摘要
针对传统智能合约漏洞检测方案的检测准确率低以及采用深度学习的方案检测漏洞类型单一等问题,文章提出基于双向长短期记忆(Bi-Directional Long Short-Term Memory,BiLSTM)网络和注意力机制的智能合约漏洞检测方案。首先,利用Word2vec词嵌入技术对数据进行训练,通过训练获得操作码词向量表示;然后,通过将词向量传入BiLSTM来提取序列特征,并利用注意力机制为不同的特征赋予不同的权重以突出关键特征;最后,通过激活函数进行归一化处理,实现智能合约漏洞的检测与识别。文章在以太坊上收集了3000个智能合约,并利用这些合约对模型进行实验和评估。实验结果表明,与深度学习模型和传统工具相比,文章所提方案的精确率、召回率和F1分数均有一定提升,能够准确识别出4种类型的智能合约漏洞,准确率达86.34%。
Aiming at the low detection accuracy of the traditional smart contract vulnerability detection scheme and the single type of vulnerability detected by the deep learning scheme,this paper proposed a smart contract vulnerability detection scheme based on bi-directional long short-term memory(BiLSTM)network and attention mechanism.Firstly,the word2vec word embedding technology was used to train the data to obtain the word vector representation of the opcode.Secondly,the word vector was passed into BiLSTM to extract sequence features,and an attention mechanism was introduced to give different weights to different features to highlight key features.Finally,the activation function was normalized to realize the detection and identification of smart contract vulnerabilities.This paper collected 3,000 smart contracts in Ethereum and used them to evaluate the model.The experimental results show that compared with the deep learning model and traditional tools,the scheme in this paper has improved the precision rate,recall rate and F1 score,and can accurately identify four kinds of type of smart contract vulnerabilities,the accuracy rate reached 86.34%.
作者
张光华
刘永升
王鹤
于乃文
ZHANG Guanghua;LIU Yongsheng;WANG He;YU Naiwen(School of Cyber Engineering,Xidian University,Xi’an 710071,China;School of Information Science andEngineering,Hebei University of Science Technology,Shijiazhuang 050018,China)
出处
《信息网络安全》
CSCD
北大核心
2022年第9期46-54,共9页
Netinfo Security
基金
国家自然科学基金[U1836210]。