Multi-Label Vulnerability Detection of Smart Contracts Based on Bi-LSTM and Attention Mechanism

Suxiang, Qian; Ning, Haohan; He, Yaqiong; Chen, Mengqi

doi:10.3390/electronics11193260

Cited by 11 publications

(9 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Random forest and support vector machines have been applied to smart contract vulnerability detection [19][20][21]. Recent works like [22][23][24] have expanded the scope by focusing on multiple types of vulnerabilities, offering a more comprehensive vulnerability detection mechanism.…”

Section: Machine Learning Methodsmentioning

confidence: 99%

VdaBSC: A Novel Vulnerability Detection Approach for Blockchain Smart Contract by Dynamic Analysis

Sosu,

Chen,

Boahen

et al. 2023

IET Software

View full text Add to dashboard Cite

Smart contracts have gained immense popularity in recent years as self-executing programs that operate on a blockchain. However, they are not immune to security flaws, which can result in significant financial losses. These flaws can be detected using dynamic analysis methods that extract various aspects from smart contract bytecode. Methods currently used for identifying vulnerabilities in smart contracts mostly rely on static analysis methods that search for predefined vulnerability patterns. However, these patterns often fail to capture complex vulnerabilities, leading to a high rate of false negatives. To overcome this limitation, researchers have explored machine learning-based methods. However, the accurate interpretation of complex logic and structural information in smart contract code remains a challenge. In this study, we present a technique that combines real-time runtime batch normalization and data augmentation for data preprocessing, along with n-grams and one-hot encoding for feature extraction of opcode sequence information from the bytecode. We then combined bidirectional long short-term memory (BiLSTM), convolutional neural network, and the attention mechanism for vulnerability detection and classification. Additionally, our model includes a gated recurrent units memory module that enhances efficiency using historical execution data from the contract. Our results demonstrate that our proposed model effectively identifies smart contract vulnerabilities.

show abstract

Section: Machine Learning Methodsmentioning

confidence: 99%

VdaBSC: A Novel Vulnerability Detection Approach for Blockchain Smart Contract by Dynamic Analysis

Sosu,

Chen,

Boahen

et al. 2023

IET Software

View full text Add to dashboard Cite

show abstract

“…In [31], the authors detect multi-label vulnerabilities such as timestamp, reentrancy, TOD, integer underflow, and overflow using the Bi-LSTM with an accuracy of 88.12%. The author collects 5450 smart contracts from the etherscan website and detects multiple vulnerabilities in the smart contract such as integer underflow, integer overflow, reentrance, timestamp, and transaction order dependency.…”

Section: Literature Reviewmentioning

confidence: 99%

“…For example "0x00" value and its mnemonics value is STOP. The values that have the value of the mnemonic in Ethereum yellow paper are replaced [31], [53].…”

Section: B Data Preparationmentioning

confidence: 99%

Securing Smart Contracts in Fog Computing: Machine Learning-Based Attack Detection for Registration and Resource Access Granting

Ehsan,

Sana,

Ali

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Smart contracts are becoming increasingly popular for managing transactions or activities in fog computing environments. However, the use of smart contracts for registration and resource access granting is vulnerable to various types of attacks that can compromise their security. Detecting these attacks can be challenging, as attackers can use sophisticated techniques to evade detection. This research uses a machine learning-based approach for detecting different attacks on smart contracts used for registration and resource access granting in fog computing. Data is collected from online Ethereum's official site "etherscan.io". Different feature extraction methods and machine learning models are tested. Using accuracy, precision, recall, F1 score, cross-validation, and computational time, the performance of models is evaluated. Results indicate that extreme gradient boosting (XGB) and random forest (RF) provide the highest accuracy of 80% using the term frequency-inverse document frequency (TF-IDF) approach. The light gradient boost classifier provides the highest accuracy of 81% with the Bag of Word (BoW) approach. Similarly, the extra tree provides the highest accuracy of 83% using the N-gram technique. Furthermore, performance using TF-IDF is slightly poorer than BoW and N-gram, however, it has less computational complexity.

show abstract

“…In essence, Ethereum is a distributed (also decentralized) ledger that uses blockchain as its basic support technology, like Bitcoin. It supports the execution and invocation environments of SCs through a Turing-complete machine that is called the Ethereum Virtual Machine [5,7].…”

Section: Ethereummentioning

confidence: 99%

Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature Review

Kiani,

Sheng

2024

Electronics

View full text Add to dashboard Cite

In recent years, emerging trends like smart contracts (SCs) and blockchain have promised to bolster data security. However, SCs deployed on Ethereum are vulnerable to malicious attacks. Adopting machine learning methods is proving to be a satisfactory alternative to conventional vulnerability detection techniques. Nevertheless, most current machine learning techniques depend on sufficient expert knowledge and solely focus on addressing well-known vulnerabilities. This paper puts forward a systematic literature review (SLR) of existing machine learning-based frameworks to address the problem of vulnerability detection. This SLR follows the PRISMA statement, involving a detailed review of 55 papers. In this context, we classify recently published algorithms under three different machine learning perspectives. We explore state-of-the-art machine learning-driven solutions that deal with the class imbalance issue and unknown vulnerabilities. We believe that algorithmic-level approaches have the potential to provide a clear edge over data-level methods in addressing the class imbalance issue. By emphasizing the importance of the positive class and correcting the bias towards the negative class, these approaches offer a unique advantage. This unique feature can improve the efficiency of machine learning-based solutions in identifying various vulnerabilities in SCs. We argue that the detection of unknown vulnerabilities suffers from the absence of a unique definition. Moreover, current frameworks for detecting unknown vulnerabilities are structured to tackle vulnerabilities that exist objectively.

show abstract

Multi-Label Vulnerability Detection of Smart Contracts Based on Bi-LSTM and Attention Mechanism

Cited by 11 publications

References 41 publications

VdaBSC: A Novel Vulnerability Detection Approach for Blockchain Smart Contract by Dynamic Analysis

VdaBSC: A Novel Vulnerability Detection Approach for Blockchain Smart Contract by Dynamic Analysis

Securing Smart Contracts in Fog Computing: Machine Learning-Based Attack Detection for Registration and Resource Access Granting

Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature Review

Contact Info

Product

Resources

About