中文

Journal of Applied Sciences >

2024 , Vol. 42 >Issue 4: 585 - 597

DOI: https://doi.org/10.3969/j.issn.0255-8297.2024.04.003

Blockchain

A Domain Adaptive Security Analysis Framework for Smart Contracts

Expand
  • 1. School of Computer and Communication Engineering, Jiangsu University, Zhenjiang 212013, Jiangsu, China;
    2. School of Automotive and Transportation Engineering, Jiangsu University, Zhenjiang 212013, Jiangsu, China

Received date: 2024-01-02

  Online published: 2024-08-01

Fold

Abstract

The available smart contract vulnerability detection schemes mostly rely on expert-defined rules, which lack flexibility and struggle with new unknown vulnerabilities. To address this challenge, we present a novel framework called domain adaptive security analysis framework (DASAF). Firstly, we obtain the execution logic of smart contract opcodes and convert them into meaningful sequential features. Secondly, to overcome the inherent data bias in deep learning models, which leads to model aging and difficulty in achieving strong generalization performance due to insufficient labeled samples in new unknown vulnerabilities, the DASAF framework introduces adversarial generative network structure and domain adaptation techniques. Finally, we evaluate the effectiveness of the DASAF framework in the field of smart contract vulnerability analysis and detection using a public benchmark dataset, and compare it with similar schemes. The experimental results demonstrate the superiority of the DASAF framework over comparable approaches.

Key words: smart contract; domain adaptation techniques; generative adversarial network; vulnerability detection; deep learning

Cite this article

WANG Na, ZHU Huijuan, SONG Xiangmei, FENG Xia . A Domain Adaptive Security Analysis Framework for Smart Contracts[J]. Journal of Applied Sciences, 2024 , 42(4) : 585 -597 . DOI: 10.3969/j.issn.0255-8297.2024.04.003

