Improvement and Optimization of Vulnerability Detection Methods for Ethernet Smart Contracts

Zhongju Yang; Weixing Zhu; Minggang Yu

doi:10.1109/ACCESS.2023.3298672

IEEE Access (Jan 2023)

Improvement and Optimization of Vulnerability Detection Methods for Ethernet Smart Contracts

Zhongju Yang,
Weixing Zhu,
Minggang Yu

Affiliations

Zhongju Yang: ORCiD; Command and Control Engineering College, Army Engineering University of PLA, Nanjing, China
Weixing Zhu: Command and Control Engineering College, Army Engineering University of PLA, Nanjing, China
Minggang Yu: Command and Control Engineering College, Army Engineering University of PLA, Nanjing, China

DOI: https://doi.org/10.1109/ACCESS.2023.3298672
Journal volume & issue: Vol. 11
pp. 78207 – 78223

Abstract

Read online

Smart contracts based on blockchain are widely used in finance, management, Internet of Things, healthcare, and other fields. However, with the rapid development of smart contracts, the corresponding security vulnerability attack cases occur frequently. Existing Ethereum smart contract vulnerability detection tools based on static analysis techniques rely too much on expert rules, for this reason, this paper proposes an Ethereum smart contract vulnerability detection method SCSVM based on support vector machine technology. A representation of smart contracts is constructed based on the word-to-vector technique, the features of Ethereum smart contracts are extracted based on the support vector machine technique, and these features are combined to identify vulnerabilities. Experiments on Smartbugs and Smartbugs-wild show that SCSVM is significantly effective. It achieves a detection accuracy of 87.51%, outperforming five typical static analysis vulnerability detection tools in terms of F1-score. To alleviate the problems of deep learning methods over-relying on large-scale data to train models and collecting a large number of smart contract attack samples in a short period, this paper proposes a basic learner-meta-learner framework, SCLMF. solc-based acquisition of the bytecode of Ethereum smart contract Solidity, on which smart contract representations are constructed via Python and the use of SCLMF for vulnerability detection. The experiments on WScrawlD show that SCLMF has a certain detection effect. Also, to further verify the effectiveness of SCLMF, experiments were conducted on Omniglot, and the detection accuracy was 96.7% and 98.5% under 5-way 1-shot and 5-way 5-shot conditions, respectively, which exceeded Memory-Augmented Neural Networks and CONVOLUTIONAL SIAMESE NETS. In summary, the experiments proved the effectiveness of SCSVM and SCLMF in Ethereum smart contract vulnerability detection.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords