DeeSCVHunter: A Deep Learning-Based Framework for Smart Contract Vulnerability Detection

Yu, Xingxin; Zhao, Haoyue; Hou, Botao; Ying, Zonghao; Wu, Bin

doi:10.1109/ijcnn52387.2021.9534324

Cited by 47 publications

(27 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These results show how the suggested SCSVM method may successfully improve the precision and effectiveness of vulnerability identification while reducing the security concerns connected with smart contracts. Besides, we also compare the SCSVM method with other deep learning methods, such as DeeSCVHunter [36], DA-GCN [37], and DR-GCN [38], to further thesis the effectiveness of the SCSVM method. The SCSVM method also shows more excellent detection results compared to three deep learning methods such as DeeSCVHunter, DA-GCN, and DR-GCN in terms of four aspects: accuracy, precision, recall, and F1-score analysis.…”

Section: ) Performance Comparison and Results Analysismentioning

confidence: 99%

Improvement and Optimization of Vulnerability Detection Methods for Ethernet Smart Contracts

Yang

Zhu

2023

IEEE Access

View full text Add to dashboard Cite

Smart contracts based on blockchain are widely used in finance, management, Internet of Things, healthcare, and other fields. However, with the rapid development of smart contracts, the corresponding security vulnerability attack cases occur frequently. Existing Ethereum smart contract vulnerability detection tools based on static analysis techniques rely too much on expert rules, for this reason, this paper proposes an Ethereum smart contract vulnerability detection method SCSVM based on support vector machine technology. A representation of smart contracts is constructed based on the word-to-vector technique, the features of Ethereum smart contracts are extracted based on the support vector machine technique, and these features are combined to identify vulnerabilities. Experiments on Smartbugs and Smartbugs-wild show that SCSVM is significantly effective. It achieves a detection accuracy of 87.51%, outperforming five typical static analysis vulnerability detection tools in terms of F1-score. To alleviate the problems of deep learning methods over-relying on large-scale data to train models and collecting a large number of smart contract attack samples in a short period, this paper proposes a basic learner-meta-learner framework, SCLMF. solc-based acquisition of the bytecode of Ethereum smart contract Solidity, on which smart contract representations are constructed via Python and the use of SCLMF for vulnerability detection. The experiments on WScrawlD show that SCLMF has a certain detection effect. Also, to further verify the effectiveness of SCLMF, experiments were conducted on Omniglot, and the detection accuracy was 96.7% and 98.5% under 5-way 1-shot and 5-way 5-shot conditions, respectively, which exceeded Memory-Augmented Neural Networks and CONVOLUTIONAL SIAMESE NETS. In summary, the experiments proved the effectiveness of SCSVM and SCLMF in Ethereum smart contract vulnerability detection.

show abstract

Section: ) Performance Comparison and Results Analysismentioning

confidence: 99%

Improvement and Optimization of Vulnerability Detection Methods for Ethernet Smart Contracts

Yang

Zhu

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Traditional smart contract vulnerability detection tools mostly rely on fixed detection rules, while vulnerability detection methods that incorporate deep learning techniques avoid this problem. Yu et al proposed DeeSCVHunter, a deep learning-based framework for the automatic detection of smart contract vulnerabilities, and they proposed the novel notion of Vulnerability Candidate Slice (VCS) to help models capture the key point of vulnerability [32]. The study provided us with research ideas by helping the model capture the key points of vulnerability.…”

Section: Existing Methods For Detecting Smart Contract Vulnerabilitiesmentioning

confidence: 99%

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

Zhang

Jin³

et al. 2022

Sensors

View full text Add to dashboard Cite

With countless devices connected to the Internet of Things, trust mechanisms are especially important. IoT devices are more deeply embedded in the privacy of people’s lives, and their security issues cannot be ignored. Smart contracts backed by blockchain technology have the potential to solve these problems. Therefore, the security of smart contracts cannot be ignored. We propose a flexible and systematic hybrid model, which we call the Serial-Parallel Convolutional Bidirectional Gated Recurrent Network Model incorporating Ensemble Classifiers (SPCBIG-EC). The model showed excellent performance benefits in smart contract vulnerability detection. In addition, we propose a serial-parallel convolution (SPCNN) suitable for our hybrid model. It can extract features from the input sequence for multivariate combinations while retaining temporal structure and location information. The Ensemble Classifier is used in the classification phase of the model to enhance its robustness. In addition, we focused on six typical smart contract vulnerabilities and constructed two datasets, CESC and UCESC, for multi-task vulnerability detection in our experiments. Numerous experiments showed that SPCBIG-EC is better than most existing methods. It is worth mentioning that SPCBIG-EC can achieve F1-scores of 96.74%, 91.62%, and 95.00% for reentrancy, timestamp dependency, and infinite loop vulnerability detection.

show abstract

“…Yu et al 21 developed the first systematic and modular framework for smart contract vulnerability detection based on deep learning. They introduced the concept of Vulnerability Candidate Slice (VCS), which focuses on analyzing the dependencies between diverse data and control program elements.…”

Section: Deep Learning For Smart Contract Vulnerabilities Detectionmentioning

confidence: 99%

“…The withdrawAll function in VulnerableContract is used to withdraw all balances in the contract, and owner check is required before withdrawal (line 7). Assuming that the owner of the VulnerableContract contract calls the withdrawAll function to transfer funds to the AttackContract address (line 8), its fallback function will be called (lines [19][20][21]. The fallback function is injected with malicious code, which calls the withdrawAll function of VulnerableContract again.…”

Section: Supplementary Informationmentioning

confidence: 99%

Lightning Cat: A Deep Learning-based Solution for Smart Contracts Vulnerability Detection

Tang

Lai

et al. 2023

Preprint

View full text Add to dashboard Cite

This paper aims to explore the application of deep learning in smart contract vulnerabilities detection. Smart contracts are an essential part of blockchain technology and are crucial for developing decentralized applications. However, smart contract vulnerabilities can cause financial losses and system crashes. Static analysis tools are frequently used to detect vulnerabilities in smart contracts, but they often result in false positives and false negatives because of their high reliance on predefined rules and lack of semantic analysis capabilities. Furthermore, these predefined rules quickly become obsolete and fail to adapt or generalize to new data. In contrast, deep learning methods do not require predefined detection rules and can learn the features of vulnerabilities during the training process.In this paper, we introduce a solution called Lighting Cat which is based on deep learning techniques. We trained three deep learning models for detecting vulnerabilities in smart contract: Optimized-CodeBERT, Optimized-LSTM, and Optimized-CNN. To precisely extract vulnerability features, we acquired segments of vulnerable code functions to retain critical vulnerability features. Using the CodeBERT pre-training model for data preprocessing, we could capture the syntax and semantics of the code more accurately, thereby enhancing the performance of vulnerabilities detection. This is particularly significant in the inspection of Solidity Code.To demonstrate the feasibility of our proposed solution, we evaluated its performance using the SolidiFI-benchmark dataset, which consists of 9369 vulnerable contracts injected with vulnerabilities from seven different types. Experimental results showed that, among the Lighting Cat we proposed, Optimized-CodeBERT model surpassed other methods, achieving an f1-score of 93.53%.

show abstract

DeeSCVHunter: A Deep Learning-Based Framework for Smart Contract Vulnerability Detection

Cited by 47 publications

References 3 publications

Improvement and Optimization of Vulnerability Detection Methods for Ethernet Smart Contracts

Improvement and Optimization of Vulnerability Detection Methods for Ethernet Smart Contracts

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

Lightning Cat: A Deep Learning-based Solution for Smart Contracts Vulnerability Detection

Contact Info

Product

Resources

About