摘要
智能合约在多个领域均取得了显著进展,而确保其安全性和可靠性显得尤为关键,这能够有效防范潜在的财务损失风险。鉴于智能合约具有不可篡改的特性,在其部署前开展漏洞检测至关重要。尽管已有很多漏洞检测工具,但它们大多依赖于静态的方法和预定义好的规则,并且检测过程需要大量时间。鉴于此,提出一种基于漏洞关键代码和深度学习框架的智能合约漏洞检测模型。该方法使用抽象语法树构建具有完整语义结构信息的漏洞关键代码,以增加表达漏洞特征的能力。并且,采用可拓展的深度学习特征提取模型,包括LSTM、GRU、Bi-LSTM和Bi-LSTM-Atten,以提高智能合约漏洞检测性能。针对以太坊智能合约重入漏洞的真实数据集进行训练和测试,实验结果显示,该方法优于常用的Mythril、Oyent、Smartcheck、TMP、CGE、DeeSCVH等6种方法,准确率达94.32%,F1分数达88.69%。研究表明,漏洞关键代码显著增强了该模型检测效果,提升了漏洞检测效率。
syntax trees to construct vulnerability key codes with complete semantic structure information to in⁃crease the ability to express vulnerability features.And it uses extensible deep learning feature extraction models,including LSTM,GRU,Bi-LSTM and Bi-LSTM-Atten,to improve the performance of smart contract vulnerability detection.Training and testing are performed on a real dataset of Ethernet smart contract reentry vulnerabilities,and the experimental results show that this paper's method outperforms six common⁃ly used methods,including Mythril,Oyent,Smartcheck,TMP,CGE,and DeeSCVH,and achieves an accuracy rate of 94.32%and an F1 score of 88.69%.The research shows that the vulnerability critical code has significantly enhanced the detection performance of this model,and the efficiency of vulnerability detection has been improved.
作者
彭涛
吴胜
PENG Tao;WU Sheng(School of Computer Science and Technology,Jiangsu Normal University,Xuzhou 221116,China)
出处
《软件导刊》
2026年第2期110-118,共9页
Software Guide
基金
江苏师范大学研究生科研与实践创新计划项目(2024XKT2599)。
关键词
智能合约
漏洞检测
漏洞关键代码
深度学习
漏洞特征
smart contracts
vulnerability detection
vulnerability critical code
deep learning
vulnerability characterization