References

[1] Yuan Y, Wang F Y. Blockchain and cryptocurrencies: model, techniques, and applications [J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2018, 48(9): 1421-1428.
[2] Wood G. Ethereum: a secure decentralised generalised transaction ledger [J]. Ethereum Project Yellow Paper, 2014, 151: 1-32.
[3] Androulaki E, Barger A, Bortnikov V, et al. Hyperledger Fabric: a distributed operating system for permissioned blockchains [C]//13th EuroSys Conference, 2018: 1-15.
[4] Alomar A, Bhuiyan M Z A, Basu A, et al. Privacy-friendly platform for healthcare data in cloud based on blockchain environment [J]. Future Generation Computer Systems, 2019, 95: 511-521.
[5] Schär F. Decentralized finance: on blockchain- and smart contract-based financial markets [J]. Federal Reserve Bank of St. Louis Review, 2021, 103(2): 153-174.
[6] Wan Z, Guan Z, Cheng X. PRIDE: a private and decentralized usage-based insurance using blockchain [C]//IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data, 2018: 1349-1354.
[7] Liu Z G, Qian P, Wang X, et al. Combining graph neural networks with expert knowledge for smart contract vulnerability detection [J]. IEEE Transactions on Knowledge Data Engineering, 2023, 35(2): 1296-1310.
[8] He D J, Deng Z, Zhang Y X, et al. Smart contract vulnerability analysis and security audit [J]. IEEE Network, 2020, 34(5): 276-282;
[9] Zhao L T, Zhong L, Liu J D, et al. A regulatable mechanism for transacting data assets [J]. IEEE Internet of Things Journal, 2023, 10(24): 201615-21632.
[10] Wang W, Song J J, Xu G Q, et al. ContractWard: automated vulnerability detection models for Ethereum smart contracts [J]. IEEE Transactions on Network Science Engineering, 2020, 8(2): 1133-1144.
[11] Kalra S, Goel S, Dhawan M, et al. ZEUS: analyzing safety of smart contracts [C]//Network and Distributed System Security Symposium, 2018: 1-12.
[12] Jiang B, Liu Y, Chan W K. Contractfuzzer: fuzzing smart contracts for vulnerability detection [C]//33rd ACM/IEEE International Conference on Automated Software Engineering, 2018: 259-269.
[13] Luu L, Chu D H, Olickel H, et al. Making smart contracts smarter [C]//ACM SIGSAC Conference on Computer and Communications Security, 2016: 254-269.
[14] Sato T, Himura Y. Smart-contract based system operations for permissioned blockchain [C]// 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2018: 1-6.
[15] Feng S Y, Gangal V, Wei J, et al. A survey of data augmentation approaches for NLP [DB/OL]. 2021[2024-01-02]. https://arxiv.org/abs/2105.03075v1.
[16] 邓枭, 叶蔚, 谢睿, 等. 基于深度学习的源代码缺陷检测研究综述[J]. 软件学报, 2023, 34(2): 625- 654. Deng X, Ye W, Xie R, et al. Survey of source code bug detection based on deep learning [J]. Journal of Software, 2023, 34(2): 625-654. (in Chinese)
[17] Wu H J, Zhang Z, Wang S W, et al. Peculiar smart contract vulnerability detection based on crucial data flow graph and pre-training techniques [C]//IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE), 2021: 378-389.
[18] 钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2021, 33(8): 3059- 3085. Qian P, Liu Z G, He Q M, et al. Smart contract vulnerability detection technique: a survey [J]. Journal of Software, 2021, 33(8): 3059-3085. (in Chinese)
[19] Hildenbrandt E, Saxena M, Rodrigues N, et al. KEVM: a complete formal semantics of the Ethereum virtual machine [C]//IEEE 31st Computer Security Foundations Symposium (CSF), 2018: 204-217.
[20] 胡甜媛, 李泽成, 李必信, 等. 智能合约的合约安全和隐私安全研究综述[J]. 计算机学报, 2021, 44(12): 2485-2514. Hu T Y, Li Z C, Li B X, et al. Contractual security and privacy secyrity of smart contract: a system mapping study [J]. Chinese Journal of Computers, 2021, 44(12): 2485-2514. (in Chinese)
[21] Wüstholz V, Christakis M. Harvey: a greybox fuzzer for smart contracts [C]//28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020: 1398-1409.
[22] Baldoni R, Coppa E, D’elia D C, et al. A survey of symbolic execution techniques [J]. ACM Computing Surveys, 2018, 51(3): 1-39.
[23] Feist J, Grieco G, Groce A. Slither: a static analysis framework for smart contracts [C]//2nd International Workshop on Emerging Trends in Software Engineering for Blockchain, 2019: 8-15.
[24] Mueller B. A framework for bug hunting on the ethereum blockchain [EB/OL]. 2017[2024- 01-02]. https://github.com/ConsenSys/mythril.
[25] Sharifani K, Amini M. Machine learning and deep learning: a review of methods and applications [J]. World Information Technology and Engineering Journal, 2023, 10(7): 3897-3904.
[26] Hu H, Bai Q, Xu Y. SCSGuard deep scam detection for ethereum smart contracts [C]//IEEE INFOCOM 2022-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2022: 1-6.
[27] Zhuang Y, Liu Z G, Qian P, et al. Smart contract vulnerability detection using graph neural network [C]//Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence, 2021: 3283-3290.
[28] Zou W, Lo D, Kochhar P S, et al. Smart contract development challenges and opportunities [J]. IEEE Transactions on Software Engineering, 2019, 47(10): 2084-2106.
[29] Pan S J, Yang Q. A survey on transfer learning [J]. IEEE Transactions on Knowledge Data Engineering, 2009, 22(10): 1345-1359.
[30] Farahani A, Voghoei S, Rasheed K, et al. A brief review of domain adaptation [DB/OL]. 2020[2024-01-02]. https://arxiv.org/abs/2010.03978.
[31] Goodfellow I, Pouget Abadie J, Mirza M, et al. Generative adversarial nets [J]. Communications of the ACM, 2020, 63(11): 139-144.
[32] Vaswani A, Shazeer N, Parmar N, et al. Attention is all you need [DB/OL]. 2023[2024-01-02]. https://arxiv.org/abs/1706.03762.
[33] Kingma D P, Ba J. Adam: a method for stochastic optimization[DB/OL]. 2017[2024-01-02]. https://arxiv.org/abs/1412.6980v6.
[34] Abdelaziz T, Hobor A. Smart learning to find dumb contracts [C]//32nd USENIX Security Symposium, 2023: 1775-1792.
Options
Outlines

/