CN110502898B - Method, system, device, storage medium and electronic equipment for auditing intelligent contracts - Google Patents

Method, system, device, storage medium and electronic equipment for auditing intelligent contracts Download PDF

Info

Publication number
CN110502898B
CN110502898B CN201910703437.4A CN201910703437A CN110502898B CN 110502898 B CN110502898 B CN 110502898B CN 201910703437 A CN201910703437 A CN 201910703437A CN 110502898 B CN110502898 B CN 110502898B
Authority
CN
China
Prior art keywords
intelligent contract
auditing
input matrix
transaction event
target input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910703437.4A
Other languages
Chinese (zh)
Other versions
CN110502898A (en
Inventor
罗进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloudminds Robotics Co Ltd
Original Assignee
Cloudminds Shanghai Robotics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloudminds Shanghai Robotics Co Ltd filed Critical Cloudminds Shanghai Robotics Co Ltd
Priority to CN201910703437.4A priority Critical patent/CN110502898B/en
Publication of CN110502898A publication Critical patent/CN110502898A/en
Application granted granted Critical
Publication of CN110502898B publication Critical patent/CN110502898B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Molecular Biology (AREA)
  • Data Mining & Analysis (AREA)
  • Accounting & Taxation (AREA)
  • Biophysics (AREA)
  • Finance (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Virology (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present disclosure relates to a method, system, apparatus, storage medium and electronic device for auditing a smart contract, the method comprising: acquiring byte codes of the intelligent contracts; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The method is used for solving the technical problem that the accuracy rate of auditing the intelligent contract is low by setting a specific algorithm to match the byte codes of the intelligent contract according to a certain pattern in the related technology.

Description

Method, system, device, storage medium and electronic equipment for auditing intelligent contracts
Technical Field
The present disclosure relates to the field of intelligent contract technologies, and in particular, to a method, a system, an apparatus, a storage medium, and an electronic device for auditing an intelligent contract.
Background
The intelligent contract is a computer protocol established based on the blockchain technology, and is widely applied to the scenes of wallet technology, persistent information storage, automatic transaction execution and the like along with the development of the blockchain technology. However, due to the design defects of the intelligent contracts, more security problems occur, such as contract reentry problems, overflow problems, malicious contracts and the like. And in order to judge whether the intelligent contract is safe or not, auditing is required to be carried out on the code of the intelligent contract.
In the related technology, a specific algorithm is set to match the byte codes of the intelligent contract according to a certain pattern so as to audit and judge the intelligent contract, but in practical application, the accuracy of auditing the intelligent contract is low by the method.
Disclosure of Invention
The invention aims to provide a method, a system, a device, a storage medium and electronic equipment for auditing an intelligent contract, which are used for solving the technical problem that the accuracy rate of auditing the intelligent contract is low by setting a specific algorithm to match byte codes of the intelligent contract according to a certain pattern in the related technology.
In order to achieve the above object, in a first aspect of the embodiments of the present disclosure, there is provided a method for auditing smart contracts, the method including:
acquiring byte codes of the intelligent contracts;
mapping the byte code based on a word2vec algorithm to obtain a target input matrix;
and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety.
Optionally, the intelligent contract auditing model is a Convolutional Neural Network (CNN) model, and the training sample of the CNN model comprises an input matrix obtained by mapping byte codes of the intelligent contract based on a word2vec algorithm and a sample data pair composed of probabilities with low security and used for representing the intelligent contract.
Optionally, the width of the convolution kernel of the CNN model is the same as the width of the target input matrix, and/or the size of the filter of the pooling layer of the CNN model is the same as the size of the feature map after the convolution of the target input matrix.
Optionally, the width of the target input matrix and the width of the convolution kernel both range from 50 to 100, the number of the convolution kernels ranges from 50 to 200, and the stride of the CNN model is 1.
Optionally, the method further comprises:
and storing the audit result to a block chain where the intelligent contract is located, and/or sending the audit result to a terminal so as to store the audit result in a cache of the terminal.
Optionally, the auditing result is used for determining whether the security of the intelligent contract meets the executing condition of the transaction event based on the auditing result before the transaction event in the corresponding intelligent contract is executed.
In a second aspect of the disclosed embodiments, there is provided a system for auditing smart contracts, comprising:
the intelligent contract auditing device is connected with the intelligent contract monitoring device;
the control console is used for generating an audit command and sending the audit command to the intelligent contract monitoring device;
the intelligent contract monitoring device is used for acquiring the byte codes of the intelligent contracts to be audited from the block chain system according to the audit command and sending the byte codes of the intelligent contracts to the intelligent contract auditing device;
the intelligent contract auditing device is used for executing a method for auditing intelligent contracts.
Optionally, the console is configured to generate an audit command for instructing to audit the smart contract when a terminal is detected to deploy a transaction event to the smart contract.
Optionally, the intelligent contract auditing device is further configured to send the auditing result to the intelligent contract monitoring device;
the intelligent contract monitoring device is further used for determining whether the security of the intelligent contract meets the execution condition of the transaction event on the intelligent contract or not based on the received auditing result;
and if the security of the intelligent contract does not meet the execution condition of the transaction event, rejecting the execution of the transaction event.
In a third aspect of the embodiments of the present disclosure, an apparatus for auditing a smart contract is provided, comprising:
an obtaining module configured to obtain a bytecode of the smart contract;
the mapping module is configured to map the byte codes to obtain a target input matrix based on a word2vec algorithm;
and the auditing module is configured to input the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the intelligent contract and having low safety.
In a fourth aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the steps of the method of any one of the above first aspects.
In a fifth aspect of the embodiments of the present disclosure, there is provided an electronic device, including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of any of the first aspects above.
Acquiring the byte code of the intelligent contract through the technical scheme; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The intelligent contract auditing model is established based on a machine learning algorithm, the machine learning algorithm has better working efficiency in pattern recognition, and the trained intelligent contract auditing model is used for recognizing a target input matrix obtained by byte code mapping of an intelligent contract, so that the accuracy of intelligent contract auditing is improved.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a block diagram illustrating a system for auditing smart contracts, according to an example embodiment.
FIG. 2 is a flowchart illustrating a method of auditing smart contracts, according to an exemplary embodiment.
FIG. 3 is a block diagram illustrating an apparatus for auditing smart contracts, according to an example embodiment.
FIG. 4 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
FIG. 1 is a block diagram illustrating a system for auditing smart contracts, according to an exemplary embodiment, such as system 10 shown in FIG. 1, including:
the intelligent contract monitoring system comprises a control console 101, an intelligent contract monitoring device 102 connected with the control console 101, and an intelligent contract auditing device 103 connected with the intelligent contract monitoring device 102;
the control console 101 is configured to generate an audit command and send the audit command to the intelligent contract monitoring apparatus 102;
the intelligent contract monitoring device 102 is configured to obtain a bytecode of an intelligent contract to be audited from a block chain system according to the audit command, and send the bytecode of the intelligent contract to the intelligent contract auditing device 103;
the intelligent contract auditing apparatus 103 is configured to execute the method shown in fig. 2, and specifically includes:
and S11, acquiring the byte code of the intelligent contract.
In the present disclosure, the console 101, the intelligent contract monitoring apparatus 102, and the intelligent contract auditing apparatus 103 may be implemented in the form of hardware, or may be implemented in the form of software functional units. The software functional unit is stored in a storage medium and comprises a plurality of functional functions. Specifically, the software functional unit is stored in a computer readable storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute. And the aforementioned storage medium includes: Read-Only Memory (ROM), Random Access Memory (RAM), and other various media capable of storing program codes. For example, in one possible implementation, the console 101 is deployed in a local computer, and the smart contract monitoring apparatus 102 and the smart contract auditing apparatus 103 are deployed in a cloud server.
The intelligent contract is deployed in the blockchain system shown in fig. 1, after receiving an audit command sent by the console 101, the intelligent contract monitoring apparatus 102 obtains a bytecode of a specific intelligent contract to be audited from the blockchain system according to the audit command, for example, the audit command may include address information of the intelligent contract to be obtained, and further obtains the bytecode of the intelligent contract to be audited according to the address information. The intelligent contract monitoring apparatus 102 then sends the bytecode of the intelligent contract to the intelligent contract auditing apparatus 103.
Optionally, the console 101 is configured to generate an audit command indicating that the smart contract is audited when a terminal deploys a transaction event to the smart contract.
Specifically, since the security of the execution of the transaction event is affected by the security of the smart contract in which the transaction event is located, the transaction event deployed on the smart contract is automatically executed when a certain condition is met or a set time is reached, and in order to ensure the security of the execution of the transaction event, when the control console 101 detects that the terminal deploys the transaction event to the smart contract, the audit command is generated, so that the smart contract audit device 103 audits the smart contract in which the transaction event is located, and the system 10 itself or the user can determine whether the transaction event is executed according to the audit result, thereby ensuring the security of the execution of the transaction event to a certain extent.
Of course, in other possible embodiments, the console 101 may also receive an audit command triggered by the user and used for instructing to audit the smart contract, and then the user may determine whether to audit the smart contract according to actual needs.
In one possible embodiment, to simultaneously audit multiple intelligent contracts, multiple intelligent contract auditing apparatuses 103 may be deployed, and a reverse-broker apparatus may be deployed to distribute bytecodes of different intelligent contracts to particular intelligent contract auditing apparatuses 103 to increase auditing efficiency.
And S12, mapping the bytecode to obtain a target input matrix based on the word2vec algorithm.
Because the sizes of different byte codes are different, after the intelligent contract auditing device 103 obtains the byte codes of the intelligent contract, the byte codes are converted into the target input matrix through the word2vec algorithm, so that on one hand, the size of the target input matrix can be unified, subsequent calculation is facilitated, and on the other hand, the byte codes can be simplified through the word2vec algorithm to remove redundant information, and subsequent calculation amount is reduced. It should be noted that the word2vec algorithm belongs to the prior art, and this disclosure does not specifically describe it.
And S13, inputting the target input matrix into the trained intelligent contract auditing model to obtain an auditing result used for representing the intelligent contract with low safety.
Specifically, in a possible implementation manner, the intelligent contract auditing model is a Convolutional Neural Network (CNN) (convolutional Neural networks) model, a training sample of the CNN model includes an input matrix obtained by mapping a byte code of an intelligent contract based on a word2vec algorithm, and a sample data pair composed of probabilities of low security and used for representing the intelligent contract, an intelligent contract corresponding to an input matrix in the sample data pair may be an existing intelligent contract with known security, or may be written by itself as needed, and a probability of a corresponding input matrix may be obtained by manually evaluating. The CNN model has higher accuracy in pattern recognition, and the accuracy of the obtained audit result can be improved by auditing the intelligent contract through the trained CNN model.
In addition, it should be noted that, for the method for auditing the smart contracts shown in fig. 2, the application objects thereof are not limited to the smart contract auditing device 103 shown in fig. 1, and the application objects of the method are not particularly limited by the present disclosure.
Optionally, the intelligent contract auditing means 103 is further configured to send the auditing result to the intelligent contract monitoring means 102;
the intelligent contract monitoring apparatus 102 is further configured to determine whether the security of the intelligent contract meets the execution condition of the transaction event on the intelligent contract based on the received auditing result;
and if the security of the intelligent contract does not meet the execution condition of the transaction event, rejecting the execution of the transaction event.
For example, if the probability of the audit result representing the security of the intelligent contract corresponding to the intelligent contract where the transaction event is executed needs to be greater than or equal to 70%, and if the probability of the audit result of the intelligent contract where the transaction event is received by the intelligent contract monitoring device 102 is 60%, that is, the security of the intelligent contract does not satisfy the execution condition of the transaction event, the execution of the transaction event is rejected, and further, the transaction event is not executed even when the predetermined time for executing the transaction event is reached. If the probability of the auditing result of the intelligent contract where the transaction event is received by the intelligent contract monitoring device 102 is 80%, that is, the security of the intelligent contract meets the execution condition of the transaction event, when the scheduled time for executing the transaction event is reached, the execution of the transaction event is allowed. Therefore, the system 10 can refuse the execution of the transaction event with lower security according to the audit result, and the security of the transaction event is guaranteed.
In other words, in the present disclosure, the audit result is used to determine whether the security of the smart contract satisfies the execution condition of the transaction event before the transaction event in the corresponding smart contract is executed.
Acquiring the byte code of the intelligent contract through the technical scheme; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The intelligent contract auditing model is established based on a machine learning algorithm, the machine learning algorithm has better working efficiency in pattern recognition, and the trained intelligent contract auditing model is used for recognizing a target input matrix obtained by byte code mapping of an intelligent contract, so that the accuracy of intelligent contract auditing is improved.
Optionally, in this disclosure, a width of a convolution kernel of the CNN model is the same as that of the target input matrix, and/or a size of a filter of a pooling layer of the CNN model is the same as that of a feature map after the target input matrix is convolved.
Specifically, considering that a row of the intelligent and contracted bytecode contains a complete piece of information and cannot be divided, the width of a convolution kernel of the CNN model is set to be the same as that of the target input matrix, and the width of a feature map obtained by convolution is 1, which is used for characterizing the feature of the row of the bytecode. In order to further simplify information contained in the byte code, the size of a filter of a pooling layer of the CNN model is set to be the same as that of a feature map obtained by convolving the target input matrix, and further, after any feature map obtained by the convolution is pooled by the filter, the size of the obtained feature map is 1 x 1, so that the contained information amount is reduced, and the calculation speed is increased.
For example, the size of the target input matrix is n × k1 × 1, where n is the height of the target input matrix, and the size may be in opcode units, that is, when mapping is performed by word2vec algorithm, 32 bytes are used as one unit, and then 1 unit height of the target input matrix corresponds to 32 bytes of the bytecode, k1 represents the width of the target input matrix, and 1 in the size of the target input matrix represents that the target input matrix is a single channel. The size of the convolution kernel is h x k2 x w, where h is the convolution kernel height, k2 is the convolution kernel width, and k2= k1, w represents the number of convolution kernels. The size of the feature map obtained after convolution is c × 1 × w, that is, the height of the feature map after convolution is c, the width is 1, and the number is w, wherein,
Figure 914395DEST_PATH_IMAGE001
and stride is the stride of the CNN model. The size of the filter in the pooling layer is c × 1 × w, i.e., the height of the filter is c, the width is 1, and the number is w, and the size of each obtained feature map after pooling the filter is 1 × 1. When the filter is pooled, the maximum value of the action objects can be selected as the pooled feature map. After pooling, the pooled feature maps can be classified and output by softmax through the full connection layer of the CNN model.
Optionally, the width of the target input matrix and the width of the convolution kernel both range from 50 to 100, the number of the convolution kernels ranges from 50 to 200, and the stride of the CNN model is 1.
Following the above example, in one possible implementation, k1= k2=100, w =200, stride =1, and h =2, it should be noted that the values of the convolution kernel height h may be different for different convolution kernels, for example, there are 3 convolution kernels, the height h =1 for the first convolution kernel, the height h =2 for the second convolution kernel, and the height h =5 for the third convolution kernel, so as to obtain a feature map containing different information. During the training of the full connection layer of the CNN model, a Dropout algorithm may be used to avoid overfitting, and a ReLu (Rectified Linear Unit) is used as an activation function of the CNN model.
Optionally, in this disclosure, the method for auditing the smart contract may further include:
and storing the audit result to a block chain where the intelligent contract is located, and/or sending the audit result to a terminal so as to store the audit result in a cache of the terminal.
Specifically, after the step S13 is executed, the obtained audit result is stored, for example, in the block chain and the terminal cache simultaneously, and when the user needs to query the audit result, the user may first search in the terminal cache, and if the audit result is not searched, the user may search in the block chain again. Of course, the audit result can also be output through the terminal according to the user instruction, for example, displayed through a display screen of the terminal.
In another aspect of the disclosed embodiment, there is also provided an apparatus for auditing smart contracts, as shown in fig. 3, where the apparatus 200 includes:
an obtaining module 210 configured to obtain a bytecode of the smart contract;
a mapping module 220 configured to map the bytecode to obtain a target input matrix based on a word2vec algorithm;
and the auditing module 230 is configured to input the target input matrix into the trained intelligent contract auditing model to obtain an auditing result used for representing the intelligent contract and having low safety.
Acquiring the byte code of the intelligent contract through the technical scheme; mapping the byte codes based on a word2vec algorithm to obtain a target input matrix; and inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract and having low safety. The intelligent contract auditing model is established based on a machine learning algorithm, the machine learning algorithm has better working efficiency in pattern recognition, and the trained intelligent contract auditing model is used for recognizing a target input matrix obtained by byte code mapping of an intelligent contract, so that the accuracy of intelligent contract auditing is improved.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
FIG. 4 is a block diagram illustrating an electronic device in accordance with an example embodiment. For example, the electronic device 1900 may be provided as a server. Referring to fig. 4, an electronic device 1900 includes a processor 1922, which may be one or more in number, and a memory 1932 for storing computer programs executable by the processor 1922. The computer program stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, processor 1922 may be configured to execute the computer program to perform the method for auditing smart contracts described above.
Additionally, the electronic device 1900 may also include a power component 1926 and a communication component 1950, the power component 1926 may be configured to perform power management for the electronic device 1900, and the communication component 1950 may be configured to enable communication for the electronic device 1900, e.g., wired or wireless communication. In addition, the electronic device 1900 may also include input/output (I/O) interfaces 1958. The electronic device 1900 may operate based on an operating system, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, etc., stored in memory 1932.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described method of auditing smart contracts is also provided. For example, the computer-readable storage medium may be the memory 1932 described above that includes program instructions executable by the processor 1922 of the electronic device 1900 for performing the method for auditing smart contracts described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the method for auditing intelligent contracts described above when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure as long as it does not depart from the gist of the present disclosure.

