Search

CN-116150003-B - Block chain intelligent contract multi-vulnerability detection method and system based on improved graph rolling network

CN116150003BCN 116150003 BCN116150003 BCN 116150003BCN-116150003-B

Abstract

The invention relates to a blockchain intelligent contract multi-vulnerability detection method and system based on an improved graph rolling network, wherein the method comprises the following steps of S1, constructing an intelligent contract vulnerability sample data set; the method comprises the steps of S2, modeling source code semantics in intelligent contracts to generate nodes and edges to form complete graph structural features, S3, processing the graph structural features to obtain multi-dimensional feature vector output, S4, calculating and training feature vectors of various vulnerability samples to obtain a multi-vulnerability graph integration model with optimal parameters, S5, inputting the intelligent contracts to be detected into a multi-label classification model, and outputting the model to be a vulnerability detection result of the intelligent contracts. The method and the system realize the accurate and efficient detection of the plurality of loopholes on the intelligent contract, and enhance the security of the intelligent contract.

Inventors

  • CUI WEI
  • WANG XITE

Assignees

  • 华南理工大学
  • 人工智能与数字经济广东省实验室(广州)

Dates

Publication Date
20260512
Application Date
20230118

Claims (8)

  1. 1. A blockchain intelligent contract multi-vulnerability detection method based on an improved graph rolling network is characterized by comprising the following steps: S1, constructing an intelligent contract vulnerability sample data set; S2, modeling source code semantics in the intelligent contract to generate nodes and edges, and forming complete graph structural features; s3, processing the structural features of the graph to obtain multidimensional feature vector output; s4, calculating and training feature vectors of various vulnerability samples to obtain a multi-vulnerability picture integration class model with optimal parameters; S5, inputting the intelligent contracts to be detected into a multi-label classification model, and outputting the model as a vulnerability detection result of the intelligent contracts; the specific process of step S2 includes: S21, dividing the nodes into a main node, a secondary node and a fallback node, and constructing edges of the connecting nodes through logic semantic rules of codes, wherein the edges comprise sequential edges, fallback edges, semantic edges and data edges; S22, calling all functions except the fallback function by using a main node, and representing key global variables, intermediate variables or transfer addresses by using a secondary node; S23, constructing logic semantic rules of the codes of the edges; the specific implementation process of the step S3 comprises node characteristic transfer and node characteristic update; node characteristic transfer, which is to sub node Or rollback node Is transferred to the corresponding master node The structure of the node diagram is simplified, and the specific steps are as follows: S311, eliminating secondary node All secondary nodes Feature partitioning of (a) to its corresponding nearest master node If (if) With two or more nearest master nodes Then pass its characteristics to all the nearest master nodes ; S312, eliminating rollback node Will roll back the node Is transferred to the corresponding two master nodes ; S313, the edge connected to the deleted node will remain, but its characteristics for the start or end node will move to the corresponding master node ; The specific steps of node characteristic updating are as follows: s321, defining the updated master node as ; S322, dividing the characteristics of the updated node into three parts: 1) Self node characteristics; 2) Internal features, i.e. secondary nodes, fallback nodes Pointing to a master node And has a corresponding { pattern Pointing to a master node Path characteristics of (2) and use To represent; 3) External features, i.e. Pointing to secondary node, fallback node Is characterized by the direction of (a) and has a corresponding Pointing to Path characteristics of (2) and use To represent.
  2. 2. The blockchain intelligent contract multi-vulnerability detection method based on the improved graph rolling network of claim 1, wherein the specific process of the step S1 is as follows: S11, acquiring an intelligent contract address set deployed on an Ethernet database at Google BigQuery, and acquiring a corresponding intelligent contract source code at ETHERSCAN; s12, detecting multiple types of loopholes by using widely-verified intelligent contract loopholes detection tools Oyente and Mythril respectively, writing contract transaction test cases on intelligent contract samples of samples with detected loopholes, arranging debugging transactions in Remix IDE, manually verifying the accuracy of the intelligent contract loopholes, and sorting the samples according to results.
  3. 3. The blockchain intelligent contract multi-vulnerability detection method based on the improved graph rolling network is characterized in that a multi-vulnerability graph rolling integral model in the step S4 comprises two parts of structures, namely an improved graph rolling calculation layer and an output layer, parameter learning calculation of the improved graph rolling model is conducted on path characteristics of a sample graph structure, prediction probability values generated by voting are calculated, the prediction probability values adopt F1 score evaluation indexes, and the classification results of the samples output by the multi-label classification model are judged according to the classification results of the multi-label classification model and are output.
  4. 4. A blockchain intelligent contract multi-vulnerability detection method based on an improved graph rolling network as in claim 3, wherein the improved graph rolling structural expression of the improved graph rolling calculation layer is as follows: wherein, the node number of the node diagram is set as The feature vector of the node is The dimensions of the dimensions, Is the first Input, initial layer of layer diagram neural network , In order to add the adjacency matrix of the self-connection, For the degree matrix, the parameters to be trained are , For the corresponding activation function.
  5. 5. The blockchain intelligent contract multi-vulnerability detection method based on the improved graph rolling network is characterized in that an output layer adopts One-Versus-One strategy to output a prediction result aiming at the angles of a multi-label classification model, k intelligent contract vulnerabilities are set, two-by-two data in k categories are combined, then a model is trained by using the combined data, so that k (k-1)/2 classifiers are generated, the results of the classifiers are fused, and the prediction result of the classifier is output to a final prediction result value by using a mode of majority voting; If the predicted result value is higher than 60% of the predicted probability value of a certain vulnerability class V1, and the predicted probability values of the other vulnerability classes V2..Vk are lower than 60%, only the V1 vulnerability class is finally reported, if the result is higher than 60% of the predicted probability values of a plurality of vulnerability classes V1..Vm, and the predicted probability values of the other vulnerability classes vm+1..Vk are lower than 60%, the V1..Vm vulnerability class is finally reported, and if the result is not provided with the predicted probability values of the vulnerability classes, the intelligent contract is finally reported to be free of the k vulnerability classes.
  6. 6. A blockchain intelligent contract multi-vulnerability detection system based on a blockchain intelligent contract multi-vulnerability detection method of an improved graph rolling network as in claim 1, comprising: the construction module is used for constructing an intelligent contract vulnerability sample data set; the graph structural feature acquisition module is used for modeling source code semantics in the intelligent contract, generating nodes and edges and forming complete graph structural features; the multidimensional feature vector acquisition module is used for processing the structural features of the graph to obtain multidimensional feature vector output; the classification model acquisition module is used for calculating and training the feature vectors of various vulnerability samples to obtain a multi-vulnerability picture volume integral class model with optimal parameters; The detection result acquisition module is used for inputting the intelligent contracts to be detected into the multi-label classification model, and outputting the model as the vulnerability detection result of the intelligent contracts.
  7. 7. A storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the blockchain intelligent contract multi-vulnerability detection method of any one of claims 1-5.
  8. 8. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor, when executing the computer program, implements the blockchain intelligent contract multi-vulnerability detection method of any one of claims 1-5.

Description

Block chain intelligent contract multi-vulnerability detection method and system based on improved graph rolling network Technical Field The invention relates to the technical field of distributed application security of blockchains, in particular to a blockchain intelligent contract multi-vulnerability detection method and system based on an improved graph rolling network. Background Smart contracts are an automatically running, "self-sufficient" and decentralized program that can handle transactions between two parties without the need for a centralized intermediary. I.e., they are distributed, trusted shared code deployed on the blockchain. The parties to the smart contract should agree on contract details, default conditions, default responsibilities, and external verification data sources oracles, which are then deployed onto the blockchain in the form of the smart contract to automatically execute the contract on behalf of the signing party. With the development of blockchain technology, more and more developers pay attention to these advantages of smart contracts, and smart contract technology is applied to various fields including finance, artwork transaction, and inauguration investment. However, intelligent contract developers can easily write intelligent contract codes with security holes under inexperienced and vigilant conditions, and can not be fully tested, and can be in a hurry to deploy online, so that serious security events can be finally generated. In 2016, an attack on the DAO contract resulted in more than 3,600,000 ethernet chips being lost. The attack is from the fact that one key contract in DAO introduces a reentrant vulnerability, the vulnerability of the party multi-signature wallet causes more than 513,701 Ethernet to be locked in 2017, and the decentralized financial project bZx lending protocol encounters two intelligent contract vulnerability attacks in 2020, losing 35 ten thousand dollars and 64 ten thousand dollars in sequence. In addition to the above-mentioned typical cases, the intelligent contract field has many leak cases worth researching, and various novel attack techniques are endless, so that urgent demands are made for detecting various leaks of the intelligent contracts. In the past, the detection of smart contracts has been largely dependent on certain rules defining logic semantics, most cannot detect complex smart contracts, and when an attacker knows these rules, measures can be taken to bypass these detections. In the face of endless categories of intelligent contracts and increasing numbers of intelligent contracts, existing formal verification methods are difficult to deal with. The graph rolling network is a framework for directly learning graph structure data by deep learning, and the excellent performance of the graph rolling network is highly focused and deeply explored by students. The method has the advantages that certain strategies are formulated on nodes and edges in the graph, graph structure data are converted into standard and standard representations, the standard representations are input into a plurality of different neural networks for training, and excellent effects are achieved on tasks such as node classification, side information transmission, graph clustering and the like. In recent years, graph rolling networks have found wide application in natural language processing. Therefore, the method and the system for detecting the intelligent contract multiple loopholes by utilizing the graph convolution network have important practical significance. Disclosure of Invention In order to solve the technical problems in the prior art, the invention provides a blockchain intelligent contract multi-vulnerability detection method and system based on an improved graph convolutional network, which can accurately and efficiently detect a plurality of vulnerabilities of intelligent contracts and enhance the safety of the intelligent contracts. The method is realized by adopting the following technical scheme that the blockchain intelligent contract multi-vulnerability detection method based on the improved graph rolling network comprises the following steps: S1, constructing an intelligent contract vulnerability sample data set; S2, modeling source code semantics in the intelligent contract to generate nodes and edges, and forming complete graph structural features; s3, processing the structural features of the graph to obtain multidimensional feature vector output; s4, calculating and training feature vectors of various vulnerability samples to obtain a multi-vulnerability picture integration class model with optimal parameters; S5, inputting the intelligent contracts to be detected into a multi-label classification model, and outputting the model as a vulnerability detection result of the intelligent contracts. The system is realized by adopting the following technical scheme that the blockchain intelligent contract multi-vulnerability detection sys