Reentrancy Vulnerability Detection Method in Smart Contracts #br#
Based on Hybrid Model and Attention Mechanism#br#

Abstract

Abstract: Addressing the challenges of low efficiency and accuracy in reentrancy vulnerability detection by traditional smart contract vulnerability detection tools and single deep learning models, this paper proposes a reentrancy vulnerability detection method based on hybrid model and attention mechanism (CNNBiLSTMATT). Firstly, data processing is performed using the Word2vec model to obtain feature vectors. Secondly, these vectors undergo processing through a combination of convolutional neural network (CNN) and bidirectional long shortterm memory (BiLSTM) networks to extract features. The attention mechanism then assigns weights to highlight key features. Finally, a fully connected layer and Softmax classifier are utilized to classify the generated results, enabling reentrancy vulnerability detection in smart contracts. The experimental results demonstrate that compared with the traditional tools and deep learning methods, the method based on CNNBiLSTMATT proposed in this paper has been greatly improved in reentrant vulnerability detection. The accuracy, precision, recall rate and F1 value reached 92.53%, 93.27%, 91.73% and 92.5% respectively, confirming the effectiveness of the proposed method.

Key words: smart contract, reentrancy vulnerability, vulnerability detection, hybrid model, attention mechanism

摘要： 针对传统智能合约漏洞检测工具和单一深度学习模型对重入漏洞检测效率和精确率低等问题，提出了一种基于混合模型和注意力机制的重入漏洞检测方法(CNNBiLSTMATT).首先，使用单词嵌入模型(Word2vec)进行数据处理并得到特征向量；然后，将处理后的特征向量通过卷积神经网络(CNN)和双向长短期记忆网络(BiLSTM)相结合的方法进行特征提取，并通过注意力机制赋予权重以突出关键特征；最后，采用全连接层和Softmax分类器对生成的结果进行分类，实现智能合约的重入漏洞检测.实验结果表明，与传统工具和深度学习方法相比，基于CNNBiLSTMATT的方法在重入漏洞检测方面有较大的提升，准确率、精确率、召回率和F1值分别达到了92.53%，93.27%，91.73%，92.5%，证明该方法的有效性.

关键词: 智能合约, 重入漏洞, 漏洞检测, 混合模型, 注意力机制

CLC Number:

TP309

沈学利, 李明峰, . 基于混合模型和注意力机制的智能合约重入漏洞检测方法[J]. 信息安全研究, 2024, 10(11): 1056-.

References

［1］Szabo N. Formalizing and securing relationships on public networks［J］. First Monday, 1997, 2(9): 121［2］Nakamoto S. Bitcoin: A peertopeer electronic cash system［JOL］. 2008 ［20230615］. http:dx.doi.org［3］Buterin V. A nextgeneration smart contract and decentralized application platform［JOL］. 2014 ［20240920］. https:ethereum.orgcontentwhitepaperwhitepaperpdfEthereum_Whitepaper__Buterin_2014.pdf［4］Liao J, Tsai T T, He C K, et al. SoliAudit: Smart vontract vulnerability assessment based on machine learning and fuzz testing［C］ Proc of the 6th Int Conf on Internet of Things: Systems, Management and Security. Piscataway, NJ: IEEE, 2019: 458465［5］Liu J, Liu Z. Asurvey on security verification of blockchain smart contracts［J］. IEEE Access, 2019, 7: 7789477904［6］陈乔松, 何小阳, 许文杰, 等. 基于预训练技术和专家知识的重入漏洞检测［J］. 计算机科学, 2022, 49(S2): 713720［7］沈传年. 智能合约安全漏洞研究现状［J］. 信息安全研究, 2023, 9(12): 11661172［8］Zhang L, Chen W, Wang W, et al. CBGRU: A detection method of smart contract vulnerability based on a hybrid model［J］. Sensors, 2022, 22(9): 3577［9］Luu L, Chu D H, Olickel H, et al. Making smart contracts smarter［C］ Proc of the 2016 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 254269［10］Tsankov P, Dan A, Drachsler C D, et al. Securify: Practical security analysis of smart contracts［C］ Proc of the 2018 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2018: 6782［11］Mueller B. Mythril: A framework for bug hunting on the ethereum blockchain［EBOL］. (20170711) ［20230615］. https:mythx.io［12］Feist J, Grieco G, Groce A. Slither: Astatic analysis framework for smart contracts［C］ Proc of the 2nd IEEEACM Int Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). Piscataway, NJ: IEEE, 2019: 815［13］Tikhomirov S, Voskresenskaya E, Ivanitskiy I, et al. SmartCheck: Static analysis of ethereum smart contracts［C］ Proc of the 1st Int Workshop on Emerging Trends in Software Engineering for Blockchain. New York: ACM, 2018: 916［14］Jiang B, Liu Y, Chan W K. ContractFuzzer: Fuzzing smart contracts for vulnerability detection［C］ Proc of the 33rd IEEEACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2018: 259269［15］Li Z, Zou D, Xu S,et al. VulDeePecker: A deep learningbased system for vulnerability detection［J］. arXiv preprint, arXiv:1801.01681, 2018［16］Harer J A, Kim L Y, Russell R L, et al. Automated software vulnerability detection with machine learning［J］. arXiv preprint, arXiv:1803.04497, 2018［17］Cao S, Sun X, Bo L, et al. BGNN4VD: Constructing bidirectional graph neuralnetwork for vulnerability detection［J］. Information and Software Technology, 2021, 136: 106567［18］Yu X, Zhao H, Hou B, et al. DeeSCVHunter: A deep learningbased framework for smart contract vulnerability detection［C］ Proc of the 2021 Int Joint Conf on Neural Networks (IJCNN). Piscataway, NJ: IEEE, 2021: 18［19］Qian P, Liu Z, He Q, et al. Towards automated reentrancy detection for smart contracts based on sequential models［J］. IEEE Access, 2020, 8: 1968519695［20］Goldberg Y, Levy O. Word2vec Explained: Deriving Mikolov et al.’s negativesampling wordembedding method［J］. arXiv preprint, arXiv:1402.3722, 2014［21］张光华, 刘永升, 王鹤, 等. 基于BiLSTM和注意力机制的智能合约漏洞检测方案［J］. 信息网络安全, 2022, 22(9): 4654［22］Wang Y, Li L. Sentiment analysis using Word2vecCNNBiLSTM classification［C］ Proc of the 7th Int Conf on Social Networks Analysis, Management and Security (SNAMS). Piscataway, NJ: IEEE, 2020: 15［23］Durieux T, Ferreira J F, Abreu R, et al. Empiricalreview of automated analysis tools on 47,587 Ethereum smart contracts［C］ Proc of the 42nd ACMIEEE Int Conf on Software Engineering. New York: ACM, 2020: 530541［24］Durieux T, Madeiral F, Martinez M, et al. Empirical review of Java program repair tools: A largescale experiment on 2,141 bugs and 23,551 repair attempts［C］ Proc of the 27th ACM Joint Meeting on European Software Engineering Conf and Symp on the Foundations of Software Engineering. New York: ACM, 2019: 302313［25］Qiao S, Han N, Huang J,et al. A dynamic convolutional neural network based sharedbike demand forecasting model［J］. ACM Trans on Intelligent Systems and Technology, 2021, 12(6): 124［26］Abadi M, Agarwal A, Barham P, et al. TensorFlow: Largescale machine learning on heterogeneous distributed systems［J］. arXiv preprint, arXiv:1603.04467, 2016

[1]	. A Web Vulnerability Detection Solution Integrating LSTM for Directory Acquisition [J]. Journal of Information Security Reserach, 2024, 10(9): 824-.
[2]	. Image Processing Model Watermarking Method Based on #br# Attention Mechanism and Passport Layer Embedding#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 849-.
[3]	. Research on Data Security Sharing Technology Based on Blockchain and Proxy Re-encryption [J]. Journal of Information Security Reserach, 2024, 10(8): 719-.
[4]	. Sealed Bid Auction Scheme Based on Non-fungible Tokens [J]. Journal of Information Security Reserach, 2024, 10(8): 738-.
[5]	. A Traceable Encryption Scheme for Medical Data Based on Smart Contract and Fog Computing [J]. Journal of Information Security Reserach, 2024, 10(6): 554-.
[6]	. Enhanced Malware Sample Generation Scheme Based on Convolution Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(5): 431-.
[7]	. Source Code Vulnerability Detection Based on Fewshot Learning#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(5): 440-.
[8]	. Research on Source Code Vulnerability Detection Based on BERT Model [J]. Journal of Information Security Reserach, 2024, 10(4): 294-.
[9]	. A Network Intrusion Detection Model Integrating CNN-BiGRU and Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(3): 202-.
[10]	. Blockchainbased Multifactor Crossdomain Authentication Scheme for IoV [J]. Journal of Information Security Reserach, 2024, 10(11): 1074-.
[11]	. Exploration of a New Model of Blockchain Technology Credit Investigation for Small and Micro Enterprises [J]. Journal of Information Security Reserach, 2023, 9(8): 814-.
[12]	. A Mechanism Design for Compliance and Trusted Circulation of Data [J]. Journal of Information Security Reserach, 2023, 9(7): 618-.
[13]	. Image Steganalysis Method Based on Multiattention Mechanism and Siamese Network [J]. Journal of Information Security Reserach, 2023, 9(6): 573-.
[14]	. Research on the Trusted Identity Scheme of Internet of Vehicles Based on Blockchain Oracle [J]. Journal of Information Security Reserach, 2023, 9(2): 120-.
[15]	. Research Status of Smart Contract Security Vulnerabilities#br# #br# [J]. Journal of Information Security Reserach, 2023, 9(12): 1166-.

Reentrancy Vulnerability Detection Method in Smart Contracts #br# Based on Hybrid Model and Attention Mechanism#br#

基于混合模型和注意力机制的智能合约重入漏洞检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics