CN115499164A - Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium - Google Patents

Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium Download PDF

Info

Publication number
CN115499164A
CN115499164A CN202210988222.3A CN202210988222A CN115499164A CN 115499164 A CN115499164 A CN 115499164A CN 202210988222 A CN202210988222 A CN 202210988222A CN 115499164 A CN115499164 A CN 115499164A
Authority
CN
China
Prior art keywords
intelligent contract
vulnerability
neural network
intelligent
graph neural
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210988222.3A
Other languages
Chinese (zh)
Inventor
何道敬
李鑫吉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jingshan Technology Co ltd
Shenzhen Graduate School Harbin Institute of Technology
Original Assignee
Shanghai Jingshan Technology Co ltd
Shenzhen Graduate School Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jingshan Technology Co ltd, Shenzhen Graduate School Harbin Institute of Technology filed Critical Shanghai Jingshan Technology Co ltd
Priority to CN202210988222.3A priority Critical patent/CN115499164A/en
Publication of CN115499164A publication Critical patent/CN115499164A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/30Decision processes by autonomous network management units using voting and bidding

Abstract

A multi-feature fusion block chain intelligent contract vulnerability detection method, device, computer and storage medium based on a graph neural network relate to the field of block chain intelligent contract security detection. The problem that whether the mainstream intelligent contract version has the vulnerability or not is detected by an intelligent contract multi-version vulnerability detection method is solved. The method comprises the following steps: acquiring an intelligent contract data set; processing an intelligent contract data set according to an intelligent contract vulnerability detection tool, acquiring intelligent contracts with vulnerabilities, and marking all the intelligent contracts; converting all intelligent contract source codes into an intelligent contract structure diagram; extracting an intelligent contract structure diagram by using a graph neural network, and extracting a professional mode characteristic in an intelligent contract source code by using a multilayer perceptron; performing feature fusion on the features of the intelligent contract structure diagram and the expert mode features, learning the fused features through a neural network, and predicting vulnerabilities; and judging whether the vulnerability exists according to the vulnerability prediction result. The method is suitable for the field of intelligent contract vulnerability detection.

Description

Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium
Technical Field
The invention relates to the field of block chain security detection, in particular to a multi-feature fusion intelligent contract vulnerability detection method based on a graph neural network.
Background
At present, tools for detecting loopholes of intelligent contracts are mainly divided into five major categories, namely a formal verification method, a symbolic execution method, a fuzzy test method, an intermediate representation method, a deep learning method and the like. By testing the five types of intelligent contract vulnerability detection tools, the tool for detecting the intelligent contracts by applying formal verification and intermediate representation in the existing detection tools can detect more vulnerabilities, which may be related to the early development of formal verification and intermediate representation, but the vulnerability detection accuracy is not high. The deep learning method is a research direction which develops rapidly in recent years, and the vulnerability types of the intelligent contracts are detected less because of later development, but the vulnerability detection accuracy is higher than that of other four detection tools. However, tools capable of detecting all versions of intelligent contract vulnerabilities are few, the tools such as Oyente, TMP and AME can only detect the intelligent contracts of 0.4 version, securify can detect the intelligent contracts of 0.5 and 0.6 version, and Slither and Mythril can detect all versions of intelligent contracts, but the combination of the detection results shows that the efficiency and the accuracy are not high.
The current mainstream intelligent contract is already 0.8 version, so an intelligent contract multi-version vulnerability detection method is needed for detecting whether the current mainstream intelligent contract version has a vulnerability or not, and is used for improving the detection efficiency of the block chain intelligent contract.
Disclosure of Invention
The invention solves the problem that an intelligent contract multi-version vulnerability detection method is needed to detect whether the intelligent contract version of the current mainstream has a vulnerability or not and is used for improving the detection efficiency of the block chain intelligent contract.
The invention provides a multi-feature fusion block chain intelligent contract vulnerability detection method based on a graph neural network, which comprises the following steps:
crawling intelligent contracts deployed on a block chain to obtain an intelligent contract data set;
processing an intelligent contract data set according to an intelligent contract vulnerability detection tool, acquiring intelligent contracts with vulnerabilities, and marking all the intelligent contracts;
judging the acquired intelligent contract type with the vulnerability;
converting all the intelligent contract source codes into an intelligent contract structure chart;
extracting the intelligent contract structure diagram by using a graph neural network, and extracting the professional mode characteristics in the intelligent contract source code by using a multilayer perceptron;
performing feature fusion on the extracted features of the intelligent contract structure diagram and the expert mode features, learning the fused features through a neural network, and performing vulnerability prediction aiming at different intelligent contract vulnerability types;
and judging whether the vulnerability exists according to the vulnerability prediction result.
Further, there is provided in a preferred embodiment that the intelligent contract vulnerability detection tool includes: slither, oyente or Securify.
Further, a preferred embodiment is also provided, where the converting of all the intelligent contract source codes into an intelligent contract structure diagram specifically includes: and defining functions in the intelligent contract codes as nodes, and defining calling relations among the functions as edges.
Further, there is provided in a preferred embodiment that the extracting the intelligent contract structure diagram by using a graph neural network, the graph neural network including: a Graph attachment Network, a Graph Isographical Network or a Temporal Message Propagation Graph Neural Network.
The invention also provides a multi-feature fusion block chain intelligent contract vulnerability detection device based on the graph neural network, which comprises the following steps:
the intelligent contract data set acquisition unit is used for crawling the intelligent contracts deployed on the block chain to acquire an intelligent contract data set;
the intelligent contract vulnerability unit is used for processing the intelligent contract data set according to the intelligent contract vulnerability detection tool, acquiring the intelligent contracts with vulnerabilities and marking all the intelligent contracts;
the vulnerability type judging unit is used for judging the acquired intelligent contract type with the vulnerability;
the intelligent contract structure diagram acquisition unit is used for converting all the intelligent contract source codes into an intelligent contract structure diagram;
the characteristic extraction unit is used for extracting the intelligent contract structure diagram by using a graph neural network and extracting the proprietary mode characteristics in the intelligent contract source code through a multilayer perceptron;
the vulnerability prediction unit is used for carrying out feature fusion on the extracted features of the intelligent contract structure diagram and the expert mode features, learning the fused features through a neural network and carrying out vulnerability prediction on different intelligent contract vulnerability types;
and the vulnerability result acquisition unit is used for judging whether a vulnerability exists according to the vulnerability prediction result.
Further, a preferred embodiment is also provided, and the intelligent contract vulnerability detection tools include but are not limited to: slither, oyente, or Securify.
Further, a preferred embodiment is provided, where the intelligent contract structure diagram obtaining unit is specifically:
and defining functions in the intelligent contract codes as nodes, and defining calling relations among the functions as edges.
Further, there is provided a preferred embodiment, in which the neural network of the graph in the feature extraction unit includes: graph Attention Network, graph Isographic Network and Temporal Message Provision Graph Neural Network.
The invention also provides computer equipment which comprises a memory and a processor, wherein the memory stores a computer program, and when the processor runs the computer program stored in the memory, the processor executes the multi-feature fusion block chain intelligent contract vulnerability detection method based on the graph neural network.
The invention also provides a computer readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program executes a multi-feature fusion block chain intelligent contract vulnerability detection method based on a graph neural network.
The invention has the advantages that:
the invention solves the problem that an intelligent contract multi-version vulnerability detection method is needed to detect whether the intelligent contract version of the current mainstream has a vulnerability or not and is used for improving the detection efficiency of the block chain intelligent contract.
The invention relates to a multi-feature fusion block chain intelligent contract vulnerability detection method based on a graph neural network.
The invention provides a preferred implementation mode, which can extract seven intelligent contract vulnerability characteristics, including reentry vulnerability, timestamp dependence, outdated compiler version, wrong construction function name, use of outdated Solidity function, use of tx. The intelligent contract vulnerability detection method solves the problem of detecting the intelligent contract vulnerabilities of different versions, and has extremely high accuracy.
The method is suitable for the field of contract vulnerability detection.
Drawings
Fig. 1 is a flowchart illustrating a detection method for detecting a vulnerability of a multi-feature fusion block chain intelligent contract based on a graph neural network according to an embodiment;
fig. 2 is a diagram of extracting expert pattern features of the multi-layer perceptron according to the eleventh embodiment.
Fig. 3 is an architecture diagram of a multi-feature fusion intelligent contract vulnerability detection method according to an eleventh embodiment.
Fig. 4 is an effect diagram of an experiment for reentry vulnerabilities and timestamp dependent vulnerabilities according to the eleventh embodiment.
Fig. 5 is a graph of the effect of the experiment for other vulnerabilities according to the eleventh embodiment.
Detailed Description
In order to make the technical solutions and advantages of the present invention clearer, several embodiments of the present invention will be described in further detail with reference to the accompanying drawings, but the embodiments described below are only some preferred embodiments of the present invention, and are not intended to limit the present invention.
First embodiment this embodiment will be described with reference to fig. 1. The method for detecting the vulnerability of the multi-feature fusion block chain intelligent contract based on the graph neural network comprises the following steps:
crawling intelligent contracts deployed on a block chain to obtain an intelligent contract data set;
processing an intelligent contract data set according to an intelligent contract vulnerability detection tool, acquiring intelligent contracts with vulnerabilities, and marking all the intelligent contracts;
judging the acquired intelligent contract type with the vulnerability;
converting all the intelligent contract source codes into an intelligent contract structure chart;
extracting the intelligent contract structure diagram by using a graph neural network, and extracting the professional mode characteristics in the intelligent contract source code by using a multilayer perceptron;
performing feature fusion on the extracted features of the intelligent contract structure chart and the expert mode features, learning the fused features through a neural network, and performing vulnerability prediction on different intelligent contract vulnerability types;
and judging whether the vulnerability exists according to the vulnerability prediction result.
In practical applications, a Solidity-written smart contract file may be crawled from an etherhouse blockchain browser, including but not limited to the etherhouse blockchain browser
In the embodiment, the extracted features of the intelligent contract structure diagram and the expert mode features are subjected to feature fusion, and the fused features are learned through a neural network and vulnerability prediction is carried out aiming at different intelligent contract vulnerability types; actually, the graph neural network and the multilayer perceptron are used for extracting intelligent contract structure diagram features and expert mode features, and the fused features are finally learned and predicted through a ReLU layer and a Sigmoid layer in the neural network.
The detection method of the embodiment extracts the intelligent contract characteristics by using the graph neural network and the multilayer perceptron, the extracted characteristics can express the characteristics of the universal multi-version intelligent contract vulnerabilities at a higher level, more intelligent contract vulnerabilities can be detected, and the detection efficiency of the block chain intelligent contract is improved.
In a second embodiment, the present embodiment is further limited to the method for detecting a multi-feature fusion block chain intelligent contract vulnerability based on a graph neural network described in the first embodiment, and the intelligent contract vulnerability detection tool includes but is not limited to: slither, oyente, and Securify.
Slither in this embodiment is a static analysis framework for intelligent contracts, and is used to provide information about intelligent contracts in etherhouses. Working by converting the identity intelligent contract into an intermediate representation called Slither, slither can obtain an inheritance graph and a control flow graph of the intelligent contract, and vulnerability analysis is carried out on the Slither through a predefined analysis list. The system can automatically analyze programs, track data flow and taint, and is mainly applied to automatic vulnerability detection, automatic optimization detection, assistance of a user in understanding an intelligent contract and assistance of code examination; oyente is a symbolic execution tool that can be used directly with the EtherFang virtual machine without accessing a high level language form. The method can detect unsafe errors and can analyze the actual execution path of each code; secretify is a smart contract security analysis tool that enables automated analysis to prove whether a given smart contract is secure. Secrecy essentially comprises two steps, first analyzing the dependency graph of the smart contract, from which accurate semantic information is analyzed, and then examining the specific code patterns used to compute the property owner, thereby giving the security analysis results of the smart contract. The method and the device have the advantages that the intelligent contract data set is marked by using various intelligent contract vulnerability detection tools, the intelligent contracts with vulnerabilities are obtained, the final marking results are voted through a multi-ticket election mechanism, and the accuracy of data is guaranteed.
In practical applications, the intelligent contract vulnerability detection tool includes, but is not limited to, the tool described above to detect vulnerabilities.
In a third embodiment, the present embodiment is further limited to the method for detecting a vulnerability of a multi-feature fusion block chain intelligent contract based on a graph neural network in the first embodiment, where the method converts all intelligent contract source codes into an intelligent contract structure diagram, specifically: and defining functions in the intelligent contract codes as nodes, and defining calling relations among the functions as edges.
Specifically, the judged intelligent contract codes with the vulnerabilities are scanned, functions meeting conditions in the intelligent contract are defined as nodes, the nodes are divided into primary nodes and secondary nodes, the mutual calling relation among the functions is defined as edges, and an intelligent contract graph is constructed through the nodes and the edges.
In a fourth embodiment, the present embodiment is further limited to the method for detecting a vulnerability of a multi-feature fusion block chain intelligent contract based on a graph neural network in the first embodiment, where feature extraction is performed on the intelligent contract structure diagram by using the graph neural network and multi-layer perceptron extraction, and the graph neural network includes, but is not limited to: graph Attention Network (GAT), graph Isographical Network (GIN) and Temporal Message processing Graph Neural Network (TMP).
Specifically, the embodiment performs feature extraction on the intelligent contract graph through three graph neural network models of GIN, GAT and TMP aiming at the reentry vulnerability and the timestamp dependence vulnerability, and performs expert mode feature extraction on the intelligent contract code through a multilayer perceptron. And for bugs such as outdated compiler versions, wrong construction function names, using outdated Solidity functions, using tx.
Fifth, in this embodiment, a multi-feature fusion block chain intelligent contract vulnerability detection apparatus based on a graph neural network includes:
the intelligent contract data set acquisition unit is used for crawling the intelligent contracts deployed on the block chain to acquire an intelligent contract data set;
the intelligent contract vulnerability unit is used for processing the intelligent contract data set according to the intelligent contract vulnerability detection tool, acquiring the intelligent contracts with vulnerabilities and marking all the intelligent contracts;
the vulnerability type judging unit is used for judging the acquired intelligent contract type with the vulnerability;
the intelligent contract structure diagram acquisition unit is used for converting all the intelligent contract source codes into an intelligent contract structure diagram;
the characteristic extraction unit is used for extracting the intelligent contract structure diagram by using a graph neural network and extracting the proprietary mode characteristics in the intelligent contract source code through a multilayer perceptron;
the vulnerability prediction unit is used for carrying out feature fusion on the extracted features of the intelligent contract structure diagram and the expert mode features, learning the fused features through a neural network and carrying out vulnerability prediction on different intelligent contract vulnerability types;
and the vulnerability result acquisition unit is used for judging whether the vulnerability exists according to the vulnerability prediction result.
The detection device of the embodiment extracts the intelligent contract characteristics by using the graph neural network and the multilayer perceptron, the extracted characteristics can express the characteristics of the universal multi-version intelligent contract vulnerabilities at a higher order, more intelligent contract vulnerabilities can be detected, and the detection efficiency of the block chain intelligent contract is improved.
Sixth, the present embodiment is further limited to the fifth embodiment, wherein the intelligent contract vulnerability detection apparatus based on a multi-feature fusion block chain of a graph neural network includes, but is not limited to: slither, oyente or Securify.
Seventh, in this embodiment, the device for detecting a vulnerability of a multi-feature fusion block chain intelligent contract based on a graph neural network according to the fifth embodiment is further defined, where the intelligent contract structure diagram obtaining unit specifically includes:
and defining functions in the intelligent contract codes as nodes, and defining calling relations among the functions as edges.
An eighth embodiment of the present invention is further limited to the fifth embodiment of the device for detecting a vulnerability of a multi-feature fusion block chain intelligent contract based on a graph neural network, where the graph neural network in the feature extraction unit includes but is not limited to: graph attachment Network, graph Isographical Network and Temporal Message Propagation Graph Neural Network.
In a ninth implementation manner, the computer device in this implementation manner includes a memory and a processor, where the memory stores a computer program, and when the processor runs the computer program stored in the memory, the processor executes the method for detecting an intelligent vulnerability of a multi-feature fusion block chain based on a graph neural network in any one of the first to the fourth implementation manners.
In a tenth embodiment, a computer-readable storage medium is described in this embodiment, where a computer program is stored on the computer-readable storage medium, and the computer program is executed by a processor to execute a method for detecting a vulnerability of a multi-feature fusion block chain intelligent contract based on a graph neural network according to any one of the first to the fourth embodiments.
The present embodiment will be described with reference to fig. 2, 3, 4, and 5. The embodiment provides a specific embodiment for the multi-feature fusion block chain intelligent contract vulnerability detection method based on the graph neural network, and has the following specific embodiments:
for example, the intelligent contract code crawled on a shop blockchain browser includes:
step 1: and constructing an intelligent contract test set, and crawling an intelligent contract data set from an Etherhouse blockchain browser. The embodiment obtains 40932 intelligent etherhouse contracts, and the total number of the contracts is 307396 functions. After an automated tool written by python processes ineligible intelligent contracts, it is detected that about 5013 of these functions call the call value method at least once, making them likely to be affected by a reentrant vulnerability. Approximately 4833 functions contain block. The intelligent contracts for detecting the reentry vulnerabilities are 5013, the intelligent contracts for detecting the vulnerability-dependent timestamps are 4833, and the intelligent contracts containing the rest five vulnerabilities are also approximately equal to 5000.
Step 2: and marking the intelligent contract test set by using intelligent contract vulnerability detection tools such as Slither, oyente, securify and the like, and then voting out a final marking result through a multi-vote election mechanism.
And 3, step 3: and detecting by using the specified vulnerability type, and only detecting whether the vulnerability of the specified type exists in the intelligent contract at one time.
And 4, step 4: scanning an intelligent contract code, defining functions meeting conditions in the intelligent contract as nodes, wherein the nodes are divided into primary nodes and secondary nodes, defining the mutual calling relation among the functions as edges, and constructing an intelligent contract graph through the nodes and the edges.
And 5: for reentry vulnerabilities and timestamp dependency vulnerabilities, firstly, feature extraction is carried out on an intelligent contract graph through three graph neural network models of GIN, GAT and TMP, and then expert mode feature extraction is carried out on intelligent contract source codes through a multi-layer perceptron as shown in fig. 2 by 3-100-250. And for bugs such as outdated compiler versions, wrong construction function names, using outdated Solidity functions, using tx. Wherein 3-100-250 represent 3 expert mode dimensions, and the features of 250 dimensions are output after 100 hidden layer node training.
Step 6: the method comprises the steps of firstly enabling features extracted by three neural networks of GIN, GAT and TMP and features extracted by three expert modes to pass through a ReLU activation function layer of 250-1-200 shown in figure 3, then passing through a Sigmoid layer of 200-1-1, then multiplying a vector output by the ReLU activation function layer by a weight output by the Sigmoid layer through a multiplex layer of 1-1-200, then inputting six products into a Concatenate layer of 1200-6-200 for fusion, and after flattening the fused features, performing vulnerability detection again through the ReLU activation function layer of 1200-100 and the Sigmoid layer of 100-1. Where the representation in the form of 250-1-200 represents the 250-dimensional input, 1 hidden layer node, and 200-dimensional output. An input in the 1200-100 format represents the 1200 dimension and an output in the 100 dimension.
And 7: whether related loopholes exist or not is judged according to the prediction result, and the accuracy of the final classification result is shown in fig. 4. When the detection method provided by the embodiment identifies the reentry vulnerability, the accuracy is 75.68%, the detection accuracy is the highest in the prior art and is superior to that of the existing intelligent contract vulnerability detection tool of the neural network, and when the detection method provided by the embodiment identifies the timestamp dependence vulnerability, the accuracy is 81.09%, the detection accuracy is also the highest and is superior to that of the prior art. As shown in fig. 5, the accuracy of detecting the remaining five vulnerabilities is also extremely high, and when detecting an outdated compiler version vulnerability, the accuracy is 71.74%; when detecting the loophole of the wrong construction function name, the detection accuracy is as high as 95.74%; when the outdated Solidity function is used for detection, the detection accuracy is as high as 99.67%; when detecting a vulnerability authorized by tx. origin, the detection accuracy is up to 93.48%, and when detecting a vulnerability declared by unlocked pragma, the detection accuracy is 73.91%.
The present application has been described in detail with reference to the specific embodiments, but the present application is not limited thereto, and any modification, combination of embodiments, equivalent replacement and improvement made within the spirit and principle scope of the present application should be included in the protection scope of the present application.

Claims (10)

1. A multi-feature fusion block chain intelligent contract vulnerability detection method based on a graph neural network is characterized by comprising the following steps:
crawling intelligent contracts deployed on a block chain to obtain an intelligent contract data set;
processing an intelligent contract data set according to an intelligent contract vulnerability detection tool, acquiring intelligent contracts with vulnerabilities, and marking all the intelligent contracts;
judging the acquired intelligent contract type with the vulnerability;
converting all the intelligent contract source codes into an intelligent contract structure chart;
extracting the intelligent contract structure diagram by using a graph neural network, and extracting the professional mode characteristics in the intelligent contract source code by using a multilayer perceptron;
performing feature fusion on the extracted features of the intelligent contract structure diagram and the expert mode features, learning the fused features through a neural network, and performing vulnerability prediction aiming at different intelligent contract vulnerability types;
and judging whether the vulnerability exists according to the vulnerability prediction result.
2. The method for multi-feature fusion blockchain intelligent contract vulnerability detection based on graph neural networks according to claim 1, wherein the intelligent contract vulnerability detection tool comprises: slither, oyente, and Securify.
3. The method for detecting the vulnerability of the multi-feature fusion blockchain intelligent contracts based on the graph neural network as claimed in claim 1, wherein the converting all the intelligent contract source codes into the intelligent contract structure diagram specifically comprises: and defining functions in the intelligent contract codes as nodes, and defining calling relations among the functions as edges.
4. The method according to claim 1, wherein the extracting the intelligent contract structure diagram by using a graph neural network comprises: graph Attention Network, graph Isographical Network or Temporal Message Provision Graph Neural Network.
5. A multi-feature fusion block chain intelligent contract vulnerability detection apparatus based on a graph neural network, the apparatus comprising:
the intelligent contract data set acquisition unit is used for crawling the intelligent contracts deployed on the block chain to acquire an intelligent contract data set;
the intelligent contract vulnerability unit is used for processing the intelligent contract data set according to the intelligent contract vulnerability detection tool, acquiring the intelligent contracts with vulnerabilities and marking all the intelligent contracts;
the vulnerability type judging unit is used for judging the acquired intelligent contract type with the vulnerability;
the intelligent contract structure diagram acquisition unit is used for converting all the intelligent contract source codes into an intelligent contract structure diagram;
the characteristic extraction unit is used for extracting the intelligent contract structure diagram by using a graph neural network and extracting the proprietary mode characteristics in the intelligent contract source code through a multilayer perceptron;
the vulnerability prediction unit is used for carrying out feature fusion on the extracted features of the intelligent contract structure diagram and the expert mode features, learning the fused features through a neural network and carrying out vulnerability prediction on different intelligent contract vulnerability types;
and the vulnerability result acquisition unit is used for judging whether a vulnerability exists according to the vulnerability prediction result.
6. The device of claim 5, wherein the intelligent contract vulnerability detection tool comprises: slither, oyente, or Securify.
7. The device for detecting the multi-feature fusion block chain intelligent contract vulnerabilities based on the graph neural network according to claim 5, wherein the intelligent contract structure diagram obtaining unit is specifically:
and defining functions in the intelligent contract codes as nodes, and defining calling relations among the functions as edges.
8. The device according to claim 5, wherein the graph neural network in the feature extraction unit comprises: graph attachment Network, graph Isographical Network and Temporal Message Propagation Graph Neural Network.
9. A computer device, characterized by: the multi-feature fusion block chain intelligent contract vulnerability detection method based on the graph neural network comprises a memory and a processor, wherein the memory stores a computer program, and when the processor runs the computer program stored in the memory, the processor executes the multi-feature fusion block chain intelligent contract vulnerability detection method based on the graph neural network.
10. A computer-readable storage medium, wherein the computer-readable storage medium stores thereon a computer program, and when the computer program is executed by a processor, the computer program performs a graph neural network-based multi-feature fusion blockchain intelligent contract vulnerability detection method according to any one of claims 1 to 4.
CN202210988222.3A 2022-08-17 2022-08-17 Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium Pending CN115499164A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210988222.3A CN115499164A (en) 2022-08-17 2022-08-17 Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210988222.3A CN115499164A (en) 2022-08-17 2022-08-17 Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium

Publications (1)

Publication Number Publication Date
CN115499164A true CN115499164A (en) 2022-12-20

Family

ID=84467266

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210988222.3A Pending CN115499164A (en) 2022-08-17 2022-08-17 Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium

Country Status (1)

Country Link
CN (1) CN115499164A (en)

Similar Documents

Publication Publication Date Title
Balci Guidelines for successful simulation studies
US9141806B2 (en) Mining source code for violations of programming rules
CN111639344A (en) Vulnerability detection method and device based on neural network
CA3060085A1 (en) Method for determining defects and vulnerabilities in software code
Rodriguez et al. Software verification and validation technologies and tools
CN111475817B (en) Data collection method of automatic penetration test system based on AI
CN111475818B (en) Penetration attack method of automatic penetration test system based on AI
Hovorushchenko et al. Development of an intelligent agent for analysis of nonfunctional characteristics in specifications of software requirements
KR101640479B1 (en) Software vulnerability attack behavior analysis system based on the source code
CN109002712B (en) Pollution data analysis method and system based on value dependency graph and electronic equipment
CN116383833A (en) Method and device for testing software program code, electronic equipment and storage medium
CN114036531A (en) Multi-scale code measurement-based software security vulnerability detection method
CN112688966A (en) Webshell detection method, device, medium and equipment
CN115659335A (en) Block chain intelligent contract vulnerability detection method and device based on mixed fuzzy test
CN116578980A (en) Code analysis method and device based on neural network and electronic equipment
Mohamed et al. Enhancing test cases prioritization for internet of things based systems using Search-based technique
Tarwani et al. Prioritization of code restructuring for severely affected classes under release time constraints
CN116663018A (en) Vulnerability detection method and device based on code executable path
CN115499164A (en) Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium
CN112464237B (en) Static code security diagnosis method and device
CN114153447A (en) Method for automatically generating AI training code
KR102217092B1 (en) Method and apparatus for providing quality information of application
CN114462043A (en) Java anti-serialization vulnerability detection system and method based on reinforcement learning
Saraiva et al. A systematic process to define expert-driven software metrics thresholds (S).
Agirre et al. Multidimensional framework for characterizing verification and validation of automated systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination