计算机工程与应用 ›› 2024, Vol. 60 ›› Issue (7): 258-265.DOI: 10.3778/j.issn.1002-8331.2307-0402

• 网络、通信与安全 • 上一篇    下一篇

多头注意力机制的图同构网络智能合约源码漏洞检测

师自通,师智斌,刘冬明,雷海卫,龚晓元   

  1. 中北大学 计算机科学与技术学院,太原 030051
  • 出版日期:2024-04-01 发布日期:2024-04-01

Smart Contract Source Code Vulnerability Detection of Graph Isomorphism Network with Multi-Head Attention Mechanism

SHI Zitong, SHI Zhibin, LIU Dongming, LEI Haiwei, GONG Xiaoyuan   

  1. School of Computer Science and Technology, North University of China, Taiyuan 030051, China
  • Online:2024-04-01 Published:2024-04-01

摘要: 针对智能合约源码转化为字节码后部分语法、语义丢失,且现有漏洞检测方法精度低、误报率高,特别是对重入漏洞和时间戳漏洞的检测能力有限等问题,提出一种多头注意力机制的图同构网络智能合约源码漏洞检测方法。使用智能合约源码,结合重入漏洞和时间戳漏洞特点构建图结构并将其规范化;将规范化后的图结构数据投入图同构网络进行迭代训练,利用该网络强大的节点表示和图表示能力进行漏洞检测;在图同构网络的基础上增加多头注意力机制,进一步增强图同构网络的节点表示能力。实验结果显示该方法对重入漏洞和时间戳漏洞检测准确率达到93.08%和92.30%,相较于普通图同构网络方法分别提升1.44和2.00个百分点。证明该方法对相关漏洞的检测能力要优于其他检测工具。

关键词: 智能合约, 漏洞检测, 重入漏洞, 时间戳漏洞, 图同构网络, 多头注意力机制

Abstract: Addressing the challenge of losing syntax and semantics during the conversion of smart contract source code into bytecode, and the existing vulnerability detection methods have low accuracy and high false alarm rate, especially the detection ability of reentrancy vulnerability and timestamp vulnerability is limited, a graph isomorphism network smart contract source code vulnerability detection method with multi-head attention mechanism is proposed. Firstly, the graph structure is constructed and normalized using the smart contract source code while incorporating the distinctive characteristics of reentrancy and timestamp vulnerabilities. Subsequently, the normalized graph structure data is input into the graph isomorphism network for iterative training, harnessing the network’s robust node representation and graph representation capabilities for vulnerability detection. Lastly, this method introduces the multi-head attention mechanism as an enhancement layer to further augment the node representation ability of the graph isomorphism network. Experimental results demonstrate that the proposed method achieves a detection accuracy of 93.08% for reentrancy vulnerabilities and 92.30% for timestamp vulnerabilities. These figures represent improvements of 1.44 and 2.00 percentage points, respectively, when compared to the common graph isomorphism network method. These results firmly establish the superiority of proposed method in terms of detection capability over other existing detection tools.

Key words: smart contract, vulnerability detection, reentrancy vulnerability, timestamp vulnerability, graph isomorphism network, multi-head attention mechanism