A Novel Machine Learning-Based Analysis Model for Smart Contract Vulnerability

【Author】 Xu, Yingjie; Hu, Gengran; You, Lin; Cao, Chengtang

【Source】SECURITY AND COMMUNICATION NETWORKS

【Abstract】In recent years, a lot of vulnerabilities of smart contracts have been found. Hackers used these vulnerabilities to attack the corresponding contracts developed in the blockchain system such as Ethereum, and it has caused lots of economic losses. Therefore, it is very important to find out the potential problems of the smart contracts and develop more secure smart contracts. As blockchain security events have raised more important issues, more and more smart contract security analysis methods have been developed. Most of these methods are based on traditional static analysis or dynamic analysis methods. There are only a few methods that use emerging technologies, such as machine learning. Some models that use machine learning to detect smart contract vulnerabilities cost much time in extracting features manually. In this paper, we introduce a novel machine learning-based analysis model by introducing the shared child nodes for smart contract vulnerabilities. We build the Abstract-Syntax-Tree (AST) for smart contracts with some vulnerabilities from two data sets including SmartBugs and SolidiFI-benchmark. Then, we build the Abstract-Syntax-Tree (AST) of the labeled smart contract for data sets named Smartbugs-wilds. Next, we get the shared child nodes from both of the ASTs to obtain the structural similarity, and then, we construct a feature vector composed of the values that measure structural similarity automatically to build our machine learning model. Finally, we get a KNN model that can predict eight types of vulnerabilities including Re-entrancy, Arithmetic, Access Control, Denial of Service, Unchecked Low Level Calls, Bad Randomness, Front Running, and Denial of Service. The accuracy, recall, and precision of our KNN model are all higher than 90%. In addition, compared with some other analysis tools including Oyente and SmartCheck, our model has higher accuracy. In addition, we spent less time for training .

【Keywords】

【标题】一种新的基于机器学习的智能合约漏洞分析模型

【摘要】近年来，智能合约的许多漏洞被发现。黑客利用这些漏洞攻击了以太坊等区块链系统中开发的相应合约，造成了大量的经济损失。因此，发现智能合约的潜在问题，开发更安全的智能合约就显得尤为重要。随着区块链安全事件的不断涌现，智能合约的安全分析方法也越来越多。这些方法大多是基于传统的静态分析或动态分析方法。只有少数方法使用了新兴技术，比如机器学习。一些使用机器学习来检测智能合约漏洞的模型需要花费大量的时间来手动提取特征。本文通过引入智能合约漏洞的共享子节点，提出了一种新的基于机器学习的分析模型。本文从SmartBugs和solidfi -benchmark两个数据集构建了智能合约的抽象语法树(AST)。然后，我们为名为smartbugs -wild的数据集构建了标注智能契约的抽象语法树(AST)。接下来，我们从两个ast中获取共享的子节点来获得结构相似度，然后，我们自动构造一个由度量结构相似度的值组成的特征向量来构建我们的机器学习模型。最后，我们得到了一个KNN模型，该模型可以预测8种类型的漏洞，包括重入、算法、访问控制、拒绝服务、未检查的低级别调用、坏随机性、前端运行和拒绝服务。我们的KNN模型的准确率、召回率和精确度都高于90%。此外，与其他一些分析工具如Oyente和SmartCheck相比，我们的模型具有更高的准确性。此外，我们花在训练上的时间更少。

【发表时间】2021

【收录时间】2022-04-23

【文献类型】Article

【论文大主题】区块链监管

【论文小主题】智能合约监管

【期刊级别】SCI四区

【影响因子】1.968

【翻译者】王佳鑫