Claims (9)

1. A method of auditing smart contracts, the method comprising:
acquiring byte codes of the intelligent contracts;
mapping the byte codes based on a word2vec algorithm to obtain a target input matrix;
inputting the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the safety of the intelligent contract, wherein the auditing result is that the feature graph after pooling of a pooling layer is classified and output by softmax through a full connection layer of a CNN model, the intelligent contract auditing model is a Convolutional Neural Network (CNN) model, the width of a convolution kernel of the CNN model is the same as that of the target input matrix, the size of a filter of the pooling layer of the CNN model is the same as that of the feature graph after convolution of the target input matrix, and the auditing result representing the safety of the intelligent contract is a probability value;
storing the audit result to a block chain where the intelligent contract is located, and/or sending the audit result to a terminal so as to store the audit result in a cache of the terminal;
the auditing result is used for determining whether the security of the intelligent contract meets the executing condition of the transaction event or not based on the auditing result before the transaction event in the corresponding intelligent contract is executed, and the executing of the transaction event is allowed under the condition that the security of the intelligent contract meets the executing condition of the transaction event.
2. The method of claim 1, wherein the training samples of the CNN model comprise an input matrix obtained by mapping byte codes of the intelligent contract based on word2vec algorithm, and a sample data pair composed of probabilities with low security for characterizing the intelligent contract.
3. The method of claim 1, wherein the width of the target input matrix and the width of the convolution kernels both have a value ranging from 50 to 100, the number of the convolution kernels has a value ranging from 50 to 200, and the step size of the CNN model is 1.
4. A system for auditing smart contracts, comprising:
the intelligent contract auditing device is connected with the intelligent contract monitoring device;
the control console is used for generating an audit command and sending the audit command to the intelligent contract monitoring device;
the intelligent contract monitoring device is used for acquiring the byte codes of the intelligent contracts to be audited from the block chain system according to the audit command and sending the byte codes of the intelligent contracts to the intelligent contract auditing device;
the intelligent contract auditing apparatus is used for executing the method of claim 1.
5. The system of claim 4, wherein the console is configured to generate an audit command indicating that the smart contract is to be audited upon detecting that a terminal has deployed a transaction event to the smart contract.
6. The system of claim 4 wherein the intelligent contract auditing means is further configured to send the auditing results to the intelligent contract monitoring means;
the intelligent contract monitoring device is also used for refusing the execution of the transaction event if the security of the intelligent contract does not meet the execution condition of the transaction event.
7. An apparatus for auditing a smart contract, comprising:
an obtaining module configured to obtain a bytecode of the smart contract;
the mapping module is configured to map the byte codes to obtain a target input matrix based on a word2vec algorithm;
the auditing module is configured to input the target input matrix into a trained intelligent contract auditing model to obtain an auditing result used for representing the high and low safety of the intelligent contract, wherein the auditing result is that the feature graph after pooling of a pooling layer is classified and output by softmax through a full connection layer of a CNN model, the intelligent contract auditing model is a Convolutional Neural Network (CNN) model, the width of a convolution kernel of the CNN model is the same as that of the target input matrix, the size of a filter of the pooling layer of the CNN model is the same as that of the feature graph after the target input matrix is convolved, and the auditing result representing the high and low safety of the intelligent contract is a probability value;
the storage module is configured to store the audit result to a block chain where the intelligent contract is located, and/or send the audit result to a terminal so as to store the audit result in a cache of the terminal;
the auditing result is used for determining whether the security of the intelligent contract meets the executing condition of the transaction event or not based on the auditing result before the transaction event in the corresponding intelligent contract is executed, and the executing of the transaction event is allowed under the condition that the security of the intelligent contract meets the executing condition of the transaction event.
8. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 3.
9. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 3.
CN201910703437.4A 2019-07-31 2019-07-31 Method, system, device, storage medium and electronic equipment for auditing intelligent contracts Active CN110502898B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910703437.4A CN110502898B (en) 2019-07-31 2019-07-31 Method, system, device, storage medium and electronic equipment for auditing intelligent contracts

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910703437.4A CN110502898B (en) 2019-07-31 2019-07-31 Method, system, device, storage medium and electronic equipment for auditing intelligent contracts

Publications (2)

Publication Number Publication Date
CN110502898A CN110502898A (en) 2019-11-26
CN110502898B true CN110502898B (en) 2022-07-05

Family

ID=68586837

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910703437.4A Active CN110502898B (en) 2019-07-31 2019-07-31 Method, system, device, storage medium and electronic equipment for auditing intelligent contracts

Country Status (1)

Country Link
CN (1) CN110502898B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112465117B (en) * 2020-11-25 2024-05-07 平安科技(深圳)有限公司 Contract generation model construction method, device, equipment and storage medium

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10095869B2 (en) * 2015-09-24 2018-10-09 International Business Machines Corporation Machine learning statistical methods estimating software system's security analysis assessment or audit effort, cost and processing decisions
CN105891215B (en) * 2016-03-31 2019-01-29 浙江工业大学 Welding visible detection method and device based on convolutional neural networks
CN106776580A (en) * 2017-01-20 2017-05-31 中山大学 The theme line recognition methods of the deep neural network CNN and RNN of mixing
WO2018184102A1 (en) * 2017-04-03 2018-10-11 Royal Bank Of Canada Systems and methods for malicious code detection
CN107707410B (en) * 2017-10-26 2021-04-27 上海点融信息科技有限责任公司 Method for configuring system audit service, information processing device and readable storage medium
CN107679250B (en) * 2017-11-01 2020-12-01 浙江工业大学 Multi-task layered image retrieval method based on deep self-coding convolutional neural network
CN108280511A (en) * 2018-01-10 2018-07-13 北京掌阔移动传媒科技有限公司 A method of network access data is carried out based on convolutional network and is handled
CN108985066B (en) * 2018-05-25 2021-09-28 北京金山安全软件有限公司 Intelligent contract security vulnerability detection method, device, terminal and storage medium
CN108985936A (en) * 2018-07-09 2018-12-11 北京中电普华信息技术有限公司 A kind of auditing method and system based on intelligent contract
CN109460663A (en) * 2018-11-12 2019-03-12 北京知道创宇信息技术有限公司 A kind of intelligence contract auditing method, device and its storage medium
CN110008699B (en) * 2019-03-19 2022-07-01 南瑞集团有限公司 Software vulnerability detection method and device based on neural network
CN109933991A (en) * 2019-03-20 2019-06-25 杭州拜思科技有限公司 A kind of method, apparatus of intelligence contract Hole Detection
CN109948345A (en) * 2019-03-20 2019-06-28 杭州拜思科技有限公司 A kind of method, the system of intelligence contract Hole Detection
CN109977682B (en) * 2019-04-01 2023-04-07 中山大学 Block chain intelligent contract vulnerability detection method and device based on deep learning

Also Published As

Publication number Publication date
CN110502898A (en) 2019-11-26

Similar Documents

Publication Publication Date Title
CN102866961B (en) There is the data of expansion and the memory dump of privacy of user protection
CN106557747B (en) The method and device of identification insurance single numbers
CN106874936B (en) Image propagation monitoring method and device
KR101582601B1 (en) Method for detecting malignant code of android by activity string analysis
CN108845930A (en) Interface operation test method and device, storage medium and electronic device
CN110399720A (en) A kind of method and relevant apparatus of file detection
CN110688319B (en) Application keep-alive capability test method and related device
CN110502898B (en) Method, system, device, storage medium and electronic equipment for auditing intelligent contracts
CN112100619B (en) Malicious file detection method, system, equipment and computer storage medium
CN106998336A (en) User's detection method and device in channel
CN110502443A (en) Redundant code detection method, detection module, electronic equipment and computer storage medium
CN107085516A (en) A kind of method and device for changing configuration
CN105302715B (en) The acquisition methods and device of application program user interface
CN113378161A (en) Security detection method, device, equipment and storage medium
CN110598797B (en) Fault detection method and device, storage medium and electronic device
CN112653697A (en) Access request processing method based on cloud computing and block chain and cloud service center
CN111488574A (en) Malicious software classification method, system, computer equipment and storage medium
CN103269341B (en) A kind of analytical method of spying program and computer system
CN111385342B (en) Internet of things industry identification method and device, electronic equipment and storage medium
CN110263534B (en) Blacklist storage method, request interception method, device and storage medium
CN110716778A (en) Application compatibility testing method, device and system
CN113190847A (en) Confusion detection method, device, equipment and storage medium for script file
KR101872406B1 (en) Method and apparatus for quantitavely determining risks of malicious code
CN115514613B (en) Alarm strategy obtaining method and device
CN112052449A (en) Malicious file identification method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210303

Address after: 201111 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Applicant after: Dalu Robot Co.,Ltd.

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: Shenzhen Qianhaida Yunyun Intelligent Technology Co.,Ltd.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 201111 Building 8, No. 207, Zhongqing Road, Minhang District, Shanghai

Applicant after: Dayu robot Co.,Ltd.

Address before: 201111 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Applicant before: Dalu Robot Co.,Ltd.

GR01 Patent grant
GR01 Patent grant