CN109933991A - A kind of method, apparatus of intelligence contract Hole Detection - Google Patents
A kind of method, apparatus of intelligence contract Hole Detection Download PDFInfo
- Publication number
- CN109933991A CN109933991A CN201910213238.5A CN201910213238A CN109933991A CN 109933991 A CN109933991 A CN 109933991A CN 201910213238 A CN201910213238 A CN 201910213238A CN 109933991 A CN109933991 A CN 109933991A
- Authority
- CN
- China
- Prior art keywords
- analysis
- intelligent contract
- svm
- contract
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a kind of method, apparatus of intelligent contract Hole Detection, belongs to intelligent contract technical field.By executing the one or more of static analysis, dynamic analysis and sound hybrid analysis based on SVM for intelligent contract;And according to static analysis, dynamic analysis and/or based on one of sound hybrid analysis of SVM or a variety of analyses as a result, determining the testing result of final intelligent contract loophole.The present invention, intelligent contract code is analyzed by the analysis engine being made of static analysis, dynamic analysis and sound hybrid analysis technique based on SVM, then the extraction of loophole feature is carried out based on the analysis results, it realizes full automation and detects intelligent contract loophole, it is easy to detect, speed is fast, and accuracy rate is high.
Description
Technical field
The present invention relates to intelligent contract technical field more particularly to a kind of method, apparatus of intelligent contract Hole Detection.
Background technique
Ether mill (Ethereum) is the public block platform chain of an open source, he possesses the decentralization of block chain, is total to
The features such as knowledge, distributed account book.It provides the intelligent contract solution based on Solidity language for all developers and puts down
Platform, its various module provided above allow user to create the intelligent contract of to one's name project.
Intelligent contract is a kind of computer protocol for being intended to propagate, verify or execute in a manner of information-based contract.Intelligence is closed
About allow to carry out credible transaction in no third-party situation, these transaction are traceable and irreversible.The mesh of intelligent contract
Be to provide the safety method better than traditional contract, and reduce other transaction costs relevant to contract.
It is to carry out checking that code carries out based on artificial to the no preferably method of intelligent contract Hole Detection in existing market
Detection.But such disadvantage is obvious: firstly, the mode of artificial detection, testing result fully relies on the technical level of detection people,
Cause testing result irregular, Duo Renhe conclude fruit it is inconsistent the problems such as;Secondly, the expense of artificial detection is high, in the market
Artificial detection expense it is few then thousands of, how then hundreds of thousands of, the not public developer of such expense can bear;Third, people
In the dimensions such as engineering waiting, code difficulty, technical level in terms of work on detection time influence be it is very big, detect loophole
Period may be grown very much.
Summary of the invention
In view of this, the present invention provides for the inaccuracy of result present in current intelligent contract detection scheme, at
The disadvantages of this height, long period, proposes a kind of method, apparatus of intelligent contract Hole Detection, to promote the exploitation of developer
Efficiency enhances code safety, reduces time and the input cost of developer.
Technical scheme is as follows: a kind of method of intelligence contract Hole Detection, the method includes for intelligence
Contract executes the one or more of static analysis, dynamic analysis and the sound hybrid analysis based on SVM;
Static analysis, including intelligent contract program is not executed, analysis loophole is carried out to source code;
Dynamic analysis, the corresponding relationship of input, output including establishing intelligent contract, execute intelligent contract program;
Sound hybrid analysis based on SVM, the sample including collecting existing intelligent contract, execute SVM learning model into
Row training, obtains defect model;
According to one of static analysis, dynamic analysis and/or sound hybrid analysis based on SVM or a variety of analyses knot
Fruit determines the testing result of final intelligent contract loophole.
Correspondingly, the static analysis includes: morphological analysis, syntactic analysis, abstract syntax tree analysis, semantic analysis, control
Flow point analysis, data-flow analysis, stain analysis and invalid code analysis processed.
Correspondingly, the dynamic analysis include:
Generate the Application Binary Interface ABI of corresponding intelligent contract;
It based on virtual machine EVM, constructs Binary Interface ABI contract and calls function, and execute the OPCODE of intelligent contract, and
Implementing result is obtained to spring a leak to analyze.
Correspondingly, the sound hybrid analysis based on SVM includes:
It includes: training sample, feature extraction, model initialization, similarity meter that the execution SVM learning model, which is trained,
Calculation, judgement convergence, forms defect model at parameter revaluation.
In addition, to achieve the above object, the present invention also proposes a kind of device of intelligent contract Hole Detection, described device packet
It includes:
One or more in static analysis module, dynamic analysis module and/or sound hybrid analysis module based on SVM
It is a;
Static analysis module, including intelligent contract program is not executed, analysis loophole is carried out to source code;
Dynamic analysis module, the corresponding relationship of input, output including establishing intelligent contract, executes intelligent contract program;
Sound hybrid analysis module based on SVM, the sample including collecting existing intelligent contract, executes SVM and learns mould
Type is trained, and obtains defect model;
Determining module, according to one of static analysis, dynamic analysis and/or sound hybrid analysis based on SVM or more
Kind analysis is as a result, determine the testing result of final intelligent contract loophole.
Correspondingly, the static analysis module includes: morphological analysis, syntactic analysis, abstract syntax tree analysis, semantic point
Analysis, control flow analysis, data-flow analysis, stain analysis and invalid code analysis.
Correspondingly, the dynamic analysis module includes: generation module, the Application Binary Interface of corresponding intelligent contract is generated
ABI;
It executes and analysis module is constructed Binary Interface ABI contract and called function based on virtual machine EVM, and execute intelligence
The OPCODE of contract, and obtain implementing result and springed a leak with analyzing.
Correspondingly, the sound hybrid analysis module based on SVM includes:
Training sample, model initialization, similarity calculation, parameter revaluation, judgement convergence, forms Defect Modes at feature extraction
Type.
In the scheme of the embodiment of the present invention, by executing static analysis, dynamic analysis for intelligent contract and being based on SVM
Sound hybrid analysis it is one or more;Wherein, static analysis includes not executing intelligent contract program, is divided source code
Analyse loophole;Dynamic analysis include establishing the corresponding relationship of input, the output of intelligent contract, execute intelligent contract program;Based on SVM
Sound hybrid analysis include the sample for collecting existing intelligent contract, execute SVM learning model and be trained, obtain Defect Modes
Type;And according to one of static analysis, dynamic analysis and/or sound hybrid analysis based on SVM or a variety of analyses as a result, really
The testing result of fixed final intelligent contract loophole.The present invention, by by static analysis, dynamic analysis and based on the sound of SVM
The analysis engine of hybrid analysis technique composition analyzes intelligent contract code, then carries out loophole feature based on the analysis results
Extraction, realize full automation and detect intelligent contract loophole, easy to detect, speed is fast, and accuracy rate is high.
Detailed description of the invention
Fig. 1 is the method flow diagram for the intelligent contract Hole Detection that the embodiment of the present invention one provides;
Fig. 2 is the Static Analysis Model figure that the embodiment of the present invention one provides;
Fig. 3 is the model for dynamic analysis figure that the embodiment of the present invention one provides;
Fig. 4 is the sound hybrid analysis illustraton of model based on SVM that the embodiment of the present invention one provides;
Fig. 5 is the structure drawing of device of intelligent contract Hole Detection provided by Embodiment 2 of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this
Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts
Example is applied, shall fall within the protection scope of the present invention.
Embodiment one
A kind of method of intelligent contract Hole Detection of the embodiment of the present invention, Fig. 1 is the intelligence that the embodiment of the present invention one provides
The method flow diagram of contract Hole Detection;The method includes executing static analysis, dynamic analysis for intelligent contract and be based on
The sound hybrid analysis of SVM it is one or more;
The present embodiment, intelligent contract leak detection method are to be directed to operate in ether mill network using what Solidity write
Intelligent contract, a series of technology detect made of engine, realize be fully automated analysis the intelligence contract in exists
Loophole situation.In face of intelligent conract market complicated and diversified at present, guarantee oneself project intelligent contract safety be can not
Be altogether unjustifiable, thus be also to intelligent contract safety detection it is essential, the present invention will to all developers one more it is simple easily
With and efficient tool.
Static analysis, including intelligent contract program is not executed, analysis loophole is carried out to source code;
Correspondingly, the static analysis includes: morphological analysis, syntactic analysis, abstract syntax tree analysis, semantic analysis, control
Flow point analysis, data-flow analysis, stain analysis and invalid code analysis processed.
Static analysis refers under conditions of not executing computer program, analyzes source code, finds out aacode defect.
Static analysis generally uses data analysis stream, machine learning, semanteme the technologies such as to simplify, and can rapidly and accurately detect all generations
Combination of paths can be performed in code rank, is directly facing source code, analyzes various problems, such as: deadlock, null pointer, resource leakage, caching
Area is overflowed, security breaches, race condition etc..Static analysis schematic diagram is as shown in Figure 2.
The present embodiment, intelligent contract program file are compiled generally with the input of .sol document form by solc
What Solidity write operates in the intelligent contract of ether mill network.Wherein, solc is the building target of Solidity source code library
One of, it is the command line build device of Solidity.You solc--help order can be used check it total Options solution
It releases.Various outputs can be generated in the compiler, and range is from simple binary file, assembling file to for estimating that " gas " makes
With the abstract syntax tree (analytic tree) of situation.
Morphological analysis: the reading source program of a character, character from left to right flows into the character for constituting source program
Row scanning converts source code into symbol (Token) of equal value by using regular expression matching method and flows, generates correlative symbol
Number list.
Correctly whether syntactic analysis: judging on source program structure, by using context-free grammar that related symbol is whole
Reason is syntax tree.
Abstract syntax tree analysis: by program organization at tree structure, interdependent node represents the related generation in program in tree
Code.
Semantic analysis: the examination of context-sensitive property is carried out to source program correct in structure.
Control flow analysis: generating oriented controlling stream graph, indicates basic code block with node, and the directed edge between node represents control
Flow path processed, reverse edge indicate circulation that may be present;Function call relationship graph is also produced, the nested pass between representative function
System.
Data-flow analysis: traversing controlling stream graph, the initialization points and invocation point of record variable, and it is related to save slice
Data information.
Stain analysis: judge in source code which variable may be under attack based on data flow diagram, be proving program input,
The key of cognizance code expression defect.
Invalid code analysis, can analyze isolated node section according to controlling stream graph is invalid code.
The present embodiment, dynamic analysis, the corresponding relationship of input, output including establishing intelligent contract execute intelligent contract
Program;
Code dynamic debugging, generally by the state of observation program in the process of running, such as content of registers, letter
Number implementing result, memory service condition etc., analytic function function, clear code logic excavate such as integer overflow, and array is overflow
Out, it all kinds of code vulnerabilities such as goes beyond one's commission.It is configured to the code input parameter of triggering loophole first, then true operation or virtual machine
The tested program code of dry run carries out dynamic analysis to its operating condition, the corresponding relationship of input and output is established, to reach
To the purpose of detection.Code flow and data flow are dynamic debugging two aspects usually to be paid special attention to.Dynamic analysis are former
Reason figure is as shown in Figure 3.
Correspondingly, the dynamic analysis include:
Generate the Application Binary Interface ABI of corresponding intelligent contract;
It based on virtual machine EVM, constructs Binary Interface ABI contract and calls function, and execute the OPCODE of intelligent contract, and
Implementing result is obtained to spring a leak to analyze.
As shown in figure 3, the present embodiment, intelligent contract program file passes through solc generally with the input of .sol document form
The intelligent contract for operating in ether mill network that compiling Solidity writes;Further construction abi is called, and is using ABI (contract
Application Binary Interface) call contract function when, incoming ABI can be encoded into calldata.Contract Application Binary Interface
(ABI) a general coding mode is specified.Calldata is by function signature and argument encoding
Two parts composition.By reading the content of call data, EVM can learn the incoming of the function and function needed to be implemented
Value, and make corresponding operation.For EVM, the input data (calldata) of transaction is a byte sequence.EVM
Do not support call method in inside.Further, the OPCODE for executing intelligent contract, obtains the parametric results for being compiled into OPCODE, from
And it obtains implementing result and is springed a leak with analyzing.
The present embodiment, the sound hybrid analysis based on SVM, the sample including collecting existing intelligent contract execute SVM
It practises model to be trained, obtains defect model;
Due to the complexity of code, it is higher that traditional code detection mode reports rate of failing to report by mistake, whether using dynamic or quiet
The detection method of state, detection process is memoryless, only has complementary advantages using the method being association of activity and inertia, can not binding deficient
Library information determines.It is proposed that be based on SVM (support vector machines) sound detection method, due to using interactive mode by the way of come
Loophole is tested, we term it ISST (interactive solidity security testing).
SVM is a kind of supervised learning model, is mainly used for data classification and regression analysis.One group of training example is given,
Each example is marked as one or the other belonged in two classifications, and SVM training algorithm constructs a model, by new example
A classification or another classification are distributed to, non-probability binary linearity classifier is become.SVM model is to be expressed as example
Point in space, mapping is so that individually the example of classification is divided by clear gap as wide as possible.Then new example mappings are arrived
The same space, and fall in which edge prediction belongs to which classification according to them.
It is illustrated in figure 4 the sound hybrid analysis illustraton of model provided in this embodiment based on support vector machines.Pass through thing
There are the code samples of loophole for first collection, are trained into SVM learning model, execute the feature extraction of loophole sample, and raw
At loophole defect model, after model initialization, similarity calculation is executed, to the parameter revaluation in model, and judges mould
Type convergence forms defect model if the model convergence that the parameter after re-evaluating substitutes into model meets the requirements;If weight
The model convergence that parameter after new estimation substitutes into model is undesirable, then returns to parameter revaluation step, continue to execute
Parameter is re-evaluated until model is restrained, to form defect model.
The present embodiment, according to one of static analysis, dynamic analysis and/or sound hybrid analysis based on SVM or more
Kind analysis is as a result, determine the testing result of final intelligent contract loophole.
Specifically, carry out executing the loophole of the intelligent contract of analysis, and comprehensive sieve simultaneously by comprehensive three kinds of analysis modes
Column, form the testing result inventory of final intelligent contract loophole, and export.
Embodiment two
A kind of device of intelligent contract Hole Detection of the embodiment of the present invention, is provided in an embodiment of the present invention as shown in Figure 5
The apparatus structure schematic diagram of intelligent contract Hole Detection, device include:
One or more in static analysis module, dynamic analysis module and/or sound hybrid analysis module based on SVM
It is a;
Static analysis module, including intelligent contract program is not executed, analysis loophole is carried out to source code;
Static analysis module execute static analysis, refer under conditions of not executing computer program, to source code into
Row analysis, finds out aacode defect.Static analysis generally uses data analysis stream, machine learning, semanteme the technologies such as to simplify, can be fast
Speed, which accurately detects all code ranks, can be performed combination of paths, be directly facing source code, analyze various problems, such as: deadlock,
Null pointer, resource leakage, buffer overflow, security breaches, race condition etc..
The present embodiment, intelligent contract program file are compiled generally with the input of .sol document form by solc
What Solidity write operates in the intelligent contract of ether mill network.Wherein, solc is the building target of Solidity source code library
One of, it is the command line build device of Solidity.You solc--help order can be used check it total Options solution
It releases.Various outputs can be generated in the compiler, and range is from simple binary file, assembling file to for estimating that " gas " makes
With the abstract syntax tree (analytic tree) of situation.
Morphological analysis: the reading source program of a character, character from left to right flows into the character for constituting source program
Row scanning converts source code into symbol (Token) of equal value by using regular expression matching method and flows, generates correlative symbol
Number list.
The present embodiment, the static analysis module include: morphological analysis, syntactic analysis, abstract syntax tree analysis, semantic point
Analysis, control flow analysis, data-flow analysis, stain analysis and invalid code analysis.
Wherein, syntactic analysis: judge on source program structure it is whether correct, by using context-free grammar by correlative symbol
Number arrange be syntax tree.
Abstract syntax tree analysis: by program organization at tree structure, interdependent node represents the related generation in program in tree
Code.
Semantic analysis: the examination of context-sensitive property is carried out to source program correct in structure.
Control flow analysis: generating oriented controlling stream graph, indicates basic code block with node, and the directed edge between node represents control
Flow path processed, reverse edge indicate circulation that may be present;Function call relationship graph is also produced, the nested pass between representative function
System.
Data-flow analysis: traversing controlling stream graph, the initialization points and invocation point of record variable, and it is related to save slice
Data information.
Stain analysis: judge in source code which variable may be under attack based on data flow diagram, be proving program input,
The key of cognizance code expression defect.
Invalid code analysis, can analyze isolated node section according to controlling stream graph is invalid code.
The present embodiment, dynamic analysis module, the corresponding relationship of input, output including establishing intelligent contract execute intelligence
Contract program;
Dynamic analysis module mainly utilizes code dynamic debugging, passes through the shape of observation program in the process of running
State, such as content of registers, function implementing result, memory service condition etc., analytic function function, clear code logic are excavated
Such as integer overflow, array are overflowed, all kinds of code vulnerabilities such as go beyond one's commission.Firstly, it is configured to the code input parameter of triggering loophole,
Then the program code that really operation or virtual machine dry run are tested carries out dynamic analysis to its operating condition, establishes defeated
Enter the corresponding relationship of output, to achieve the purpose that detection.Code flow and data flow are that dynamic debugging will usually be paid special attention to
Two aspect.
Correspondingly, the dynamic analysis module includes: generation module, the Application Binary Interface of corresponding intelligent contract is generated
ABI;
It executes and analysis module is constructed Binary Interface ABI contract and called function based on virtual machine EVM, and execute intelligence
The OPCODE of contract, and obtain implementing result and springed a leak with analyzing.
Due to the complexity of code, it is higher that traditional code detection mode reports rate of failing to report by mistake, whether using dynamic or quiet
The detection method of state, detection process is memoryless, only has complementary advantages using the method being association of activity and inertia, can not binding deficient
Library information determines.It is proposed that be based on SVM (support vector machines) sound detection method, due to using interactive mode by the way of come
Loophole is tested, we term it ISST (interactive solidity security testing).
SVM is a kind of supervised learning model, is mainly used for data classification and regression analysis.One group of training example is given,
Each example is marked as one or the other belonged in two classifications, and SVM training algorithm constructs a model, by new example
A classification or another classification are distributed to, non-probability binary linearity classifier is become.SVM model is to be expressed as example
Point in space, mapping is so that individually the example of classification is divided by clear gap as wide as possible.Then new example mappings are arrived
The same space, and fall in which edge prediction belongs to which classification according to them.
The present embodiment is trained by collecting the code sample there are loophole in advance into SVM learning model, is executed
The feature extraction of loophole sample, and loophole defect model is generated, after model initialization, similarity calculation is executed, to mould
Parameter revaluation in type, and judgment models convergence, if the model convergence that the parameter after re-evaluating substitutes into model meets
It is required that then forming defect model;If the model convergence that the parameter after re-evaluating substitutes into model is undesirable, return
To parameter revaluation step, continues to execute parameter and re-evaluate until model is restrained, to form defect model.
The present embodiment, according to static analysis module, dynamic analysis module and/or sound hybrid analysis module based on SVM
One of or a variety of analyses as a result, determining the testing result of final intelligent contract loophole.
Specifically, carry out executing the loophole of the intelligent contract of analysis, and comprehensive sieve simultaneously by comprehensive three kinds of analysis modules
Column, form the testing result inventory of final intelligent contract loophole, and export.
Those of ordinary skill in the art will appreciate that all or part of the steps that realization above-described embodiment method carries is can
To instruct relevant hardware to complete by program, the program be can store in a kind of computer readable storage medium,
The program when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In read/write memory medium.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.)
Formula.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (8)
1. a kind of method of intelligence contract Hole Detection, which is characterized in that the method includes executing static state for intelligent contract
Analysis, dynamic analysis and the sound hybrid analysis based on SVM it is one or more;
Static analysis, including intelligent contract program is not executed, analysis loophole is carried out to source code;Dynamic analysis, including establish intelligence
The corresponding relationship of input, the output of energy contract executes intelligent contract program;
Sound hybrid analysis based on SVM, the sample including collecting existing intelligent contract, executes SVM learning model and is instructed
Practice, obtains defect model;
According to one of static analysis, dynamic analysis and/or sound hybrid analysis based on SVM or a variety of analyses as a result, really
The testing result of fixed final intelligent contract loophole.
2. the method for intelligence contract Hole Detection according to claim 1, which is characterized in that the static analysis includes:
Morphological analysis, syntactic analysis, abstract syntax tree analysis, semantic analysis, control flow analysis, data-flow analysis, stain analysis and
Invalid code analysis.
3. the method for intelligence contract Hole Detection according to claim 1, which is characterized in that the dynamic analysis include:
Generate the Application Binary Interface ABI of corresponding intelligent contract;
It based on virtual machine EVM, constructs Binary Interface ABI contract and calls function, and execute the OPCODE of intelligent contract, and obtain
Implementing result is springed a leak with analyzing.
4. the method for intelligence contract Hole Detection according to claim 1, which is characterized in that the sound based on SVM
Hybrid analysis includes:
The execution SVM learning model be trained include: training sample, feature extraction, model initialization, similarity calculation,
Parameter revaluation, forms defect model at judgement convergence.
5. a kind of device of intelligence contract Hole Detection, which is characterized in that including static analysis module, dynamic analysis module and/
Or one or more of sound hybrid analysis module based on SVM;
Static analysis module, including intelligent contract program is not executed, analysis loophole is carried out to source code;
Dynamic analysis module, the corresponding relationship of input, output including establishing intelligent contract, executes intelligent contract program;
Sound hybrid analysis module based on SVM, the sample including collecting existing intelligent contract, execute SVM learning model into
Row training, obtains defect model;
Determining module, according to one of static analysis, dynamic analysis and/or sound hybrid analysis based on SVM or a variety of points
Analysis is as a result, determine the testing result of final intelligent contract loophole.
6. the device of intelligence contract Hole Detection according to claim 5, which is characterized in that the static analysis module packet
Include: morphological analysis, syntactic analysis, abstract syntax tree analysis, semantic analysis, control flow analysis, data-flow analysis, stain analysis with
And invalid code analysis.
7. the device of intelligence contract Hole Detection according to claim 5, which is characterized in that the dynamic analysis module packet
Include: generation module generates the Application Binary Interface ABI of corresponding intelligent contract;
It executes and analysis module is constructed Binary Interface ABI contract and called function based on virtual machine EVM, and execute intelligent contract
OPCODE, and obtain implementing result and springed a leak with analyzing.
8. the device of intelligence contract Hole Detection according to claim 5, which is characterized in that the sound based on SVM
Hybrid analysis module includes:
Training sample, model initialization, similarity calculation, parameter revaluation, judgement convergence, forms defect model at feature extraction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910213238.5A CN109933991A (en) | 2019-03-20 | 2019-03-20 | A kind of method, apparatus of intelligence contract Hole Detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910213238.5A CN109933991A (en) | 2019-03-20 | 2019-03-20 | A kind of method, apparatus of intelligence contract Hole Detection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109933991A true CN109933991A (en) | 2019-06-25 |
Family
ID=66987739
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910213238.5A Pending CN109933991A (en) | 2019-03-20 | 2019-03-20 | A kind of method, apparatus of intelligence contract Hole Detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109933991A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309660A (en) * | 2019-07-09 | 2019-10-08 | 佛山市伏宸区块链科技有限公司 | A kind of the automation auditing system and method for intelligence contract code |
| CN110399730A (en) * | 2019-07-24 | 2019-11-01 | 上海交通大学 | Inspection method, system and the medium of intelligent contract loophole |
| CN110502898A (en) * | 2019-07-31 | 2019-11-26 | 深圳前海达闼云端智能科技有限公司 | Method, system, device, storage medium and the electronic equipment of the intelligent contract of audit |
| CN110532782A (en) * | 2019-07-30 | 2019-12-03 | 平安科技(深圳)有限公司 | A kind of detection method of task execution program, device and storage medium |
| CN110543419A (en) * | 2019-08-28 | 2019-12-06 | 杭州趣链科技有限公司 | intelligent contract code vulnerability detection method based on deep learning technology |
| CN110597731A (en) * | 2019-09-20 | 2019-12-20 | 北京丁牛科技有限公司 | Vulnerability detection method and device and electronic equipment |
| CN110737899A (en) * | 2019-09-24 | 2020-01-31 | 暨南大学 | machine learning-based intelligent contract security vulnerability detection method |
| CN110866255A (en) * | 2019-11-07 | 2020-03-06 | 博雅正链(北京)科技有限公司 | Intelligent contract vulnerability detection method |
| CN111125716A (en) * | 2019-12-19 | 2020-05-08 | 中国人民大学 | Method and device for detecting Ethernet intelligent contract vulnerability |
| CN111310191A (en) * | 2020-02-12 | 2020-06-19 | 广州大学 | Block chain intelligent contract vulnerability detection method based on deep learning |
| CN111460454A (en) * | 2020-03-13 | 2020-07-28 | 中国科学院计算技术研究所 | Intelligent contract similarity retrieval method and system based on stack instruction sequence |
| CN112256271A (en) * | 2020-10-19 | 2021-01-22 | 中国科学院信息工程研究所 | Block chain intelligent contract security detection system based on static analysis |
| CN112416358A (en) * | 2020-11-20 | 2021-02-26 | 武汉大学 | Intelligent contract code defect detection method based on structured word embedded network |
| CN112581140A (en) * | 2020-12-24 | 2021-03-30 | 西安深信科创信息技术有限公司 | Intelligent contract verification method and computer storage medium |
| CN112613043A (en) * | 2020-12-30 | 2021-04-06 | 杭州趣链科技有限公司 | Intelligent contract vulnerability detection method based on intelligent contract calling network |
| WO2021114093A1 (en) * | 2019-12-10 | 2021-06-17 | 中国科学院深圳先进技术研究院 | Deep learning-based smart contract vulnerability detection method |
| CN113360915A (en) * | 2021-06-09 | 2021-09-07 | 扬州大学 | Intelligent contract multi-vulnerability detection method and system based on source code graph representation learning |
| CN113449303A (en) * | 2021-06-28 | 2021-09-28 | 杭州云象网络技术有限公司 | Intelligent contract vulnerability detection method and system based on teacher-student network model |
| CN113486357A (en) * | 2021-07-07 | 2021-10-08 | 东北大学 | Intelligent contract security detection method based on static analysis and deep learning |
| CN113919841A (en) * | 2021-12-13 | 2022-01-11 | 北京雁翎网卫智能科技有限公司 | Block chain transaction monitoring method and system based on static characteristics and dynamic instrumentation |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107194260A (en) * | 2017-04-20 | 2017-09-22 | 中国科学院软件研究所 | A kind of Linux Kernel association CVE intelligent Forecastings based on machine learning |
| CN108345794A (en) * | 2017-12-29 | 2018-07-31 | 北京物资学院 | The detection method and device of Malware |
| CN108776936A (en) * | 2018-06-05 | 2018-11-09 | 中国平安人寿保险股份有限公司 | Settlement of insurance claim method, apparatus, computer equipment and storage medium |
| CN108985066A (en) * | 2018-05-25 | 2018-12-11 | 北京金山安全软件有限公司 | Intelligent contract security vulnerability detection method, device, terminal and storage medium |
| CN109063477A (en) * | 2018-07-18 | 2018-12-21 | 成都链安科技有限公司 | A kind of intelligent contract aacode defect detection system and method for automation |
| US20190012662A1 (en) * | 2017-07-07 | 2019-01-10 | Symbiont.Io, Inc. | Systems, methods, and devices for reducing and/or eliminating data leakage in electronic ledger technologies for trustless order matching |
| CN109308413A (en) * | 2018-11-28 | 2019-02-05 | 杭州复杂美科技有限公司 | Feature extracting method, model generating method and malicious code detecting method |
-
2019
- 2019-03-20 CN CN201910213238.5A patent/CN109933991A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107194260A (en) * | 2017-04-20 | 2017-09-22 | 中国科学院软件研究所 | A kind of Linux Kernel association CVE intelligent Forecastings based on machine learning |
| US20190012662A1 (en) * | 2017-07-07 | 2019-01-10 | Symbiont.Io, Inc. | Systems, methods, and devices for reducing and/or eliminating data leakage in electronic ledger technologies for trustless order matching |
| CN108345794A (en) * | 2017-12-29 | 2018-07-31 | 北京物资学院 | The detection method and device of Malware |
| CN108985066A (en) * | 2018-05-25 | 2018-12-11 | 北京金山安全软件有限公司 | Intelligent contract security vulnerability detection method, device, terminal and storage medium |
| CN108776936A (en) * | 2018-06-05 | 2018-11-09 | 中国平安人寿保险股份有限公司 | Settlement of insurance claim method, apparatus, computer equipment and storage medium |
| CN109063477A (en) * | 2018-07-18 | 2018-12-21 | 成都链安科技有限公司 | A kind of intelligent contract aacode defect detection system and method for automation |
| CN109308413A (en) * | 2018-11-28 | 2019-02-05 | 杭州复杂美科技有限公司 | Feature extracting method, model generating method and malicious code detecting method |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309660A (en) * | 2019-07-09 | 2019-10-08 | 佛山市伏宸区块链科技有限公司 | A kind of the automation auditing system and method for intelligence contract code |
| CN110399730A (en) * | 2019-07-24 | 2019-11-01 | 上海交通大学 | Inspection method, system and the medium of intelligent contract loophole |
| CN110399730B (en) * | 2019-07-24 | 2021-05-04 | 上海交通大学 | Method, system and medium for checking intelligent contract vulnerability |
| CN110532782A (en) * | 2019-07-30 | 2019-12-03 | 平安科技(深圳)有限公司 | A kind of detection method of task execution program, device and storage medium |
| CN110502898A (en) * | 2019-07-31 | 2019-11-26 | 深圳前海达闼云端智能科技有限公司 | Method, system, device, storage medium and the electronic equipment of the intelligent contract of audit |
| CN110543419A (en) * | 2019-08-28 | 2019-12-06 | 杭州趣链科技有限公司 | intelligent contract code vulnerability detection method based on deep learning technology |
| CN110543419B (en) * | 2019-08-28 | 2021-09-03 | 杭州趣链科技有限公司 | Intelligent contract code vulnerability detection method based on deep learning technology |
| CN110597731A (en) * | 2019-09-20 | 2019-12-20 | 北京丁牛科技有限公司 | Vulnerability detection method and device and electronic equipment |
| CN110737899A (en) * | 2019-09-24 | 2020-01-31 | 暨南大学 | machine learning-based intelligent contract security vulnerability detection method |
| CN110737899B (en) * | 2019-09-24 | 2022-09-06 | 暨南大学 | Intelligent contract security vulnerability detection method based on machine learning |
| CN110866255B (en) * | 2019-11-07 | 2022-04-12 | 博雅正链(北京)科技有限公司 | Intelligent contract vulnerability detection method |
| CN110866255A (en) * | 2019-11-07 | 2020-03-06 | 博雅正链(北京)科技有限公司 | Intelligent contract vulnerability detection method |
| WO2021114093A1 (en) * | 2019-12-10 | 2021-06-17 | 中国科学院深圳先进技术研究院 | Deep learning-based smart contract vulnerability detection method |
| CN111125716A (en) * | 2019-12-19 | 2020-05-08 | 中国人民大学 | Method and device for detecting Ethernet intelligent contract vulnerability |
| CN111310191B (en) * | 2020-02-12 | 2022-12-23 | 广州大学 | Block chain intelligent contract vulnerability detection method based on deep learning |
| CN111310191A (en) * | 2020-02-12 | 2020-06-19 | 广州大学 | Block chain intelligent contract vulnerability detection method based on deep learning |
| CN111460454A (en) * | 2020-03-13 | 2020-07-28 | 中国科学院计算技术研究所 | Intelligent contract similarity retrieval method and system based on stack instruction sequence |
| CN112256271A (en) * | 2020-10-19 | 2021-01-22 | 中国科学院信息工程研究所 | Block chain intelligent contract security detection system based on static analysis |
| CN112416358A (en) * | 2020-11-20 | 2021-02-26 | 武汉大学 | Intelligent contract code defect detection method based on structured word embedded network |
| CN112416358B (en) * | 2020-11-20 | 2022-04-29 | 武汉大学 | Intelligent contract code defect detection method based on structured word embedded network |
| CN112581140A (en) * | 2020-12-24 | 2021-03-30 | 西安深信科创信息技术有限公司 | Intelligent contract verification method and computer storage medium |
| CN112613043A (en) * | 2020-12-30 | 2021-04-06 | 杭州趣链科技有限公司 | Intelligent contract vulnerability detection method based on intelligent contract calling network |
| CN112613043B (en) * | 2020-12-30 | 2024-02-27 | 杭州趣链科技有限公司 | Intelligent contract vulnerability detection method based on intelligent contract calling network |
| CN113360915A (en) * | 2021-06-09 | 2021-09-07 | 扬州大学 | Intelligent contract multi-vulnerability detection method and system based on source code graph representation learning |
| CN113360915B (en) * | 2021-06-09 | 2023-09-26 | 扬州大学 | Intelligent contract multi-vulnerability detection method and system based on source code diagram representation learning |
| CN113449303A (en) * | 2021-06-28 | 2021-09-28 | 杭州云象网络技术有限公司 | Intelligent contract vulnerability detection method and system based on teacher-student network model |
| CN113486357A (en) * | 2021-07-07 | 2021-10-08 | 东北大学 | Intelligent contract security detection method based on static analysis and deep learning |
| CN113486357B (en) * | 2021-07-07 | 2024-02-13 | 东北大学 | Intelligent contract security detection method based on static analysis and deep learning |
| CN113919841A (en) * | 2021-12-13 | 2022-01-11 | 北京雁翎网卫智能科技有限公司 | Block chain transaction monitoring method and system based on static characteristics and dynamic instrumentation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109933991A (en) | A kind of method, apparatus of intelligence contract Hole Detection | |
| CN109948345A (en) | A kind of method, the system of intelligence contract Hole Detection | |
| CN105653956B (en) | Android malware classification method based on dynamic behaviour dependency graph | |
| Murtaza et al. | A host-based anomaly detection approach by representing system calls as states of kernel modules | |
| US10970449B2 (en) | Learning framework for software-hardware model generation and verification | |
| Amar et al. | Using finite-state models for log differencing | |
| Chen et al. | Cati: Context-assisted type inference from stripped binaries | |
| Ardito et al. | Automated test selection for Android apps based on APK and activity classification | |
| Hu et al. | Detect defects of solidity smart contract based on the knowledge graph | |
| Mao et al. | Explainable software vulnerability detection based on attention-based bidirectional recurrent neural networks | |
| Kang et al. | Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability | |
| CN114254323A (en) | Software vulnerability analysis method and system based on PCODE and Bert | |
| Zhao et al. | Suzzer: A vulnerability-guided fuzzer based on deep learning | |
| Fabre et al. | Building dependable COTS microkernel-based systems using MAFALDA | |
| Křena et al. | Automated formal analysis and verification: an overview | |
| Zheng et al. | Representation vs. model: what matters most for source code vulnerability detection | |
| Yuan et al. | Alternating GUI test generation and execution | |
| CN114579431A (en) | Zero-removing error detection method based on hybrid analysis | |
| Zhang et al. | ReSPlay: Improving Cross-Platform Record-and-Replay with GUI Sequence Matching | |
| Mi et al. | Automatic detecting performance bugs in cloud computing systems via learning latency specification model | |
| Data | Suzzer: A Vulnerability-Guided Fuzzer Based on Deep Learning | |
| CN113204765B (en) | Method and system for testing HyperLegger Fabric chain code | |
| Yang et al. | Fuzzing IPC with knowledge inference | |
| Canbek | The need for a systematic machine-learning process: A proposal via a mobile malware classification case study | |
| Jasper | Synthesizing realistic verification tasks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190625 |
|
| WD01 | Invention patent application deemed withdrawn after publication |