engine is used to infer the ontology vulnerability.In the experiment,other detection tools are selected to compare with this system,and these tools are used to detect 100 intelligent combined source samples.The results show that the system has a good detection effect,it can detect various types of smart contract loopholes and can give the information about the cause of the vulnerability.

关 键 词：智能合约 漏洞检测 以太坊 区块链 本体推理 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]