CN116796323A - Intelligent contract reentry attack detection method, system and terminal equipment - Google Patents

Intelligent contract reentry attack detection method, system and terminal equipment Download PDF

Info

Publication number
CN116796323A
CN116796323A CN202310786215.XA CN202310786215A CN116796323A CN 116796323 A CN116796323 A CN 116796323A CN 202310786215 A CN202310786215 A CN 202310786215A CN 116796323 A CN116796323 A CN 116796323A
Authority
CN
China
Prior art keywords
attack
reentry
intelligent contract
reentrant
recognition model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310786215.XA
Other languages
Chinese (zh)
Inventor
徐中强
宋超
张齐齐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Payegis Information Security Technology Co ltd
Jiangsu Pay Egis Technology Co ltd
Original Assignee
Jiangsu Payegis Information Security Technology Co ltd
Jiangsu Pay Egis Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Payegis Information Security Technology Co ltd, Jiangsu Pay Egis Technology Co ltd filed Critical Jiangsu Payegis Information Security Technology Co ltd
Priority to CN202310786215.XA priority Critical patent/CN116796323A/en
Publication of CN116796323A publication Critical patent/CN116796323A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • G06N3/0455Auto-encoder networks; Encoder-decoder networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Virology (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Molecular Biology (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides an intelligent contract reentry attack detection method, an intelligent contract reentry attack detection system and terminal equipment. The method comprises the steps of preprocessing source code text input during intelligent contract operation to obtain preprocessing data. So as to extract the behavior features and the structural features of the intelligent contract from the preprocessing data. The behavioral and structural characteristics may be input to the reentry attack identification model to output a probability of the reentry attack being present in the smart contract via the reentry attack identification model. And executing the reentry attack defending strategy when the probability of existence of the reentry attack exceeds a threshold value. Based on the reentry attack recognition model, the running state can be synchronously detected when the intelligent contract runs, so that the safety of the intelligent contract during running is improved, and the reentry attack recognition efficiency is also improved.

Description

Intelligent contract reentry attack detection method, system and terminal equipment
Technical Field
The application relates to the technical field of blockchains, in particular to an intelligent contract reentry attack detection method, system and terminal equipment.
Background
The smart contracts implement predefined business logic in a programmed manner and can be automatically executed, thus improving the efficiency of smart contract-based transactions. However, during the operation of the smart contract, the loss of user assets is easily caused by reentry attacks, and the loss is irreversible.
Reentry attacks refer to attack modes in which an intelligent contract is repeatedly executed with asset loss operations by utilizing recursive call vulnerabilities of the intelligent contract in a manner of calling the same function in the contract multiple times. Thus, when the smart contract is deployed, the source code of the smart contract can be detected to judge whether the current smart contract has a reentry attack.
However, in the detection of the smart contract, the related technicians mostly adopt a manual code examination mode to judge the security of the smart contract. In the case of a large code amount, the examination process is liable to be inattentive and inefficient.
Disclosure of Invention
The application provides a method, a system and terminal equipment for detecting re-entry attack of an intelligent contract, which are used for solving the problem of low examination efficiency caused by more code quantity of the intelligent contract.
In a first aspect, the present application provides a method for detecting an attack of reentry of an intelligent contract, including:
preprocessing source code text input during the operation of the intelligent contract to obtain preprocessing data;
extracting behavioral and structural features of the intelligent contract from the preprocessed data;
inputting the behavior characteristic and the structural characteristic into a reentrant attack recognition model to obtain the probability of reentrant attack in the intelligent contract output by the reentrant attack recognition model;
and if the probability exceeds a probability threshold, executing a reentrant attack defense strategy.
In some possible embodiments, the step of performing preprocessing on source code text entered by the smart contract runtime includes:
performing text segmentation on the source code text to convert the source code text into a plurality of labels; the marks comprise variable names, keywords, operators and data literal quantity;
establishing a grammar tree based on the marks and grammar rules;
generating a control flow graph and/or a data flow graph based on the syntax tree.
In some possible embodiments, extracting behavioral and structural features of the smart contract from the pre-processed data includes:
extracting a function call graph according to the nodes in the grammar tree to identify a reentrant attack path;
and/or extracting data flow information and control flow information from the control flow graph and the data flow graph to obtain the execution logic and the data transmission mode of the intelligent contract.
In some possible embodiments, extracting the behavior features and the structural features of the contract-only from the preprocessed data further includes:
extracting the function quantity and variable quantity contained in the intelligent contract from the preprocessing data;
calculating the function depth and the function width of a function corresponding to the nodes of the grammar tree;
and extracting the whole structure information of the intelligent contract according to the function quantity, the variable quantity, the function depth and the function width.
In some possible embodiments, the reentry attack identification model further outputs a type of reentry attack, the method further comprising:
extracting code fragments or function calls containing reentrant attacks from the source code text;
identifying a reentrant attack type according to the code segment and the function call;
and executing the reentry attack defense strategy according to the reentry attack type.
In some possible embodiments, the method further comprises:
inputting the behavior features and the structural features extracted from the training data into a reentrant attack recognition model to be trained to obtain a training prediction result; the training data comprises normal source codes input during intelligent contract running and abnormal source codes with reentrant attack marks;
calculating the error of the real label corresponding to the training prediction result and the training data;
if the error exceeds an error threshold, updating configuration parameters of the reentry attack recognition model to be trained so as to optimize the reentry attack recognition model to be trained;
and if the error is lower than the error threshold, outputting the current reentrant attack recognition model and the configuration parameters of the current reentrant attack recognition model.
In some possible embodiments, the method further comprises:
calculating the accuracy rate, false alarm rate and missing report rate of the reentry attack recognition model for recognizing the reentry attack;
if any one of the accuracy rate, the false alarm rate and the missing alarm rate does not accord with the predicted expected value, searching for an unidentified reentry attack event associated with the false alarm rate and the missing alarm rate; the predicted expected value comprises an accuracy expected value, a false alarm rate expected value and a missing alarm rate expected value;
searching a source code text of an intelligent contract associated with the unidentified reentry attack event;
the source code text associated with the unrecognized reentry attack event is input as training data to the reentry attack recognition model to optimize the reentry attack recognition model.
In a second aspect, the present application provides an intelligent contract reentry attack detection system, including: the device comprises a preprocessing module, a feature extraction module, a reentry attack detection module and a strategy module;
the preprocessing module is used for preprocessing the source code text input during the operation of the intelligent contract to obtain preprocessing data;
the feature extraction module is used for extracting the behavior features and the structural features of the intelligent contract from the preprocessing data;
the reentry attack module is used for inputting the behavior characteristic and the structural characteristic into a reentry attack recognition model to obtain the probability of reentry attack in the intelligent contract;
the policy module is used for executing a reentrant attack defense policy when the probability exceeds a threshold.
In some possible embodiments, the system further comprises a training module configured to:
inputting the behavior features and the structural features extracted from the training data into the reentry attack recognition model to obtain a reentry attack prediction result; the training data comprises normal source codes input during intelligent contract running and abnormal source codes with reentrant attack marks;
calculating an error of a real label corresponding to the prediction result and the training data;
if the error exceeds an error threshold, updating configuration parameters of the reentry attack recognition model to optimize the reentry attack recognition model;
and if the error is lower than the error threshold, outputting the current reentrant attack recognition model and the configuration parameters of the current reentrant attack recognition model.
In a third aspect, the present application provides a terminal device, configured to deploy an intelligent contract on a blockchain and monitor the intelligent contract, including the intelligent contract reentry attack detection system provided in the second aspect; the detection system is used for monitoring whether the reentry attack exists in the intelligent contract running process and executing the defending strategy according to the type of the reentry attack.
As can be seen from the technical content, the application provides an intelligent contract reentry attack detection method, an intelligent contract reentry attack detection system and terminal equipment. The method comprises the steps of preprocessing source code text input during intelligent contract operation to obtain preprocessing data. So as to extract the behavior features and the structural features of the intelligent contract from the preprocessing data. The behavioral and structural characteristics may be input to the reentry attack identification model to output a probability of the reentry attack being present in the smart contract via the reentry attack identification model. And executing the reentry attack defending strategy when the probability of existence of the reentry attack exceeds a threshold value. Based on the reentry attack recognition model, the running state can be synchronously detected when the intelligent contract runs, so that the safety of the intelligent contract during running is improved, and the reentry attack recognition efficiency is also improved.
Drawings
In order to more clearly illustrate the technical solution of the present application, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a schematic flow chart of an intelligent contract re-entry attack detection method provided by an embodiment of the application;
FIG. 2 is a schematic diagram of pretreatment according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a dynamic optimization reentry attack recognition model according to an embodiment of the present application;
fig. 4 is a schematic diagram of the intelligent contract reentry attack system module according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The embodiments described in the examples below do not represent all embodiments consistent with the application. Merely exemplary of systems and methods consistent with aspects of the application as set forth in the claims.
The intelligent engagement is applied to a plurality of fields such as financial services, supply chain management, copyright protection and the like due to the characteristic that the intelligent engagement can automatically execute a predefined task without intermediation. However, the field has high requirements on application security, and the intelligent combination is easy to generate available attack loopholes due to the structural characteristics of the field. For example, a reentry attack may utilize a recursive call vulnerability of a smart contract, calling the same function in the contract multiple times, repeatedly executing the smart contract to form a security threat. In the related art, the source code of the intelligent contract can be inspected before the intelligent contract is deployed, but when the deployment quantity of the intelligent contract is large, the source code quantity is increased, so that the inspection efficiency is low, and problems are not easy to find in the process of operating the intelligent contract.
In view of the above problems, as shown in fig. 1, the present application provides a method for detecting an attack of reentry of an intelligent contract. The method comprises the following steps:
s100: preprocessing source code text input during the operation of the intelligent contract to obtain preprocessing data;
deployment of the smart contract relies on input of source code, so the source code of the smart contract can serve as the data basis for reentry attack detection. Performing preprocessing on the source code text may convert the source code into structured data. The preprocessed data may represent the links between code fragments in the source code.
In some embodiments, as shown in FIG. 2, the step of performing preprocessing on source code text entered by the smart contract runtime includes:
performing a segmentation operation on the source code text to convert the source code text into a plurality of labels;
establishing a grammar tree based on the marks and grammar rules;
generating a control flow graph and/or a data flow graph based on the syntax tree.
Source code may also be understood as a language, so that the meaning of portions of source code may be resolved by lexical and grammatical analysis of the source code. And a visual representation of the source code can be established based on lexical and grammatical analysis. When performing lexical analysis on source code, a source code segmentation operation may be employed to segment the source code into a series of labels including variable names, keywords, operators, and data literals.
It is understood that the source code segmentation operation may be performed by a lexical analyzer. The lexical analyzer may preset a regular expression rule for segmenting the source code, and map characters and character strings contained in the source code text to specific marks according to the regular expression rule.
The grammar rules correspond to a grammar analysis, and the grammar rules are used for organizing and arranging a plurality of marks obtained by the lexical analysis. The sequence relation and the hierarchy relation among the marks can be established through grammar rules, and then a structure capable of visually representing the source codes is formed. For example, a grammar tree is generated according to the marks and grammar rules, one node in the grammar tree can be a function call in the source code, and a child node of the node can be a function name and parameters associated with the function call. The structure of the syntax tree is more intuitive and thus more advantageous for extracting features of the source code from the syntax tree.
In some embodiments, syntax tree based intermediate representations that facilitate analysis and optimization may also be generated, such as control flow graphs for describing program execution flows, data flow graphs for exposing data flows. The intermediate representation generated based on the grammar tree has a certain dynamic characteristic, and is beneficial to identifying the reentry attack according to the dynamic change of the data when the intelligent contract runs.
S200: extracting behavioral and structural features of the intelligent contract from the preprocessed data;
the characteristics of the intelligent contract can be used for judging whether the reentry attack exists when the current intelligent contract runs, and the type of the reentry attack can also be judged according to the characteristics of the reentry attack. For example, behavior characteristics correspond to the dynamic behavior of an intelligent contract at runtime, which is manifested in the execution of source code as a call to a function, a data flow trend, and an execution order of the source code.
Thus in some embodiments, extracting the contractual behavior features and structural features from the preprocessed data comprises:
extracting a function call graph according to the nodes in the grammar tree to identify a reentrant attack path;
and/or extracting data flow information and control flow information from the control flow graph and the data flow graph to obtain the execution logic and the data transmission mode of the intelligent contract.
The function call graph is a directed graph for describing call relations among functions, nodes of the directed graph represent functions, and edges of the directed graph represent call relations. By analyzing the function call graph, the interaction mode of each function in the source code of the intelligent contract can be obtained, and the reentrant attack path can be detected/predicted based on the interaction mode.
The execution logic and the data transmission mode of the intelligent contract can be obtained from the data flow diagram and the control flow diagram, global variables and state variables in the source code of the intelligent contract and the transmission mode of the variables can be identified according to the execution logic and the data transmission mode, and then the execution flow of the condition judgment structure and the circulation structure of the source code of the intelligent contract can be analyzed. The execution flow corresponds to code logic, so that code logic that is prone to re-entry attacks can be analyzed based on the execution flow.
In other embodiments, extracting behavioral and structural features of the smart contract from the pre-processed data further comprises:
extracting the function quantity and variable quantity contained in the intelligent contract from the preprocessing data;
calculating the function depth and the function width of a function corresponding to the nodes of the grammar tree;
and extracting the whole structure information of the intelligent contract according to the function quantity, the variable quantity, the function depth and the function width.
The source code of the intelligent contract contains a higher degree of correlation between the number of functions and the number of variables and the complexity of the intelligent contract, and the higher the complexity of the source code, the higher the risk of attack vulnerability exists, so that the security of the intelligent contract in operation can be influenced. The depth and width of the function are also highly correlated to the complexity of the smart contract. The number of functions, the number of variables, the depth of functions and the width of functions of the smart contract can thus be extracted from the pre-processing data to obtain overall structural information describing the static characteristics of the smart contract. To analyze the part of the intelligent contract which may be at risk through the whole structure information and to adjust the source code of the intelligent contract in time.
It will be appreciated that the function depth and the function width may be calculated based on the syntax tree obtained by preprocessing. The method of preprocessing the source code of the intelligent contract is beneficial to extracting the static characteristic features of the intelligent contract.
S300: inputting the behavior characteristic and the structural characteristic into a reentrant attack recognition model to obtain the probability of reentrant attack in the intelligent contract output by the reentrant attack recognition model; the method comprises the steps of carrying out a first treatment on the surface of the
The reentry attack recognition model is a deep learning model, and can recognize whether the currently running intelligent contract has reentry attack or risk of being invaded by the reentry attack according to dynamic characteristics and static characteristics extracted from the preprocessed data. In some embodiments, the deep learning model is a transducer model. The transducer model can be used to process continuous numerical features (dynamic features) and discrete structured features (static features), and can be trained in parallel, and similarly can be identified in parallel. Therefore, the training efficiency and the re-entry attack recognition efficiency are both at a high level.
In some embodiments, the reentrant attack identification model may be trained by training data, comprising the steps of:
inputting the behavior features and the structural features extracted from the training data into a reentrant attack recognition model to be trained to obtain a training prediction result;
calculating the error of the real label corresponding to the training prediction result and the training data;
if the error exceeds an error threshold, updating configuration parameters of the reentry attack recognition model to be trained so as to optimize the reentry attack recognition model to be trained;
and if the error is lower than the error threshold, outputting the current reentrant attack recognition model and the configuration parameters of the current reentrant attack recognition model.
The training data includes normal source code entered by the smart contract runtime and abnormal source code with reentrant attack markers. The normal source code and the abnormal source code are used to provide data samples for the training model. It should be noted that the number of normal source codes and abnormal source codes should be in a certain balance to avoid the problem of poor training effect caused by unbalance of data samples.
It will be appreciated that the training data also requires pre-processing and feature extraction when used to train the reentrant attack recognition model, and inputs the extracted dynamic and static features into the reentrant attack model for training. The training data also comprises the reentrant attack type corresponding to the abnormal source code, so that the reentrant attack identification model is convenient to train and identify the reentrant attack type.
The reentry attack recognition model comprises a forward propagation part and a backward propagation part during training, wherein the forward propagation part is a process of calculating according to the characteristics of the intelligent contract to obtain a prediction result; back propagation is the process of optimizing model parameters. The back propagation can be realized by calculating a real result (real label) corresponding to the predicted result and the training data, and judging whether the reentrant attack recognition model reaches the optimal level according to the error and the error threshold value of the predicted result and the real label.
For example, when the error is greater than the error threshold, the configuration parameters representing the reentry attack recognition model need to be optimized, for example, the learning rate, regularization parameters, and configuration parameters such as an optimizer of the reentry attack recognition model can be adjusted according to the error value. And continuing training the model with the configuration parameters adjusted, and iterating for a plurality of times to obtain an optimal reentrant attack identification model. It will be appreciated that when the error is below the error threshold, then the current reentry attack identification model may be marked as the optimal model and output for monitoring the smart contract.
Training the reentrant attack recognition model through training data containing the abnormal source code and the normal source code of the reentrant attack mark is beneficial to improving the learning capacity of the reentrant attack recognition model to be trained so as to improve the training efficiency. The optimal reentry attack recognition model obtained through training can be used for synchronously monitoring the operation of the intelligent contract when the intelligent contract is deployed.
S400: and if the probability exceeds a probability threshold, executing a reentrant attack defense strategy.
The value output by the trained reentry attack recognition model can be the probability of reentry attack contained in the current intelligent contract operation, and when the probability exceeds a corresponding threshold value, a defense strategy is required to be executed to reduce the probability of asset loss caused by reentry attack.
In some embodiments, the reentrant attack identification model may also output the type of reentrant attack, including the steps of:
extracting code fragments or function calls containing reentrant attacks from the source code text;
identifying a reentrant attack type according to the code segment and the function call;
and executing the reentry attack defense strategy according to the reentry attack type.
Reentrant attacks come in a variety of forms, such as single function reentry, multi-function reentry, cross-contract reentry, and read-only reentry. It can be understood that the reentry attacks are all attacks aimed at logic rules and execution modes in the source code of the intelligent contract. Such attack means may be embodied from a code fragment of the source code of the smart contract, a function call. In training the reentrant attack recognition model, feature vectors corresponding to the code segments and the function calls can be extracted for training the reentrant attack classification.
It may be appreciated that the reentrant attack recognition model may further extract a feature vector associated with the reentrant attack feature according to the preprocessing and feature extraction results, and recognize the type of the reentrant attack according to the feature vector.
For example, the reentry attack recognition model recognizes that some of the current smart contract's source code should not be invoked after the function has performed its corresponding function. But is still invoked after the function is executed, resulting in triggering other operational flows of the smart contract. The reentry attack recognition model outputs the existence of the single function reentry attack (or the probability of existence of the single function reentry attack) in the current intelligent contract according to the characteristic.
It should be noted that, in the process of detecting the reentrant attack recognition model, iterative optimization may be performed according to a detection result at a period of time or a moment, so as to adapt to multiple attack types. As shown in fig. 3, the steps include:
calculating the accuracy rate, false alarm rate and missing report rate of the reentry attack recognition model for recognizing the reentry attack;
if any one of the accuracy rate, the false alarm rate and the missing alarm rate does not accord with the predicted expected value, searching for an unidentified reentry attack event associated with the false alarm rate and the missing alarm rate;
searching a source code text of an intelligent contract associated with the unidentified reentry attack event;
the source code text associated with the unrecognized reentry attack event is input as training data to the reentry attack recognition model to optimize the reentry attack recognition model.
The type and number of re-entry attacks can be increased, so that the re-entry attack identification model also needs to be dynamically optimized to adapt to the changes of the re-entry attacks. In some embodiments, it may be determined whether the model needs to be optimized by counting the accuracy, false positive rate, and false negative rate of the reentry attack recognition model. The lower the accuracy, the higher the false alarm rate and the missing alarm rate, the more the reentry attack model needs to be optimized. The corresponding expected values can also be set for the accuracy rate, the false alarm rate and the missing alarm rate, and the expected values can comprise the accuracy rate expected value, the false alarm rate expected value and the missing alarm rate expected value. When any expected value is not met, the model is optimized to improve the detection capability of the reentry attack identification model in real time, and further improve the running safety of the intelligent contract.
The false alarm rate and the false alarm rate can be statistical values in a period of time, so that the running data of the intelligent contract in the period of time can be used as training data to train the reentrant attack model so as to increase the sample size of the reentrant attack source codes which contain inaccurate identification, so that the model can increase the identification capacity of novel reentrant attacks through training, and further the false alarm rate is reduced. Meanwhile, the false alarm rate can be reduced, and the accuracy of reentry attack prediction is further improved.
In some embodiments, as shown in fig. 4, the present application provides a detection system for an intelligent contract reentry attack, including: the device comprises a preprocessing module, a feature extraction module, a reentry attack detection module and a strategy module;
the preprocessing module is used for preprocessing the source code text input during the operation of the intelligent contract to obtain preprocessing data;
the feature extraction module is used for extracting the behavior features and the structural features of the intelligent contract from the preprocessing data;
the reentry attack module is used for inputting the behavior characteristic and the structural characteristic into a reentry attack recognition model to obtain the probability of reentry attack in the intelligent contract;
the policy module is used for executing a reentrant attack defense policy when the probability exceeds a threshold.
In some embodiments, the detection system further comprises a training module configured to:
inputting the behavior features and the structural features extracted from the training data into a reentrant attack recognition model to be trained to obtain a training prediction result; the training data comprises normal source codes input during intelligent contract running and abnormal source codes with reentrant attack marks;
calculating the error of the real label corresponding to the training prediction result and the training data;
if the error exceeds an error threshold, updating configuration parameters of the reentry attack recognition model to be trained so as to optimize the reentry attack recognition model to be trained;
and if the error is lower than the error threshold, outputting the current reentrant attack recognition model and the configuration parameters of the current reentrant attack recognition model.
In some embodiments, the present application provides a terminal device for deploying a smart contract on a blockchain and monitoring the smart contract, including a smart contract reentry attack detection system provided in a system embodiment; the detection system is used for monitoring whether the reentry attack exists in the intelligent contract running process and executing the defending strategy according to the type of the reentry attack.
The application provides an intelligent contract reentry attack detection method, an intelligent contract reentry attack detection system and terminal equipment. The method comprises the steps of preprocessing source code text input during intelligent contract operation to obtain preprocessing data. So as to extract the behavior features and the structural features of the intelligent contract from the preprocessing data. The behavioral and structural characteristics may be input to the reentry attack identification model to output a probability of the reentry attack being present in the smart contract via the reentry attack identification model. And executing the reentry attack defending strategy when the probability of existence of the reentry attack exceeds a threshold value. Based on the reentry attack recognition model, the running state of the intelligent contract can be synchronously detected when the intelligent contract runs, so that the safety of the intelligent contract during running is improved, and the reentry attack recognition efficiency is also improved.
The above-provided detailed description is merely a few examples under the general inventive concept and does not limit the scope of the present application. Any other embodiments which are extended according to the solution of the application without inventive effort fall within the scope of protection of the application for a person skilled in the art.

Claims (10)

1. An intelligent contract reentry attack detection method, comprising:
preprocessing source code text input during the operation of the intelligent contract to obtain preprocessing data;
extracting behavioral and structural features of the intelligent contract from the preprocessed data;
inputting the behavior characteristic and the structural characteristic into a reentrant attack recognition model to obtain the probability of reentrant attack in the intelligent contract output by the reentrant attack recognition model;
and if the probability exceeds a probability threshold, executing a reentrant attack defense strategy.
2. The method of detecting according to claim 1, wherein the step of performing preprocessing on the source code text entered by the smart contract runtime comprises:
performing text segmentation on the source code text to convert the source code text into a plurality of labels; the marks comprise variable names, keywords, operators and data literal quantity;
establishing a grammar tree based on the marks and grammar rules;
generating a control flow graph and/or a data flow graph based on the syntax tree.
3. The method of claim 2, wherein extracting behavioral and structural features of the smart contract from the pre-processed data comprises:
extracting a function call graph according to the nodes in the grammar tree to identify a reentrant attack path;
and/or extracting data flow information and control flow information from the control flow graph and the data flow graph to obtain the execution logic and the data transmission mode of the intelligent contract.
4. The method of claim 2, wherein extracting behavioral and structural features of the smart contract from the pre-processed data further comprises:
extracting the function quantity and variable quantity contained in the intelligent contract from the preprocessing data;
calculating the function depth and the function width of a function corresponding to the nodes of the grammar tree;
and extracting the whole structure information of the intelligent contract according to the function quantity, the variable quantity, the function depth and the function width.
5. The detection method according to claim 1, wherein the reentry attack identification model further outputs a type of reentry attack, the method further comprising:
extracting code fragments or function calls containing reentrant attacks from the source code text;
identifying a reentrant attack type according to the code segment and the function call;
and executing the reentry attack defense strategy according to the reentry attack type.
6. The method of detecting according to claim 1, further comprising:
inputting the behavior features and the structural features extracted from the training data into a reentrant attack recognition model to be trained to obtain a training prediction result; the training data comprises normal source codes input during intelligent contract running and abnormal source codes with reentrant attack marks;
calculating the error of the real label corresponding to the training prediction result and the training data;
if the error exceeds an error threshold, updating configuration parameters of the reentry attack recognition model to be trained so as to optimize the reentry attack recognition model to be trained;
and if the error is lower than the error threshold, outputting the current reentrant attack recognition model and the configuration parameters of the current reentrant attack recognition model.
7. The method of detecting according to claim 1, further comprising:
calculating the accuracy rate, false alarm rate and missing report rate of the reentry attack recognition model for recognizing the reentry attack;
if any one of the accuracy rate, the false alarm rate and the missing alarm rate does not accord with the predicted expected value, searching for an unidentified reentry attack event associated with the false alarm rate and the missing alarm rate; the predicted expected value comprises an accuracy expected value, a false alarm rate expected value and a missing alarm rate expected value;
searching a source code text of an intelligent contract associated with the unidentified reentry attack event;
the source code text associated with the unrecognized reentry attack event is input as training data to the reentry attack recognition model to optimize the reentry attack recognition model.
8. An intelligent contract reentry attack detection system, comprising: the device comprises a preprocessing module, a feature extraction module, a reentry attack detection module and a strategy module;
the preprocessing module is used for preprocessing the source code text input during the operation of the intelligent contract to obtain preprocessing data;
the feature extraction module is used for extracting the behavior features and the structural features of the intelligent contract from the preprocessing data;
the reentry attack module is used for inputting the behavior characteristic and the structural characteristic into a reentry attack recognition model to obtain the probability of reentry attack in the intelligent contract;
the policy module is used for executing a reentrant attack defense policy when the probability exceeds a threshold.
9. The system of claim 8, further comprising a training module configured to:
inputting the behavior features and the structural features extracted from the training data into the reentry attack recognition model to obtain a reentry attack prediction result; the training data comprises normal source codes input during intelligent contract running and abnormal source codes with reentrant attack marks;
calculating an error of a real label corresponding to the prediction result and the training data;
if the error exceeds an error threshold, updating configuration parameters of the reentry attack recognition model to optimize the reentry attack recognition model;
and if the error is lower than the error threshold, outputting the current reentrant attack recognition model and the configuration parameters of the current reentrant attack recognition model.
10. A terminal device for deploying and monitoring a smart contract on a blockchain, comprising the smart contract re-entry attack detection system of any of claims 8-9; the detection system is used for monitoring whether the reentry attack exists in the intelligent contract running process and executing the defending strategy according to the type of the reentry attack.
CN202310786215.XA 2023-06-29 2023-06-29 Intelligent contract reentry attack detection method, system and terminal equipment Pending CN116796323A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310786215.XA CN116796323A (en) 2023-06-29 2023-06-29 Intelligent contract reentry attack detection method, system and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310786215.XA CN116796323A (en) 2023-06-29 2023-06-29 Intelligent contract reentry attack detection method, system and terminal equipment

Publications (1)

Publication Number Publication Date
CN116796323A true CN116796323A (en) 2023-09-22

Family

ID=88034522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310786215.XA Pending CN116796323A (en) 2023-06-29 2023-06-29 Intelligent contract reentry attack detection method, system and terminal equipment

Country Status (1)

Country Link
CN (1) CN116796323A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117834263A (en) * 2023-12-29 2024-04-05 蚂蚁智安安全技术(上海)有限公司 Reentrant attack detection method and device for blockchain contracts

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117834263A (en) * 2023-12-29 2024-04-05 蚂蚁智安安全技术(上海)有限公司 Reentrant attack detection method and device for blockchain contracts

Similar Documents

Publication Publication Date Title
CN107885999B (en) Vulnerability detection method and system based on deep learning
CN110245496A (en) A kind of source code leak detection method and detector and its training method and system
CN112307473A (en) Malicious JavaScript code detection model based on Bi-LSTM network and attention mechanism
CN111611583B (en) Malicious code homology analysis method and malicious code homology analysis device
CN116049831A (en) Software vulnerability detection method based on static analysis and dynamic analysis
CN114297654A (en) Intelligent contract vulnerability detection method and system for source code hierarchy
KR102192196B1 (en) An apparatus and method for detecting malicious codes using ai based machine running cross validation techniques
CN113297580B (en) Code semantic analysis-based electric power information system safety protection method and device
CN116796323A (en) Intelligent contract reentry attack detection method, system and terminal equipment
CN114861194A (en) Multi-type vulnerability detection method based on BGRU and CNN fusion model
CN115048370B (en) Artificial intelligence processing method for big data cleaning and big data cleaning system
CN115146282A (en) AST-based source code anomaly detection method and device
CN114942879A (en) Source code vulnerability detection and positioning method based on graph neural network
CN111931935A (en) Network security knowledge extraction method and device based on One-shot learning
CN111177731A (en) Software source code vulnerability detection method based on artificial neural network
CN114817932A (en) Ether house intelligent contract vulnerability detection method and system based on pre-training model
CN115964716A (en) Vulnerability data analysis method and device, electronic equipment and storage medium
CN115269427A (en) Intermediate language representation method and system for WEB injection vulnerability
CN116305119A (en) APT malicious software classification method and device based on predictive guidance prototype
CN116305158A (en) Vulnerability identification method based on slice code dependency graph semantic learning
CN116340952A (en) Intelligent contract vulnerability detection method based on operation code program dependency graph
US11977633B2 (en) Augmented machine learning malware detection based on static and dynamic analysis
CN115618355A (en) Injection attack result judgment method, device, equipment and storage medium
KR20210011822A (en) Method of detecting abnormal log based on artificial intelligence and system implementing thereof
CN112257076B (en) Vulnerability detection method based on random detection algorithm and information aggregation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination