CN113326050A - Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test - Google Patents

Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test Download PDF

Info

Publication number
CN113326050A
CN113326050A CN202110766018.2A CN202110766018A CN113326050A CN 113326050 A CN113326050 A CN 113326050A CN 202110766018 A CN202110766018 A CN 202110766018A CN 113326050 A CN113326050 A CN 113326050A
Authority
CN
China
Prior art keywords
path
contract
smart contract
function execution
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110766018.2A
Other languages
Chinese (zh)
Other versions
CN113326050B (en
Inventor
刘振广
刘灵凤
钱鹏
徐小俊
武思凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN202110766018.2A priority Critical patent/CN113326050B/en
Publication of CN113326050A publication Critical patent/CN113326050A/en
Application granted granted Critical
Publication of CN113326050B publication Critical patent/CN113326050B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/42Syntactic analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本发明公开了一种基于神经网络与动态模糊测试结合的智能合约漏洞检测方法,通过构建前馈神经网络模型对智能合约漏洞进行静态分析,标注可能存在漏洞的函数执行路径,使用SIF对可能存在漏洞的函数执行路径进行插桩处理,利用前瞻分析法引导模糊检测器对可能存在漏洞的函数执行路径进行动态模糊检测,构建基于控制流和智能合约状态的反馈机制,通过反馈信息指导模糊检测器产生有效的测试用例,进行有策略的动态模糊检测。相较于传统的智能合约漏洞检测工具,本发明提供了一种新的方案,有效地改善了传统单一的静态检测或动态分析方法的误判、漏报等情况,不仅具有良好的实用价值,而且具有很好的借鉴意义。

Figure 202110766018

The invention discloses a smart contract vulnerability detection method based on the combination of neural network and dynamic fuzzing test. By constructing a feedforward neural network model, the smart contract vulnerability is statically analyzed, the function execution path with possible loopholes is marked, and the SIF is used to detect possible loopholes. The vulnerability function execution path is instrumented, and the forward-looking analysis method is used to guide the fuzzy detector to perform dynamic fuzzy detection on the function execution path that may have vulnerabilities, and a feedback mechanism based on control flow and smart contract status is constructed to guide the fuzzy detector through the feedback information. Generate effective test cases for strategic dynamic fuzzing. Compared with the traditional smart contract vulnerability detection tool, the present invention provides a new solution, which effectively improves the misjudgment and omission of traditional single static detection or dynamic analysis methods, and not only has good practical value, but also has good practical value. And it is a good reference.

Figure 202110766018

Description

Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test
Technical Field
The invention belongs to the technical field of block chain intelligent contract security, and particularly relates to an intelligent contract vulnerability detection method based on combination of a neural network and a dynamic fuzzy test.
Background
An intelligent contract is a computer protocol for propagating, verifying or executing contracts in an informatization mode, and the intelligent contract quickly becomes the focus of industry attention by the characteristics of decentralization, no need of third party intervention and the like. Until now, smart contracts deployed on various blockchain platforms have dominated digital currency in excess of 100 billion dollars in value; it is worth mentioning that smart contracts allow users to conduct digital currency transactions without third party intervention, and that these transactions are irreversible.
Smart contracts are easily targeted for hacking because they manipulate vast amounts of money. For example, in 2016 The DAO attack event, an attacker steals an ethernet coin worth nearly $ 6000 million with The reentrant vulnerability of The DAO contract; in 2018, in a catena loophole event, an attacker infinitely copies tokens by utilizing an integer overflow loophole of a catena BEC contract, so that the value evaporation of the BEC tokens is zeroed. The intelligent contract vulnerability not only causes huge economic loss to users, but also destroys the trust foundation of the public for the intelligent contract. Therefore, it is urgent to develop an accurate intelligent contract vulnerability detection tool.
Most of intelligent contract vulnerability detection tools at the present stage are based on static source code or byte code analysis, however, due to the lack of dynamic interaction with an external contract, the static analysis method often has the situation of missing report or false report; the dynamic analysis method has the advantages of high automation degree, good usability, low false alarm rate and the like, and can execute and cover a deeper execution path by generating a test case to dynamically execute a program.
The core idea of the conventional dynamic analysis method is to provide a large number of test samples for a program and monitor abnormal behaviors in a contract execution process to find a contract bug. However, most test cases are often randomly generated, which results in high redundancy of the test cases, low path coverage and difficulty in processing different execution paths in a balanced manner, for example, Echidna [ Echidna, a smart fuzzer for ethernet. rail of Bits Blog, mar.2018] provides a complete intelligent contract fuzzy testing framework for fabs, which can analyze and simulate execution of intelligent contract source codes and generate random transaction data meeting contract calling specifications to perform fuzzy testing on contracts, but does not deeply discuss a more effective seed generation strategy. The method comprises the steps of generating random transactions by randomly generating call parameters, transaction amount and transaction sending address, carrying out offline vulnerability detection by recording instruction logs during intelligent contract execution, and randomly generating test cases by the ContractFuzzer [ Bo J, Ye L, Chan W K.
Disclosure of Invention
In view of the above, the invention provides an intelligent contract vulnerability detection method based on a combination of a neural network and a dynamic fuzzy test, which can effectively improve the conditions of misjudgment, missing report and the like of the traditional single static detection or dynamic analysis method and improve the accuracy of intelligent contract vulnerability detection.
An intelligent contract vulnerability detection method based on combination of a neural network and dynamic fuzzy test comprises the following steps:
(1) establishing a program execution flow graph of an intelligent contract, and extracting a function execution path in the program execution flow graph;
(2) constructing a vulnerability detection model based on a feedforward neural network and training the vulnerability detection model to automatically mark a function execution path which may have a vulnerability in a detected contract;
(3) using an intelligent contract instrumentation frame SIF to instrumentation branch positions of function execution paths with possible bugs, and collecting the execution path information of a program in the process of fuzzy test; aiming at different test cases, acquiring function execution paths corresponding to the tested contracts, analyzing the different function execution paths by using a look-ahead analysis method, and distributing different weights to the test cases;
(4) allocating detection resources for a test case for executing dynamic fuzzy detection according to the weight, monitoring whether a function execution path of a contract is abnormal in the dynamic fuzzy detection process, recording test data and information of the abnormal operation, and outputting a dynamic fuzzy detection log;
(5) and analyzing the detection log, and optimizing the fuzzy detector to generate an effective test case.
Further, the specific implementation manner of the step (1) is as follows: the method comprises the steps of constructing an intelligent contract source code data set by taking an intelligent Ethernet contract as an object, converting intelligent contract source codes into a corresponding program execution flow graph by using an automatic extraction tool, extracting corresponding function execution paths according to function execution flow information stored in the program execution flow graph, converting all the function execution paths into vector forms input by a neural network, and dividing the vector forms into a training set and a testing set.
Further, the specific implementation manner of the step (2) is as follows: firstly, label is carried out on the function execution path in the training set: marking the execution path with holes as 1 and the execution path without holes as 0; then constructing a vulnerability detection model based on a feedforward neural network, inputting a training set function execution path into the model in a vector form, taking label corresponding to the function execution path as a truth label of model output, and training the model; and finally, inputting the test set function execution path into the trained model in a vector form, and outputting and judging whether the corresponding function execution path has a bug.
Further, the specific implementation manner of the step (3) is as follows: firstly compiling an intelligent contract to generate a corresponding abstract syntax tree AST, traversing the AST by utilizing SIF (Scale invariant feature transform), namely defining different structural body record node information according to AST nodes of different types of functions, instantiating each node, executing a path for a function possibly having a vulnerability in the contract, collecting node information related to the path, and inserting an assertion statement into the front of a related node to be used as an additional node for analysis and detection; secondly, converting the modified AST into an intelligent contract source code again, performing dynamic fuzzy test on the intelligent contract, and collecting control flow and data flow information of a program in the test process to obtain dynamic information of a function execution path; aiming at the problems of high repetition rate, low case execution efficiency, uneven resource distribution and the like of test cases, analyzing each test case added into a fuzzy detector by using a look-ahead analysis method, and distributing weights by the fuzzy detector according to path hash values and segmentation node sets corresponding to the test cases: when the times of executing the hash value of the corresponding path by the test case is less than a set threshold value, a higher weight is distributed to the test case; and when the times that the test case passes through the segmentation nodes on the corresponding path are less than a set threshold value, distributing higher weight to the test case.
Further, the concrete implementation process of analyzing the test case by using the look-ahead analysis method is as follows: giving a group of test cases, interacting with the detected contracts to obtain function execution paths corresponding to different test cases, continuously iterating each segmentation node (namely a point of a function execution path branch) on the function execution path, judging whether the function execution path prefix is a non-target path prefix by prefix inference and suffix check at the segmentation node, calculating a hash value and a segmentation node set of the path, and finally recording the path hash value, the segmentation node set, the test cases and path identifiers corresponding to the test cases obtained by prospective analysis into the path set; the prefix inference is to abstract and interpret all possible inputs of the segmented nodes and infer postconditions; and the suffix check is to check whether the suffix path can not reach the target position according to the postcondition given by prefix deduction, and if all the target positions can not be reached, the hash value and the segmentation node set of the path are calculated and returned.
Further, the specific implementation manner of the step (4) is as follows: firstly, according to the weight proportion of the test cases, distributing different detection resources for the test cases executing dynamic fuzzy detection, namely, the detection resources distributed with high weight are more, and the detection resources distributed with low weight are less; generating different test case inputs by a mutation method in the dynamic fuzzy detection process, collecting currently input path information, comparing the currently input path information with paths in a path set, and updating the set if the current path is not in the set; and then recording contract states including contract balances and participant balances before and after execution of each test case, and defining different predictions for detection aiming at different vulnerability types.
Further, for a reentrant vulnerability, whether the vulnerability exists is judged by a subinterpretation rentrancycall and a CallAgentWithValue, wherein the subinterpretation renternancale, namely an original function call, appears more than once in a nested call chain starting from the subinterpretation renternarycall, and the subintergentwthvalue comprises the following three rules:
a. the Ethernet currency sent by the function call is greater than 0;
b. the called function has enough Gas to execute complex codes, namely, the function calling is not carried out through the Send function or the Transfer function;
c. the called contract is specified by the original contract caller, rather than being hard-coded in the original contract.
Further, the specific implementation manner of the step (5) is as follows: according to a detection log generated in the dynamic fuzzy detection process, data stream information and contract state information are acquired and analyzed and fed back to a fuzzy detector to guide the fuzzy detector to generate an effective test case, and the method specifically comprises the following two parts:
data flow directs function call order: if two functions operate a certain variable (such as account balance) in the intelligent contract at the same time in the test case, exchanging the positions of the two functions;
intelligent contract state guidance input generation: in most cases, the execution of the test case depends on the state of the contract (such as the balance of the contract), for example, in a reentrant vulnerability, as long as the number of the Ethernet coins stored in the contract is larger than that of the Ethernet coins taken out, the vulnerability can be successfully detected; thus, the contract run state during the blur detection process may be recorded into the dynamic dictionary, after which the function input is generated from the state in the dictionary.
The method comprises the steps of constructing a feedforward neural network model to carry out static analysis on intelligent contract vulnerabilities, labeling function execution paths with vulnerabilities, using SIF to carry out instrumentation processing on the function execution paths with vulnerabilities, guiding a fuzzy detector to carry out dynamic fuzzy detection on the function execution paths with vulnerabilities by using a look-ahead analysis method, constructing a feedback mechanism based on a control flow and an intelligent contract state, guiding the fuzzy detector to generate an effective test case through feedback information, and carrying out strategic dynamic fuzzy detection. Compared with the traditional intelligent contract vulnerability detection tool, the invention provides a new scheme, effectively improves the conditions of misjudgment, missing report and the like of the traditional single static detection or dynamic analysis method, has good practical value and good reference significance, and has the following 4 main beneficial technical effects and innovativeness:
1. the invention provides a vulnerability detection model based on a feedforward neural network, which takes a function execution path vector as input to carry out security vulnerability model training and marks out an execution path which may have a vulnerability.
2. The invention provides a method for inserting piles into execution paths with possible bugs by utilizing SIF, and allocates different test resources for different branch test cases by using a forward-looking analysis method in the dynamic fuzzy test process, so that a fuzzifier is effectively guided to reach a target position for testing, and the efficiency of the dynamic fuzzy test is improved.
3. The feedback mechanism provided by the invention guides the fuzzy detector to generate reasonable input through data flow, control flow and intelligent contract state, so that the fuzzy test can more easily reach the path with the vulnerability.
4. The invention provides a vulnerability detection method combining a neural network and dynamic fuzzy test, which can carry out dynamic fuzzy test on different function execution paths in a targeted manner according to the static analysis result of a neural network model, and provides a new idea for intelligent contract vulnerability detection.
Drawings
FIG. 1 is a schematic flow chart of an intelligent contract vulnerability detection method according to the present invention.
FIG. 2 is a schematic diagram of an intelligent contract vulnerability detection architecture according to the present invention.
Fig. 3 is a schematic diagram illustrating simulation for reentrant vulnerability detection in an embodiment of the present invention.
Detailed Description
In order to more specifically describe the present invention, the following detailed description is provided for the technical solution of the present invention with reference to the accompanying drawings and the specific embodiments.
The invention relates to a dynamic intelligent contract vulnerability detection method based on combination of a neural network and dynamic fuzzy test, which mainly converts an intelligent contract into a contract execution flow graph by means of an automatic extraction tool, further extracts a function execution path in the contract execution flow graph, converts the function execution path into a vector form by using a vector conversion tool, constructs a feedforward neural network model to perform vulnerability detection on the intelligent contract, and performs instrumentation on an execution path possibly having vulnerabilities by using SIF (scale invariant feature) and a dynamic fuzzy test; in the dynamic fuzzy test process, aiming at different test cases, acquiring a function execution path corresponding to a detected contract; analyzing different function execution paths by using a look-ahead analysis method, and distributing different test weights; monitoring the function or path executed in the fuzzy test process, analyzing the abnormal function or execution path to output the bug detection result, and feeding back the generated data stream and contract state information to the fuzzifier to generate the input conforming to the actual situation in the dynamic detection process according to the dynamic fuzzy detection log, wherein the process is shown in fig. 1.
As shown in FIG. 2, the intelligent contract vulnerability detection mainly comprises a static detection stage and a fuzzy test stage.
Firstly, in a static detection stage, taking an Etherhouse intelligent contract as a research object, collecting the intelligent contract, constructing an intelligent contract data set, converting the intelligent contract data set into a contract execution flow graph by using an automatic extraction tool, extracting an execution path in a control flow graph, and converting the execution path into a vector form by using a vector conversion tool.
And then, carrying out vulnerability detection on the intelligent contract by utilizing the feedforward neural network model, and giving out an execution path which may have the vulnerability.
Furthermore, the intelligent contract is compiled and converted into an AST form, SIF is used for instrumentation of paths with possible problems according to vulnerability analysis results given by the feedforward neural network model, and execution path information of the program is collected in the fuzzy test process. Aiming at different test cases, acquiring function execution paths corresponding to the tested contracts, analyzing the different function execution paths by using a lookup head method to obtain corresponding LIDs and SPs of the test cases, and distributing different test weights to the different test cases to find the optimal test case; the LID is a hash value calculated by a target-free path prefix, and the SP is a point where a function execution path generates branches.
Finally, monitoring the execution path or function execution of the contract in the fuzzy test process by using a dynamic fuzzy detector, recording test data and abnormal information which generate abnormity, and outputting a dynamic detection log; and detecting log information generated in the fuzzy test process, acquiring data stream and intelligent contract state and feeding back to a fuzzy detector, wherein the fuzzy detector generates input more conforming to the actual situation through analysis.
In this example, the reentrant vulnerability shown in fig. 3 is taken as an example, and the specific detection process is as follows:
(1) given a test contract, the control flow graph is converted into a control flow graph by using a control flow graph conversion tool, an execution path in the control flow graph is extracted, and the execution path is converted into a path vector form by using a vector conversion tool and serves as a model input.
(2) Inputting the path vector into a vulnerability detection model for detection, and marking out an execution path and a function which may have a vulnerability.
(3) According to the detection result of the vulnerability model, firstly compiling the intelligent contract to generate a corresponding abstract syntax tree AST, and recording the relevant information of each node; and then, modifying corresponding nodes in the AST by using SIF according to the result of vulnerability detection, inserting related assertion statements into a path with the vulnerability as additional nodes for analysis and detection, and converting the modified AST into an intelligent contract source code again.
(4) In the fuzz testing process, a transaction sequence is given: despoit (3) - > within (5), executing the transaction sequence to obtain a corresponding path pi, continuously iterating all SPs on the path, deducing prefixes at the SPs to obtain a postcondition, checking whether suffixes of the path cannot reach a target position according to the postcondition, and finally calculating to obtain the LID and the SPs of the path.
(5) And the fuzzifier assigns a weight value of 2 to the test case according to the LID and the SPs obtained by analyzing the path pi by the lookahead.
(6) Distributing test resources according to the weight distributed to the test case, performing fuzzy test, generating different inputs through the variation of the test case in the test process, collecting the currently input path information, comparing the currently input path information with the paths in the PIDs, and updating the set if the paths do not exist in the set; wherein the PID is a path identifier corresponding to the test case.
(7) Recording the execution state of the test case in the test process, carrying out prediction detection, feeding back detection log information to the fuzzifier when no leak is detected.
(8) According to the log information generated by the dynamic fuzzy detection, the fuzzifier finds that the balance of the account of the current attacker is 3 and the taken-out Ethernet currency is 5 by analyzing the state of the intelligent contract in the test process, so that the test fails; and reducing the number of taken out Ethernet coins according to the feedback information fuzzifier, generating a new test case despoit (3) - > withdaw (2), and then performing dynamic fuzzification test, and obtaining that the contract has reentrant bugs through prediction detection.
The embodiments described above are presented to enable a person having ordinary skill in the art to make and use the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.

Claims (8)

1.一种基于神经网络与动态模糊测试结合的智能合约漏洞检测方法,包括如下步骤:1. A smart contract vulnerability detection method based on the combination of neural network and dynamic fuzzing, comprising the following steps: (1)建立智能合约的程序执行流图,提取其中的函数执行路径;(1) Establish the program execution flow graph of the smart contract, and extract the function execution path in it; (2)构建基于前馈神经网络的漏洞检测模型并对其进行训练,用以自动标注被检测合约中可能存在漏洞的函数执行路径;(2) Build and train a vulnerability detection model based on a feedforward neural network to automatically mark the function execution paths that may have vulnerabilities in the detected contract; (3)使用智能合约插桩框架SIF对可能存在漏洞的函数执行路径的分支位置进行插桩,在模糊测试过程中收集程序的执行路径信息;针对不同的测试用例,获取其与被检测合约对应的函数执行路径,利用前瞻分析法对不同的函数执行路径进行分析,并为各测试用例分配不同的权重;(3) Use the smart contract instrumentation framework SIF to instrument the branch positions of the execution paths of functions that may have vulnerabilities, and collect the execution path information of the program during the fuzzing test; for different test cases, obtain the corresponding contract with the detected contract. Use forward-looking analysis to analyze different function execution paths, and assign different weights to each test case; (4)根据权重为执行动态模糊检测的测试用例分配检测资源,监控动态模糊检测过程中合约的函数执行路径是否产生异常,并记录产生异常的测试数据和信息,输出动态模糊检测日志;(4) Allocate detection resources for the test cases performing dynamic fuzzy detection according to the weight, monitor whether the function execution path of the contract is abnormal during the dynamic fuzzy detection process, record the abnormal test data and information, and output the dynamic fuzzy detection log; (5)分析检测日志,优化模糊检测器使其生成有效的测试用例。(5) Analyze the detection log and optimize the fuzzy detector to generate effective test cases. 2.根据权利要求1所述的智能合约漏洞检测方法,其特征在于:所述步骤(1)的具体实现方式为:以以太坊智能合约为对象,构建智能合约源码数据集,利用自动化提取工具将智能合约源码转换为相应的程序执行流图,然后根据程序执行流图中存储的函数执行流信息提取相应的函数执行路径,并将所有函数执行路径转换为神经网络输入的向量形式且划分为训练集和测试集。2. smart contract vulnerability detection method according to claim 1, is characterized in that: the concrete implementation mode of described step (1) is: take Ethereum smart contract as object, construct smart contract source code data set, utilize automatic extraction tool Convert the smart contract source code into the corresponding program execution flow graph, then extract the corresponding function execution path according to the function execution flow information stored in the program execution flow graph, and convert all function execution paths into the vector form of neural network input and divide them into training set and test set. 3.根据权利要求2所述的智能合约漏洞检测方法,其特征在于:所述步骤(2)的具体实现方式为:首先对训练集中的函数执行路径进行label标注:有漏洞的执行路径标记为1,无漏洞的执行路径标记为0;然后构建基于前馈神经网络的漏洞检测模型,将训练集函数执行路径以向量形式输入模型中,将函数执行路径对应的label作为模型输出的真值标签,对模型进行训练;最后将测试集函数执行路径以向量形式输入至训练完成的模型中,即可输出判别对应的函数执行路径是否存在漏洞。3. The smart contract vulnerability detection method according to claim 2, characterized in that: the specific implementation of the step (2) is: firstly, label the function execution path in the training set: the execution path with loopholes is marked as 1. The non-vulnerable execution path is marked as 0; then a vulnerability detection model based on a feedforward neural network is constructed, the training set function execution path is input into the model in the form of a vector, and the label corresponding to the function execution path is used as the true value label of the model output , train the model; finally, input the test set function execution path into the trained model in the form of a vector, and then output to determine whether the corresponding function execution path has loopholes. 4.根据权利要求1所述的智能合约漏洞检测方法,其特征在于:所述步骤(3)的具体实现方式为:首先将智能合约编译生成相应的抽象语法树AST,利用SIF遍历AST,即根据不同类型函数的AST节点定义不同的结构体记录节点信息,并实例化每个节点,对于合约中可能存在漏洞的函数执行路径,收集与该路径有关的节点信息,使用断言语句插入到相关节点之前,作为额外的节点,用于分析检测;然后将修改后的AST重新转换为智能合约源码,在智能合约上进行动态模糊测试,并在测试过程中收集程序的控制流和数据流信息,得到函数执行路径的动态信息;最后利用前瞻分析法对添加到模糊检测器中的每个测试用例进行分析,并由模糊检测器根据测试用例对应的路径哈希值和分割节点集合分配权重:即当测试用例执行其对应路径哈希值的次数小于设定阈值,则为其分配更高的权重;当测试用例通过其对应路径上分割节点的次数小于设定阈值,则为其分配更高的权重。4. smart contract vulnerability detection method according to claim 1, is characterized in that: the concrete implementation mode of described step (3) is: at first the smart contract is compiled to generate corresponding abstract syntax tree AST, utilize SIF to traverse AST, that is, According to the AST nodes of different types of functions, define different structures to record the node information, and instantiate each node. For the function execution path that may have vulnerabilities in the contract, collect the node information related to the path, and use the assertion statement to insert it into the relevant node. Before, it was used as an additional node for analysis and detection; then the modified AST was re-converted into the source code of the smart contract, dynamic fuzzing was performed on the smart contract, and the control flow and data flow information of the program were collected during the testing process to get The dynamic information of the function execution path; finally, the forward-looking analysis method is used to analyze each test case added to the fuzzy detector, and the fuzzy detector assigns the weight according to the path hash value corresponding to the test case and the set of split nodes: that is, when When the number of times the test case executes its corresponding path hash value is less than the set threshold, it will be assigned a higher weight; when the number of times the test case passes through the split nodes on its corresponding path is less than the set threshold, it will be assigned a higher weight. . 5.根据权利要求4所述的智能合约漏洞检测方法,其特征在于:利用前瞻分析法对测试用例进行分析的具体实现过程为:给定一组测试用例,与被检测合约进行交互,获得不同测试用例对应的函数执行路径,通过不断迭代函数执行路径上的各个分割节点,在分割节点处利用前缀推断和后缀检查判断函数执行路径前缀是否为无目标路径前缀,计算该路径的哈希值和分割节点集合,最后将前瞻性分析得到的路径哈希值、分割节点集合、测试用例及其对应的路径标识符记录到路径集合中;所述前缀推断即对经过分割节点所有可能的输入进行抽象解释,推断后置条件;所述后缀检查即根据前缀推断给出的后置条件,检查其后缀路径是否无法到达目标位置,如果所有目标位置均不可达,则将计算并返回该路径的哈希值和分割节点集合。5. The smart contract vulnerability detection method according to claim 4, wherein the specific implementation process of analyzing the test case by using the forward-looking analysis method is: given a set of test cases, interact with the tested contract, and obtain different test cases. The function execution path corresponding to the test case, by continuously iterating each split node on the function execution path, using prefix inference and suffix check at the split node to determine whether the function execution path prefix is an untargeted path prefix, and calculate the hash value of the path and sum. Split the node set, and finally record the path hash value, split node set, test case and its corresponding path identifier obtained by forward-looking analysis into the path set; the prefix inference abstracts all possible inputs of the split node Explain and infer the post-conditions; the suffix check is based on the post-conditions given by the prefix inference, to check whether the suffix path cannot reach the target position, and if all the target positions are unreachable, the hash of the path will be calculated and returned. A collection of value and split nodes. 6.根据权利要求1所述的智能合约漏洞检测方法,其特征在于:所述步骤(4)的具体实现方式为:首先根据测试用例的权重占比,为执行动态模糊检测的测试用例分配不同的检测资源,即权重高分配的检测资源多,权重低分配的检测资源少;在动态模糊检测过程中通过变异法产生不同的测试用例输入,收集当前输入的路径信息,与路径集合中的路径进行对比,如果当前路径不在该集合中,则更新该集合;然后记录每个测试用例执行前后的合约状态包括合约余额以及参与者余额,针对不同的漏洞类型,定义不同的预言进行检测。6. The smart contract vulnerability detection method according to claim 1, wherein the specific implementation of the step (4) is: first, according to the weight ratio of the test case, assign different test cases for performing dynamic fuzzy detection. In the process of dynamic fuzzy detection, the mutation method is used to generate different test case inputs, and the path information of the current input is collected, which is consistent with the path in the path set. For comparison, if the current path is not in the set, update the set; then record the contract status before and after the execution of each test case, including the contract balance and participant balance, and define different oracles for detection of different vulnerability types. 7.根据权利要求6所述的智能合约漏洞检测方法,其特征在于:对于可重入漏洞,则通过子预言ReentrancyCall和CallAgentWithValue来判断是否存在该类型漏洞,其中子预言ReentrancyCall即原始函数调用在由其开始的嵌套调用链中出现不止一次,子预言CallAgentWithValue则包含以下三条规则:7. The smart contract vulnerability detection method according to claim 6 is characterized in that: for the reentrant vulnerability, it is judged whether there is this type of vulnerability by the sub-prediction ReentrancyCall and CallAgentWithValue, wherein the sub-prediction ReentrancyCall is the original function call in by. It appears more than once in the nested call chain at the beginning, and the sub-oracle CallAgentWithValue contains the following three rules: a.函数调用所发送的以太币大于0;a. The ether sent by the function call is greater than 0; b.被调用函数拥有充足的Gas执行复杂的代码,即函数调用不是通过Send函数或Transfer函数进行的;b. The called function has enough Gas to execute complex code, that is, the function call is not made through the Send function or the Transfer function; c.被调用合约由原始合约调用者指定,而不是硬编码在原始合约中。c. The called contract is specified by the original contract caller, not hard-coded in the original contract. 8.根据权利要求1所述的智能合约漏洞检测方法,其特征在于:所述步骤(5)的具体实现方式为:根据动态模糊检测过程中产生的检测日志,获取并分析数据流信息和合约状态信息反馈给模糊检测器,指导其生成有效的测试用例,具体包括以下两部分:8. The smart contract vulnerability detection method according to claim 1, wherein the specific implementation of the step (5) is: according to the detection log generated in the dynamic fuzzy detection process, obtain and analyze the data flow information and the contract The state information is fed back to the fuzzy detector to guide it to generate effective test cases, which includes the following two parts: 数据流指导函数调用顺序:如果测试用例中存在两个函数同时操作智能合约中的某个变量,则交换这两个函数的位置;The data flow guides the function calling sequence: if there are two functions in the test case that operate a variable in the smart contract at the same time, the positions of the two functions are exchanged; 智能合约状态指导输入产生:将模糊检测过程中的合约运行状态记录到动态字典中,之后根据字典中的状态来生成函数输入。The smart contract state guides the input generation: the contract running state during the fuzzy detection process is recorded in the dynamic dictionary, and then the function input is generated according to the state in the dictionary.
CN202110766018.2A 2021-07-07 2021-07-07 Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test Active CN113326050B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110766018.2A CN113326050B (en) 2021-07-07 2021-07-07 Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110766018.2A CN113326050B (en) 2021-07-07 2021-07-07 Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test

Publications (2)

Publication Number Publication Date
CN113326050A true CN113326050A (en) 2021-08-31
CN113326050B CN113326050B (en) 2023-10-17

Family

ID=77425851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110766018.2A Active CN113326050B (en) 2021-07-07 2021-07-07 Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test

Country Status (1)

Country Link
CN (1) CN113326050B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113836009A (en) * 2021-09-14 2021-12-24 广东新安怀科技发展有限公司 A smart contract fuzzing method and system based on reinforcement learning
CN113971135A (en) * 2021-11-08 2022-01-25 西安邮电大学 A coverage-guided smart contract test case generation method
CN114003505A (en) * 2021-11-05 2022-02-01 支付宝(杭州)信息技术有限公司 Method and device for auditing intelligent contracts
CN114077742A (en) * 2021-11-02 2022-02-22 清华大学 Software vulnerability intelligent mining method and device
CN114117426A (en) * 2021-11-16 2022-03-01 中国人民解放军国防科技大学 WEB application vulnerability detection method and system
CN114996126A (en) * 2022-05-17 2022-09-02 电子科技大学 A vulnerability detection method and system for EOSIO smart contracts
CN115033883A (en) * 2022-04-27 2022-09-09 浙江大学 A Smart Contract Vulnerability Detection Method and System Based on Policy Fuzzer
CN115659358A (en) * 2022-12-28 2023-01-31 北京邮电大学 A smart contract fuzz testing method and device
CN116644435A (en) * 2023-05-30 2023-08-25 中山大学 Vulnerability detection method and device for intelligent contracts
CN118094570A (en) * 2024-04-24 2024-05-28 北京航空航天大学 A smart contract fuzz testing method based on large language model and reinforcement learning

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399730A (en) * 2019-07-24 2019-11-01 上海交通大学 Method, system and medium for checking smart contract vulnerabilities
KR20200094618A (en) * 2019-01-30 2020-08-07 주식회사 린아레나 Method for auditing source code using smart contract similarity analysis and apparatus thereof
US20200372154A1 (en) * 2019-05-21 2020-11-26 Jaroona Chain Ou Blockchain security
CN112035842A (en) * 2020-08-17 2020-12-04 杭州云象网络技术有限公司 Intelligent contract vulnerability detection interpretability method based on codec
CN112035841A (en) * 2020-08-17 2020-12-04 杭州云象网络技术有限公司 Intelligent contract vulnerability detection method based on expert rules and serialized modeling

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200094618A (en) * 2019-01-30 2020-08-07 주식회사 린아레나 Method for auditing source code using smart contract similarity analysis and apparatus thereof
US20200372154A1 (en) * 2019-05-21 2020-11-26 Jaroona Chain Ou Blockchain security
CN110399730A (en) * 2019-07-24 2019-11-01 上海交通大学 Method, system and medium for checking smart contract vulnerabilities
CN112035842A (en) * 2020-08-17 2020-12-04 杭州云象网络技术有限公司 Intelligent contract vulnerability detection interpretability method based on codec
CN112035841A (en) * 2020-08-17 2020-12-04 杭州云象网络技术有限公司 Intelligent contract vulnerability detection method based on expert rules and serialized modeling

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
倪远东;张超;殷婷婷;: "智能合约安全漏洞研究综述", 信息安全学报, no. 03 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113836009A (en) * 2021-09-14 2021-12-24 广东新安怀科技发展有限公司 A smart contract fuzzing method and system based on reinforcement learning
CN114077742A (en) * 2021-11-02 2022-02-22 清华大学 Software vulnerability intelligent mining method and device
CN114003505A (en) * 2021-11-05 2022-02-01 支付宝(杭州)信息技术有限公司 Method and device for auditing intelligent contracts
CN113971135A (en) * 2021-11-08 2022-01-25 西安邮电大学 A coverage-guided smart contract test case generation method
CN113971135B (en) * 2021-11-08 2024-12-06 西安邮电大学 A coverage-guided smart contract test case generation method
CN114117426A (en) * 2021-11-16 2022-03-01 中国人民解放军国防科技大学 WEB application vulnerability detection method and system
CN115033883A (en) * 2022-04-27 2022-09-09 浙江大学 A Smart Contract Vulnerability Detection Method and System Based on Policy Fuzzer
CN114996126B (en) * 2022-05-17 2024-02-23 电子科技大学 Vulnerability detection method and system for EOSIO intelligent contracts
CN114996126A (en) * 2022-05-17 2022-09-02 电子科技大学 A vulnerability detection method and system for EOSIO smart contracts
CN115659358A (en) * 2022-12-28 2023-01-31 北京邮电大学 A smart contract fuzz testing method and device
CN116644435A (en) * 2023-05-30 2023-08-25 中山大学 Vulnerability detection method and device for intelligent contracts
CN116644435B (en) * 2023-05-30 2025-02-21 中山大学 Vulnerability detection method and device for intelligent contracts
CN118094570A (en) * 2024-04-24 2024-05-28 北京航空航天大学 A smart contract fuzz testing method based on large language model and reinforcement learning
CN118094570B (en) * 2024-04-24 2024-07-09 北京航空航天大学 Intelligent contract fuzzy test method based on large language model and reinforcement learning

Also Published As

Publication number Publication date
CN113326050B (en) 2023-10-17

Similar Documents

Publication Publication Date Title
CN113326050A (en) Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test
CN108647520B (en) Intelligent fuzzy test method and system based on vulnerability learning
Sun et al. Mutation testing for integer overflow in ethereum smart contracts
CN109032942A (en) A kind of fuzz testing frame based on AFL
CN111460450A (en) A source code vulnerability detection method based on graph convolutional network
CN113971135B (en) A coverage-guided smart contract test case generation method
CN114996126B (en) Vulnerability detection method and system for EOSIO intelligent contracts
Wu et al. Mutation testing for ethereum smart contract
CN112685738B (en) Malicious confusion script static detection method based on multi-stage voting mechanism
CN101551842A (en) Safety test method based on model driving
CN113836009A (en) A smart contract fuzzing method and system based on reinforcement learning
CN115455435A (en) A smart contract fuzz testing method, device, storage medium and electronic equipment
CN117272312B (en) An explainable smart contract vulnerability detection and location method based on reinforcement learning
CN115098863A (en) A smart contract reentrancy vulnerability detection method based on static and dynamic analysis
CN106529283A (en) Software defined network-oriented controller security quantitative analysis method
CN118246027A (en) Internet of Things homology vulnerability detection method, system and equipment based on dynamic and static combination
CN116992452A (en) A vulnerability PoC-driven dual-loop fuzz testing method and system
CN117633804A (en) Electric power Internet of things terminal vulnerability mining method based on stain dynamic energy regulation analysis
He et al. Firmware vulnerabilities homology detection based on clonal selection algorithm for IoT devices
Li et al. LLM-based vulnerability detection
Zhang et al. Machine Learning-Based Fuzz Testing Techniques: A Survey
Arceri et al. A sound abstract interpreter for dynamic code
CN116702157B (en) Intelligent contract vulnerability detection method based on neural network
CN113190441A (en) Chain code test seed generation method, system, equipment and storage medium
Andrijasa et al. Towards automatic exploit generation for identifying re-entrancy attacks on cross-contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant