Detecting And Analyzing Vulnerabilities In Smart Contracts Based On Deep Learning Models

With the continuous development of social and economic needs,blockchain has developed as a new technology,and has attracted widespread attention in academic research and practical industrial applications.Ethereum is one of the most popular blockchain platforms,smart contracts act as autonomous agents in key distributed applications and hold large amounts of cryptocurrency to execute trusted transactions and protocols.At present,Ethereum has deployed tens of thousands of smart contracts to control the billions of dollars worth of Ethereum's cryptocurrency.The security incidents of Ethereum smart contracts caused by attackers have also emerged one after another,and the loss of funds is particularly serious.Smart contracts are written by developers using high-level language Solidity,and the related technology is not mature,so it is difficult to avoid the vulnerabilities in smart contract.In recent years,the security of smart contract has gradually attracted scholars' attention.There are some frameworks and tools for vulnerability detection of Ethereum smart contract,but they show some obvious shortcomings,such as low detection accuracy,complex execution environment and so on,the detection effect is not satisfactory.The number of smart contracts continues to grow rapidly,and the research on new smart contract vulnerability detection methods has become an inevitable trend.In order to ensure the effectiveness of smart contract vulnerability detection,this paper proposes a method of detecting the vulnerability of smart contracts based on deep learning algorithm.It can detect six kinds of vulnerabilities,such as integer underflow vulnerability,integer overflow vulnerability,unchecked return value vulnerability,transaction order dependency vulnerability,timestamp dependency vulnerability and reentrancy vulnerability,which are the most common ones in Ethereum smart contract.Through a large number of experiments,it is proved that the proposed method is suitable for the current smart contract vulnerability detection,and improves the performance of vulnerability detection.The main contributions of this paper are as follows:(1)Smart contract vulnerability detecting methods based on opcode n-gram is proposed.The opcode data stream is obtained by compiling the source code of Ethereum smart contract and analyzing bytecode.After analyzing the source code of Solidity,bytecode and opcode,the opcode simplification abstract rules are proposed,and the opcode is abstracted.Then,the n-gram algorithm model is used to segment the abstract opcode data stream,and then get the feature segment of the bigram opcode.Then,the feature values are obtained by defining the feature values calculation method,and then the feature matrix is constructed.The paper also uses Ov R strategy to construct a multilabel classification model for machine learning,and carries out training experiments on the huge smart contract data set collected,and realizes the detection of the vulnerabilities of Ethereum smart contract.(2)Methods of detecting the vulnerability of deep learning smart contract based on opcode sequence is proposed.The opcode data stream is obtained by compiling the source code of Ethereum smart contract and analyzing bytecode.According to the corresponding relationship between the opcode and the value of the hexadecimal number in the Yellow Book of Ethereum,the dictionary is constructed.The operating code data stream is transformed into the sequence of operating code represented by the hexadecimal number.Through the analysis of the sequence of the operating code,design four different deep learning network structures such as the recurrent Neural Network,long-term memory neural network,CNN-Bi GRU and CNN-LSTM for vulnerability detection.(3)The large data set of Ethereum smart contract vulnerability is constructed by realtime crawling and acquisition,and the detection methods of smart contract vulnerability is analyzed through a large number of experiments.In order to obtain sufficient smart contract data set,this paper designs and implements smart contract crawler tool by using network crawler technology.Through long-time crawling,a large number of Ethereum smart contract data are acquired in real time.In order to enrich the data set,the real and effective Ethereum smart contract is also collected on the Internet,and the smart contract data is labeled by means of tools and artificial.Thus,a large and new smart contract data set is constructed,which contains 47527 smart contracts data.A large number of experiments have proved that CNN-LSTM classification model based on the operation code sequence of Ethereum smart contract has the best detection effect on six common vulnerabilities of Ethereum smart contracts.The F1-score values of integer overflow vulnerability,integer overflow vulnerability,unchecked return value vulnerability,transaction sequence dependency vulnerability,timestamp dependency vulnerability and reentrancy vulnerability have reached 0.87,0.84,0.83,0.82,0.80,0.75,respectively.The macro-F1 value of the six vulnerability evaluation indexes reached 82.1%,and the performance was better than the testing tool to some extent.