CN116484384B - Method for detecting and positioning Ethernet intelligent contract loopholes based on deep learning - Google Patents
Method for detecting and positioning Ethernet intelligent contract loopholes based on deep learning Download PDFInfo
- Publication number
- CN116484384B CN116484384B CN202310421659.3A CN202310421659A CN116484384B CN 116484384 B CN116484384 B CN 116484384B CN 202310421659 A CN202310421659 A CN 202310421659A CN 116484384 B CN116484384 B CN 116484384B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- ethernet
- features
- node
- slice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000013135 deep learning Methods 0.000 title claims abstract description 19
- 238000001514 detection method Methods 0.000 claims abstract description 33
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 239000013598 vector Substances 0.000 claims description 9
- 238000000547 structure data Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 7
- 239000011159 matrix material Substances 0.000 claims description 7
- 230000004807 localization Effects 0.000 claims description 4
- 238000012549 training Methods 0.000 claims description 3
- 230000004913 activation Effects 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 6
- 238000012360 testing method Methods 0.000 description 6
- 238000013145 classification model Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 239000012634 fragment Substances 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013136 deep learning model Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
- G06N3/0455—Auto-encoder networks; Encoder-decoder networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/048—Activation functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The invention provides a method for detecting and positioning an intelligent contract vulnerability of an Ethernet based on deep learning. The method comprises the following steps: converting the source codes of the intelligent contracts of the Ethernet into abstract syntax trees through syntax analysis and lexical analysis; analyzing the code features of various vulnerabilities, analyzing key attributes of the code features in the abstract syntax tree, and extracting slices in the abstract syntax tree based on the key attributes; extracting semantic features and structural features of the slice; detecting vulnerability type information of the intelligent Ethernet contract through a vulnerability type detection model according to semantic features and structural features of the slice; and positioning the vulnerability position of the Ethernet intelligent contract by using a graph self-encoder according to the vulnerability type information. According to the method, the essential attribute characteristics of various vulnerability types are researched, the characteristics are accurately sliced, the vulnerability types are detected, the vulnerability positions are positioned, the detection efficiency is improved, and the interpretability of the deep learning detection result is effectively enhanced.
Description
Technical Field
The invention relates to the technical field of intelligent contract vulnerability detection, in particular to a method for detecting and positioning intelligent contract vulnerabilities of an Ethernet based on deep learning.
Background
Ethernet is a worldwide distributed computer programmed with a solution intelligent contract. An intelligent contract is a stateful computer program. The smart contracts are not only able to process data, but also to control and manage assets on the blockchain. Unlike a typical computer program, a smart contract cannot be modified once deployed on a blockchain. Therefore, in recent years, loss caused by a vulnerability of an intelligent contract has increased year by year, and security of the intelligent contract has become a serious concern for blockchain researchers.
The existing intelligent contract vulnerability detection method mainly comprises the methods of symbol execution, fuzzy test, deep learning and the like. Symbolic execution analyzes contract security by designing vulnerability constraints, but encountering long contracts can create excessive constraints that make it difficult to solve the executable path. Fuzzy test dynamic uplink test combined security. However, the biggest problem with fuzzy testing is path coverage. The randomness of the test cases affects the test results. Compared with the two methods, the intelligent contract vulnerability detection method using deep learning has the advantage that the efficiency is obviously improved. Deep learning achieves vulnerability classification by learning features of intelligent contracts from a large number of samples. However, the existing deep learning intelligent contract vulnerability detection method has the outstanding problem that vulnerability positioning cannot be realized and a vulnerability detection result cannot be explained.
It is therefore important and significant to design a deep learning framework that enables the location of a leak to be located, with respect to the type of leak that can be detected.
An intelligent contract security detection method using abstract syntax tree to convert into graph model in the prior art comprises: s1: the word2vec model was trained using the open source Go code on the gilthub. S2: the open source Github code is packaged into an intelligent contract function according to the intelligent contract grammar. S3: converting the packaged function into abstract syntax tree, and extracting data flow and control flow information. S4: the data flow and control flow information of the smart contracts are converted into a graph model. S5: the graph nodes are translated into vectors using the trained word2vec model. S6: the model is trained using a graph neural network. S7: and reading out all node information, and converting the intelligent contract function graph model into a vector. S8: and judging whether the function vector contains intelligent contract vulnerability information or not by using the classification model.
The above-mentioned prior art intelligent contract security detection method using abstract syntax tree to transform into graph model has the following disadvantages: the bytecode information in the contract is not easily understood and the detection result cannot be interpreted. Custom rules may miss some key features, resulting in a higher rate of missing reports. More importantly, the existing deep learning detection methods cannot locate the position of the vulnerability and have poor interpretation.
Disclosure of Invention
The embodiment of the invention provides a method for detecting and positioning the loopholes of intelligent contracts of an Ethernet based on deep learning, which is used for effectively detecting and positioning the loopholes of the intelligent contracts of the Ethernet.
In order to achieve the above purpose, the present invention adopts the following technical scheme.
A detection and positioning method of intelligent contract loopholes of an Ethernet based on deep learning comprises the following steps:
converting the source codes of the intelligent contracts of the Ethernet into abstract syntax trees through syntax analysis and lexical analysis;
analyzing the code features of various vulnerabilities, analyzing key attributes of the code features in the abstract syntax tree, and extracting slices in the abstract syntax tree based on the key attributes;
extracting semantic features and structural features of the slice;
detecting vulnerability type information of the intelligent Ethernet contract through a vulnerability type detection model according to semantic features and structural features of the slice;
according to the semantic features and the structural features of the slice, vulnerability location information corresponding to the vulnerability type of the Ethernet intelligent contract is located through a vulnerability location model
Preferably, the converting the source code of the intelligent ethernet contract into the abstract syntax tree through syntax analysis and lexical analysis includes:
an ANTLR4 tool is utilized to generate an abstract syntax tree corresponding to the source code of the intelligent Ethernet contract through syntax analysis and lexical analysis, the abstract syntax tree decomposes character strings composed of characters into meaningful code blocks, the code blocks are called lexical units, the lexical units contain structure information and semantic information of source codes, and each node represents one structure in the source codes.
Preferably, the analyzing the code features of various vulnerabilities, analyzing key attributes of the code features in the abstract syntax tree, and extracting slices in the abstract syntax tree based on the key attributes includes:
analyzing the code characteristics of seven vulnerabilities in the table 1, analyzing the inherent attribute characteristics of the code characteristics in the abstract syntax tree, and extracting one or more key attributes in the inherent attribute characteristics;
positioning the position of the key attribute, taking the key attribute as a center, extracting part of nodes in the abstract syntax tree structure upwards and downwards, forming all extracted nodes into a slice, and combining slices corresponding to all the key attribute into an integral slice;
TABLE 1
| Vulnerability type | Key attributes |
| Time stamp dependency | now,timetamp |
| Reentrant vulnerability | fallback |
| Integer overflow | opertor add,mul |
| Integer underflow | opertor sub |
| Block number dependency | number |
| Unchecked low-level calls | call,send,callcode |
| Unprotected self-destructing instruction | selfdestruct |
Preferably, the extracting the semantic features and the structural features of the slice includes:
traversing each slice in the whole slices, taking an id which can represent the position of each node attribute in the slice as a node identification, and if a father-son relationship exists between two nodes, an edge exists between the two nodes, thereby obtaining an adjacency matrix of each node;
traversing each slice in the whole slices, representing by taking id as a node, and extracting all semantic information of each node;
semantic information of the nodes is embedded into a vectorized representation using Word2 Vec.
Preferably, the detecting the vulnerability type information of the intelligent ethernet contract according to the semantic features and the structural features of the slice through a vulnerability type detection model includes:
corresponding each node in the adjacency matrix to semantic information of the vectorized node one by one to obtain integral graph structure data of the intelligent contract with semantic features and structural features;
and using the graph isomorphic network as a vulnerability type detection model, inputting the whole graph structure data of the Ethernet intelligent contract into the vulnerability type detection model, and outputting vulnerability type information corresponding to the Ethernet intelligent contract by the vulnerability type detection model.
Preferably, the locating, according to the semantic features and the structural features of the slice, the vulnerability location information corresponding to the vulnerability type of the ethernet intelligent contract by using a vulnerability locating model includes:
training a graph self-encoder model by using normal intelligent contract data, inputting semantic information of vectorized representation of each node into the graph self-encoder model, and reconstructing an abstract syntax tree by using the generating capacity of the graph self-encoder model;
and comparing the node fine granularity of the abstract syntax tree before reconstruction with that of the abstract syntax tree after reconstruction to obtain error scores before and after reconstruction, positioning the error scores to abnormal semantic information vectors beyond an error range, and remapping the abnormal semantic information vectors back to the abstract syntax tree to realize the vulnerability positioning of the intelligent Ethernet contract.
According to the technical scheme provided by the embodiment of the invention, the characteristics are accurately sliced by researching the essential attribute characteristics of various vulnerability types, so that the vulnerability type is detected, the vulnerability position is positioned, the detection efficiency is improved, and the interpretation of the deep learning detection result is effectively enhanced.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a process flow diagram of a method for detecting and locating vulnerabilities of an intelligent contract of an Ethernet based on deep learning, which is provided by an embodiment of the invention;
FIG. 2 is an example of intelligent contract source code provided by an embodiment of the present invention;
FIG. 3 shows an abstract syntax tree obtained by lexical analysis and syntax analysis of source codes, wherein the dashed box part is to extract an AST slice by taking subtraction as a key attribute;
fig. 4 is a schematic diagram of attribute information of each node, which is extracted from an AST slice in fig. 2 and represents structural information, according to an embodiment of the present invention;
FIG. 5 shows a classification model for vulnerability detection using GIN and a localization model for abnormal fragments using GAE, respectively.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for explaining the present invention and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the purpose of facilitating an understanding of the embodiments of the invention, reference will now be made to the drawings of several specific embodiments illustrated in the drawings and in no way should be taken to limit the embodiments of the invention.
The flow chart of the method for detecting the intelligent contract vulnerabilities of the positionable Ethernet based on the deep learning, provided by the embodiment of the invention, is shown in the figure 1, and comprises the following processing steps:
step S1: converting source codes of intelligent contracts of Ethernet such as the solubility contracts into AST (Abstract Syntax Tree ) through syntax analysis and lexical analysis;
step S2: analyzing the code features of various vulnerabilities, analyzing key attributes of the code features in the abstract syntax tree, and extracting slices in the abstract syntax tree based on the key attributes.
Step S3: extracting semantic features and structural features of the slice;
step S4: and detecting vulnerability type information of the Ethernet intelligent contract through a vulnerability type detection model according to the semantic features and the structural features of the slice.
Step S5: and positioning the vulnerability position of the intelligent Ethernet contract by utilizing GAE (Graph Autoencoder, graph self-encoder) according to the vulnerability type information.
1) The step S1 specifically comprises the following steps:
s11: an ANTLR4 tool is used for generating an AST corresponding to the source code of the resolution contract through grammar analysis and lexical analysis, and the AST decomposes a character string consisting of characters into meaningful code blocks, and the code blocks are collectively called lexical units. The lexical unit contains structural information and semantic information of the source code, wherein each node represents a structure in the source code. FIG. 2 is a diagram illustrating source code of an intelligent contract according to an embodiment of the present invention. Fig. 3 is an abstract syntax tree obtained by lexical analysis and syntax analysis of source codes according to an embodiment of the present invention, and a dashed box portion extracts an AST slice by using subtraction as a key attribute.
2) The step S2 specifically includes the following steps:
s21: analyzing the code characteristics of seven loopholes in the table 1, analyzing the inherent attribute characteristics of the code characteristics in the abstract syntax tree, and extracting key attributes in the inherent attribute characteristics;
s22: extracting partial nodes in the abstract syntax tree structure upwards by taking the key attribute as a center, extracting partial nodes in the abstract syntax tree structure downwards, and forming a slice by all the extracted nodes;
s23: if there are multiple key attributes in an intelligent contract, the location of the key attributes is first located, multiple slices are obtained according to the process described in S22, and the multiple slices are combined into one whole slice.
TABLE 1
| Vulnerability type | Key attributes |
| Time stamp dependency | now,timetamp |
| Reentrant vulnerability | fallback |
| Integer overflow | opertor add,mul |
| Integer underflow | opertor sub |
| Block number dependency | number |
| Unchecked low-level calls | call,send,callcode |
| Unprotected self-destructing instruction | selfdestruct |
3) The step S3 specifically comprises the following steps:
s31: traversing each slice in the whole slices, taking an id which can represent the position of each node attribute in the slice as a node identification, and if a father-son relationship exists between two nodes, an edge exists between the two nodes, thereby obtaining an adjacent matrix of each node; fig. 4 is a schematic diagram of an adjacency matrix extracted from an AST slice and representing structural information, and representing attribute information of each node of semantic information according to an embodiment of the present invention.
S32: traversing each slice in the whole slices, representing by taking id as a node, and extracting all semantic information of each node;
s33: semantic information of the nodes is embedded into a vectorized representation using Word2 Vec.
4) The step S4 specifically includes the following steps:
s41: corresponding each node in the adjacency matrix to semantic information of the vectorized node one by one to obtain integral graph structure data of the intelligent contract with semantic features and structural features;
s42: and using a graph isomorphic network (Graph Isomorphism Network, GIN) as a vulnerability type detection model, inputting the overall graph structure data of the solubility contract into the vulnerability type detection model, and outputting vulnerability type information corresponding to the solubility contract by the vulnerability type detection model.
The GIN model consists of graph isomorphism layers that learn and update graph features. The input graph structure data is mixed with the node self characteristics after the graph isomorphism layer aggregates the neighbor node characteristics, and is input to the multi-layer perceptron to update the node characteristics. And finally, the output layer outputs a classification result through an activation function.
5) The step S5 specifically includes the following steps:
s51: and training a GAE model by using normal intelligent contract data, and realizing vulnerability localization by adopting a GAE architecture. The GAE model consists of an encoder and a decoder, can encode and learn vectorized graph structure information, generate intermediate variables and finally decode and output. By comparing the differences between the input and output data, anomalies can occur beyond a certain range. These abnormal positions are different from the normal positions in the figure, and are located to the abnormal positions.
S52: in the using process, the semantic information of the vectorized representation obtained in the step S3 is input into the GAE, and the AST is reconstructed by utilizing the generating capability of the GAE.
S53: comparing the node fine granularity of the AST before reconstruction with that of the AST after reconstruction to obtain error scores before and after reconstruction, positioning the error scores to abnormal semantic information vectors beyond an error range, and remapping the abnormal semantic information vectors back to an abstract syntax tree to realize the vulnerability positioning of the intelligent contracts of the Ethernet. FIG. 5 is a schematic diagram of a classification model for vulnerability detection using GIN and a localization model for abnormal fragments using GAE according to an embodiment of the present invention.
In summary, according to the embodiment of the invention, by researching the essential attribute characteristics of various vulnerability types, the characteristics are extracted accurately, the deep learning model is trained to detect the vulnerability types, and the false alarm rate are reduced effectively. In addition, the invention uses the generating capability of the graph self-encoder to reconstruct the cut abstract syntax tree segments, compares the node fine granularity of the abstract syntax tree before reconstruction with that of the abstract syntax tree after reconstruction, positions the abnormal position and maps the abnormal position back to the abstract syntax tree, realizes the vulnerability positioning and improves the interpretation of deep learning.
According to the invention, by researching the essential attribute characteristics of various vulnerability types, the characteristics are accurately sliced from AST, thereby being beneficial to detecting the vulnerability types and positioning the vulnerability positions, improving the detection efficiency and effectively enhancing the interpretability of the deep learning detection result.
Those of ordinary skill in the art will appreciate that: the drawing is a schematic diagram of one embodiment and the modules or flows in the drawing are not necessarily required to practice the invention.
From the above description of embodiments, it will be apparent to those skilled in the art that the present invention may be implemented in software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present invention.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, with reference to the description of method embodiments in part. The apparatus and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.
Claims (1)
1. The method for detecting and locating the Ethernet intelligent contract loopholes based on the deep learning is characterized by comprising the following steps:
converting the source codes of the intelligent contracts of the Ethernet into abstract syntax trees through syntax analysis and lexical analysis;
analyzing the code features of various vulnerabilities, analyzing key attributes of the code features in the abstract syntax tree, and extracting slices in the abstract syntax tree based on the key attributes;
extracting semantic features and structural features of the slice;
detecting vulnerability type information of the intelligent Ethernet contract through a vulnerability type detection model according to semantic features and structural features of the slice;
according to the semantic features and the structural features of the slice, vulnerability location information corresponding to the vulnerability type of the intelligent Ethernet contract is located through a vulnerability location model;
the method for converting the source codes of the intelligent contracts of the Ethernet into abstract syntax trees through syntax analysis and lexical analysis comprises the following steps:
generating an abstract syntax tree corresponding to the source code of the intelligent Ethernet contract by utilizing an ANTLR4 tool through syntax analysis and lexical analysis, decomposing a character string consisting of characters into meaningful code blocks by the abstract syntax tree, and enabling the code blocks to be called lexical units, wherein the lexical units comprise structural information and semantic information of source codes, and each node represents one structure in the source codes;
analyzing the code features of various vulnerabilities, analyzing key attributes of the code features in the abstract syntax tree, and extracting slices in the abstract syntax tree based on the key attributes, wherein the analyzing comprises the following steps:
analyzing the code characteristics of seven vulnerabilities in the table 1, analyzing the inherent attribute characteristics of the code characteristics in the abstract syntax tree, and extracting one or more key attributes in the inherent attribute characteristics;
positioning the position of the key attribute, taking the key attribute as a center, extracting part of nodes in the abstract syntax tree structure upwards and downwards, forming all extracted nodes into a slice, and combining slices corresponding to all the key attribute into an integral slice;
TABLE 1
The extracting of the semantic features and the structural features of the slice comprises the following steps:
traversing each slice in the whole slices, taking an id which can represent the position of each node attribute in the slice as a node identification, and if a father-son relationship exists between two nodes, an edge exists between the two nodes, thereby obtaining an adjacency matrix of each node;
traversing each slice in the whole slices, representing by taking id as a node, and extracting all semantic information of each node;
embedding semantic information of the node into a vectorized representation using Word2 Vec;
the detecting the vulnerability type information of the intelligent Ethernet contract according to the semantic features and the structural features of the slice through a vulnerability type detection model comprises the following steps:
corresponding each node in the adjacency matrix to semantic information of the vectorized node one by one to obtain integral graph structure data of the intelligent contract with semantic features and structural features;
using a graph isomorphic network as a vulnerability type detection model, inputting the whole graph structure data of the Ethernet intelligent contract into the vulnerability type detection model, and outputting vulnerability type information corresponding to the Ethernet intelligent contract by the vulnerability type detection model;
the graph isomorphic network model consists of graph isomorphic layers, the graph isomorphic layers learn and update graph characteristics, input graph structure data are mixed with node self characteristics after the graph isomorphic layers aggregate neighbor node characteristics, the mixture is input to a multi-layer perceptron to update node characteristics, and finally an output layer outputs a classification result through an activation function;
the locating of the vulnerability location information corresponding to the vulnerability type of the intelligent Ethernet contract according to the semantic features and the structural features of the slice through a vulnerability locating model comprises the following steps:
training a graph self-encoder GAE model by using normal intelligent contract data, and realizing vulnerability localization by adopting a GAE architecture, wherein the GAE model consists of an encoder and a decoder, can encode and learn vectorized graph structure information, generate intermediate variables and finally decode and output, and generate anomalies when the differences between input data and output data exceed a certain range by comparing the differences between the input data and the output data, and the anomalies are different from the normal positions in the graph, so that the anomalies are located;
in the using process, semantic information of vectorized representation of each node is input into a GAE model, and AST is reconstructed by utilizing the generating capacity of the GAE model;
comparing the node fine granularity of the abstract syntax tree AST before reconstruction with that of the AST after reconstruction to obtain error scores before and after reconstruction, positioning the error scores to abnormal semantic information vectors beyond an error range, and remapping the abnormal semantic information vectors back to the abstract syntax tree to realize the vulnerability positioning of the intelligent Ethernet contract.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310421659.3A CN116484384B (en) | 2023-04-19 | 2023-04-19 | Method for detecting and positioning Ethernet intelligent contract loopholes based on deep learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310421659.3A CN116484384B (en) | 2023-04-19 | 2023-04-19 | Method for detecting and positioning Ethernet intelligent contract loopholes based on deep learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116484384A CN116484384A (en) | 2023-07-25 |
| CN116484384B true CN116484384B (en) | 2024-01-19 |
Family
ID=87224533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310421659.3A Active CN116484384B (en) | 2023-04-19 | 2023-04-19 | Method for detecting and positioning Ethernet intelligent contract loopholes based on deep learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116484384B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110659494A (en) * | 2019-09-27 | 2020-01-07 | 重庆邮电大学 | Extensible intelligent contract vulnerability detection method |
| GB201917161D0 (en) * | 2019-08-23 | 2020-01-08 | Praetorian | System and method for automatically detecting a security vulnerability in a source code using a machine learning model |
| CN113360915A (en) * | 2021-06-09 | 2021-09-07 | 扬州大学 | Intelligent contract multi-vulnerability detection method and system based on source code graph representation learning |
| CN115033896A (en) * | 2022-08-15 | 2022-09-09 | 鹏城实验室 | Method, device, system and medium for detecting Ethernet intelligent contract vulnerability |
-
2023
- 2023-04-19 CN CN202310421659.3A patent/CN116484384B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201917161D0 (en) * | 2019-08-23 | 2020-01-08 | Praetorian | System and method for automatically detecting a security vulnerability in a source code using a machine learning model |
| CN110659494A (en) * | 2019-09-27 | 2020-01-07 | 重庆邮电大学 | Extensible intelligent contract vulnerability detection method |
| CN113360915A (en) * | 2021-06-09 | 2021-09-07 | 扬州大学 | Intelligent contract multi-vulnerability detection method and system based on source code graph representation learning |
| CN115033896A (en) * | 2022-08-15 | 2022-09-09 | 鹏城实验室 | Method, device, system and medium for detecting Ethernet intelligent contract vulnerability |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116484384A (en) | 2023-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111428044B (en) | Method, device, equipment and storage medium for acquiring supervision and identification results in multiple modes | |
| CN111783100B (en) | Source code vulnerability detection method for code graph representation learning based on graph convolution network | |
| Li et al. | A hybrid malicious code detection method based on deep learning | |
| Cheng et al. | Static detection of control-flow-related vulnerabilities using graph embedding | |
| CN113420296B (en) | C source code vulnerability detection method based on Bert model and BiLSTM | |
| CN114168938B (en) | Semi-supervised SQL injection attack detection method based on few abnormal labels | |
| CN111866004B (en) | Security assessment method, apparatus, computer system, and medium | |
| CN116627708A (en) | Storage fault analysis system and method thereof | |
| CN116405326B (en) | Information security management method and system based on block chain | |
| Zhang et al. | Log sequence anomaly detection based on local information extraction and globally sparse transformer model | |
| CN115794480A (en) | System abnormal log detection method and system based on log semantic encoder | |
| CN112115326B (en) | Multi-label classification and vulnerability detection method for Etheng intelligent contracts | |
| CN116245513A (en) | Automatic operation and maintenance system and method based on rule base | |
| CN112668013A (en) | Java source code-oriented vulnerability detection method for statement-level mode exploration | |
| CN113783876B (en) | Network security situation awareness method based on graph neural network and related equipment | |
| CN116484384B (en) | Method for detecting and positioning Ethernet intelligent contract loopholes based on deep learning | |
| CN114785606B (en) | Log anomaly detection method based on pretrained LogXLnet model, electronic equipment and storage medium | |
| CN116340951A (en) | Intelligent contract vulnerability detection method based on self-supervision learning | |
| Bilgin | Code2image: Intelligent code analysis by computer vision techniques and application to vulnerability prediction | |
| CN116595551A (en) | Bank transaction data management method and system | |
| CN111581640A (en) | Malicious software detection method, device and equipment and storage medium | |
| CN116361816B (en) | Intelligent contract vulnerability detection method, system, storage medium and equipment | |
| CN117235745B (en) | Deep learning-based industrial control vulnerability mining method, system, equipment and storage medium | |
| CN117763560A (en) | Interpretable vulnerability detection method and system based on double-view causal reasoning | |
| CN113139187B (en) | Method and device for generating and detecting pre-training language model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |