基于语义与结构特征融合的整数溢出漏洞检测  被引量:2

Integer overflow vulnerability detection based on the fusion of semantics and structural features

在线阅读下载全文

作  者:林彦君 张龑 LIN Yanjun;ZHANG Yan(School of Cyberspace Security,Hubei University,Wuhan 430062,China;School of Computer Science and Information Engineering,Hubei University,Wuhan 430062,China)

机构地区:[1]湖北大学网络空间安全学院,湖北武汉430062 [2]湖北大学计算机与信息工程学院,湖北武汉430062

出  处:《湖北大学学报(自然科学版)》2024年第4期531-539,共9页Journal of Hubei University:Natural Science

基  金:国家自然科学基金(61977021)资助。

摘  要:针对传统智能合约漏洞检测方法对于源代码信息挖掘不充分的问题,本研究聚焦于智能合约最具代表性的整数溢出漏洞,提出一种语义和结构特征融合的智能合约漏洞检测方法。该方法首先通过智能合约的操作码序列获取漏洞的语义特征,然后构建合约的控制流程图,传入图注意力网络中进行训练,得到其特征表示。接着使用双向长短期记忆网络和注意力机制进行训练获得漏洞代码的上下文序列特征,并将提取的语义和结构特征相结合进行漏洞检测。实验结果表明,本文中提出的算法在数据集中的F_(1)分数和准确率分别为95.86%和95.08%,与其他传统检测方法相比有较明显的性能提升。Aiming at the problem that traditional smart contract vulnerability detection methods were not sufficient for source code information mining,we focused on one of the most representative vulnerabilities of smart contracts,namely integer overflow vulnerability,and proposed a smart contract vulnerability detection method that integrated semantic and structural features.In this method,the semantic features of vulnerabilities were obtained from the opcode sequence of smart contracts,and then the control flow diagram of the contract was constructed and trained into the graph attention network to obtain the feature representation.Then,the bidirectional long short-term memory network and attention mechanism were used to obtain the context sequence features of the vulnerability code,and the extracted semantic and structural features were combined for vulnerability detection.The experimental results show that the F_(1) score and accuracy of the proposed algorithm in the dataset are 95.86%and 95.08%,respectively,which has obvious performance improvement compared with other traditional detection methods.

关 键 词:整数溢出 智能合约 漏洞检测 深度学习 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象