清晨好,您是今天最早来到科研通的研友!由于当前在线用户较少,发布求助请尽量完整的填写文献信息,科研通机器人24小时在线,伴您科研之路漫漫前行!

Fine-grained smart contract vulnerability detection by heterogeneous code feature learning and automated dataset construction

智能合约 脆弱性(计算) 抽象语法树 特征(语言学) 编码(集合论) 计算机科学 人工智能 深度学习 语法 图形 机器学习 源代码 计算机安全 理论计算机科学 程序设计语言 集合(抽象数据类型) 哲学 语言学 数据库事务
作者
Jie Cai,Bin Li,Tao Zhang,Jiale Zhang,Xiaobing Sun
出处
期刊:Journal of Systems and Software [Elsevier]
卷期号:209: 111919-111919 被引量:3
标识
DOI:10.1016/j.jss.2023.111919
摘要

Recently, several deep learning based smart contract vulnerability detection approaches have been proposed. However, challenges still exist in applying deep learning for fine-grained vulnerability detection in smart contracts, including the lack of the dataset with sufficient statement-level labeled smart contract samples and neglect of heterogeneity between syntax and semantic features during code feature learning. To utilize deep learning for fine-grained smart contract vulnerability detection, we propose a security best practices (SBP) based dataset construction approach to address the scarcity of datasets. Moreover, we propose a syntax-sensitive graph neural network to address the challenge of heterogeneous code feature learning. The dataset construction approach is motivated by the insight that smart contract code fragments guarded by security best practices may contain vulnerabilities in their original unguarded code form. Thus, we locate and strip security best practices from the smart contract code to recover its original vulnerable code form and perform sample labeling. Meanwhile, as the heterogeneity between tree-structured syntax features embodied inside the abstract syntax tree (AST) and graph-structured semantic features reflected by relations between statements, we propose a code graph whose nodes are each statement's AST subtree with a syntax-sensitive graph neural network that enhances the graph neural network by a child-sum tree-LSTM cell to learn these heterogeneous features for fine-grained smart contract vulnerability detection. We compare our approach with three state-of-the-art deep learning-based approaches that only support contract-level vulnerability detection and two popular static analysis-based approaches that support fine detection granularity. The experiment results show that our approach outperforms the baselines at both coarse and fine granularities. In this paper, we propose utilizing security best practices inside the smart contract code to construct the dataset with statement-level labels. To learn both tree-structured syntax and graph-structured semantic code features, we propose a syntax-sensitive graph neural network. The experimental results show that our approach outperforms the baselines.
最长约 10秒,即可获得该文献文件

科研通智能强力驱动
Strongly Powered by AbleSci AI
更新
大幅提高文件上传限制,最高150M (2024-4-1)

科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
阳光老人完成签到 ,获得积分10
34秒前
iorpi完成签到,获得积分10
1分钟前
ranj完成签到,获得积分10
1分钟前
Eri_SCI完成签到 ,获得积分10
1分钟前
1分钟前
张铭杰发布了新的文献求助10
2分钟前
Nan发布了新的文献求助10
2分钟前
宇文非笑完成签到 ,获得积分10
2分钟前
善学以致用应助lijiauyi1994采纳,获得10
2分钟前
Hiram完成签到,获得积分10
3分钟前
xiewuhua完成签到,获得积分10
3分钟前
3分钟前
Nan发布了新的文献求助10
3分钟前
慕青应助mashibeo采纳,获得30
3分钟前
方白秋完成签到,获得积分10
3分钟前
3分钟前
4分钟前
共享精神应助科研通管家采纳,获得10
4分钟前
川藏客完成签到 ,获得积分10
6分钟前
桐桐应助tu采纳,获得10
6分钟前
6分钟前
lijiauyi1994发布了新的文献求助10
6分钟前
and999完成签到,获得积分10
7分钟前
lijiauyi1994完成签到,获得积分10
7分钟前
brown完成签到,获得积分10
7分钟前
肆肆完成签到,获得积分10
8分钟前
mashibeo发布了新的文献求助30
8分钟前
SCI完成签到,获得积分10
9分钟前
CipherSage应助常证明采纳,获得10
9分钟前
SPUwangshunfeng完成签到,获得积分10
9分钟前
9分钟前
9分钟前
tu发布了新的文献求助10
9分钟前
常证明发布了新的文献求助10
10分钟前
jhlz5879完成签到 ,获得积分10
10分钟前
坦率妖丽发布了新的文献求助10
10分钟前
子月之路发布了新的文献求助10
11分钟前
FashionBoy应助猫不吃狗粮采纳,获得10
12分钟前
华仔应助猫不吃狗粮采纳,获得10
12分钟前
moufei应助七街采纳,获得50
14分钟前
高分求助中
좌파는 어떻게 좌파가 됐나:한국 급진노동운동의 형성과 궤적 2500
Sustainability in Tides Chemistry 1500
TM 5-855-1(Fundamentals of protective design for conventional weapons) 1000
Cognitive linguistics critical concepts in linguistics 800
Threaded Harmony: A Sustainable Approach to Fashion 799
Livre et militantisme : La Cité éditeur 1958-1967 500
氟盐冷却高温堆非能动余热排出性能及安全分析研究 500
热门求助领域 (近24小时)
化学 医学 生物 材料科学 工程类 有机化学 生物化学 物理 内科学 纳米技术 计算机科学 化学工程 复合材料 基因 遗传学 催化作用 物理化学 免疫学 量子力学 细胞生物学
热门帖子
关注 科研通微信公众号,转发送积分 3052569
求助须知:如何正确求助?哪些是违规求助? 2709826
关于积分的说明 7418217
捐赠科研通 2354370
什么是DOI,文献DOI怎么找? 1245935
科研通“疑难数据库(出版商)”最低求助积分说明 605951
版权声明 595921