Research On Dynamic Detection Of Vulnerabilities In Smart Contract Based On Machine Learning

The emergence of smart contracts as one of the most important application scenarios of blockchain has made blockchain technology widely used in many fields such as finance,logistics,healthcare,and energy,and has become a popular research area.By defining rules in advance and secured by a consensus mechanism,it is able to achieve repudiation resistance of transactions in a trustless network environment.However,as smart contracts are widely used,they are constantly under attack by hackers and have caused a lot of property damage,which greatly affects the healthy development of blockchain ecology.To solve the above problems,this thesis proposes a dynamic detection scheme for smart contract vulnerabilities based on machine learning,with the following main elements:(1)We propose a feature extraction method for opcode sequences based on a combination of N-gram model and weight penalty mechanism.Among them,the opcode sequence is the raw data generated during the dynamic execution of smart contracts for analyzing smart contract vulnerabilities,the N-gram model is to extract features such as the order and number of opcodes in the opcode sequence,and the weight penalty mechanism is used to adjust the weight size of the opcode sequence feature vector and reduce the influence of the weight of common opcodes in the opcode sequence.It is experimentally verified that its detection F1-score is improved by 24.42%,3.46% and 49.68% for KNN,SVM and LR models,respectively,compared to when only N-gram(N=2)model is used to extract features.(2)We propose a machine learning-based vulnerability detection scheme for smart contracts.The scheme employs multiple supervised machine learning algorithms to construct the binary vulnerability detection model respectively,and uses the opcode sequence generated during the dynamic execution of Ethernet smart contracts as the dataset for vulnerability detection.Among the detection results of multiple models,the detection accuracy and F1-score of the optimal SVM model reach 93.71% and 92.55%,respectively.(3)We propose a machine learning-based detection scheme for unknown vulnerabilities in smart contracts.The scheme fuses multiple existing vulnerability features into a hybrid vulnerability feature sample,and uses the vulnerability feature similarity principle and hybrid vulnerability features to detect unknown vulnerabilities in smart contracts.At the same time,the scheme uses the trigram model to extract features from opcode sequences to obtain more vulnerability features.The experimental results show that the unknown vulnerability detection accuracy and F1-score of SVM model using trigram model to extract features reach 92.15%and 75.93%,respectively,compared with 0.73% and 2.56% when using bigram model to extract features.The solution in this thesis focuses on smart contracts that have been deployed on the blockchain system,which detects contract vulnerabilities by analyzing the sequence of opcodes generated during the dynamic execution of smart contracts,which essentially belongs to dynamic detection.