Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A Novel Smart Contract Reentrancy Vulnerability Detection Model based on BiGAS

  • Published:
Journal of Signal Processing Systems Aims and scope Submit manuscript

Abstract

With the development of blockchain technology, smart contracts have attracted a lot of attention in recent years. They are widely used because they can reduce the cost of trust compared with traditional contracts. At the same time, they are at risk of being hacked. Therefore, the current research on smart contract vulnerability detection is particularly important. We proposed a novel smart contract reentrancy vulnerability detection model based on BiGAS. We had conducted numerous experiments, and the experimental results showed that our model (BiGAS Detection Model) has a strong vulnerability detection ability. It achieves an accuracy and F1-score of over 93% for the detection of reentrancy vulnerabilities in smart contracts. To verify that the choice of SVM is one of the reasons for improving the performance of our method, Softmax was replaced by the SVM classifier in the model. The accuracy of the model with the classifier replaced with Softmax was 89.78% and the F1-score was 89.83%. In addition, we compared our approach with advanced automated audit tools and other deep learning-based vulnerability detection methods. Compared with the existing advanced methods, the accuracy and F1-score improvement of our model ranges from 4 to 23%. The conclusion was that our method is significantly better than the existing advanced methods in detecting smart contract reentrancy vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10

Similar content being viewed by others

Data Availability

The experimental data and associated code used in this study have been deposited in the GitHub repository (https://github.com/wobulijie10086/deection/tree/master)

References

  1. Zhu, Y., Song, W., Wang, D., Ma, D., & Chu, W.C.-C. (2021). TA-SPESC: Toward Asset-Driven Smart Contract Language Supporting Ownership Transaction and Rule-Based Generation on Blockchain. IEEE Transactions on Reliability, 70(3), 1255–1270. https://doi.org/10.1109/TR.2021.3054617

    Article  Google Scholar 

  2. Gai, K., Zhang, Y., Qiu, M., & Thuraisingham, B. (2022). Blockchain-Enabled Service Optimizations in Supply Chain Digital Twin. In IEEE Transactions on Services Computinghttps://doi.org/10.1109/TSC.2022.3192166

  3. Gai, K., Guo, J., Zhu, L., & Yu, S. (2020) Blockchain Meets Cloud Computing: A Survey. In IEEE Communications Surveys & Tutorials (vol. 22, no. 3, pp. 2009–2030, thirdquarter). https://doi.org/10.1109/COMST.2020.2989392

  4. Zhang, Y., Gai, K., Xiao, J., Zhu, L., & Choo, K.-K.R. (2022). Blockchain-Empowered Efficient Data Sharing in Internet of Things Settings. IEEE Journal on Selected Areas in Communications, 40(12), 3422–3436. https://doi.org/10.1109/JSAC.2022.3213353

    Article  Google Scholar 

  5. Gai, K., Wu, Y., Zhu, L., Qiu, M., & Shen, M. (2019). Privacy-Preserving Energy Trading Using Consortium Blockchain in Smart Grid. IEEE Transactions on Industrial Informatics, 15(6), 3548–3558. https://doi.org/10.1109/TII.2019.2893433

    Article  Google Scholar 

  6. Zhang, K. F., Zhang, S. L., & Jin, S. (2019). The Security Research of Blockchain Smart Contract. Journal of Information Security Research, 5(3), 192–206.

    Google Scholar 

  7. Zou, W. Q., Lo, D., Kochhar, P. S., et al. (2019). Smart contract development: Challenges and opportunities. IEEE Transactions on Software Engineering, 47, 2084–2106. https://doi.org/10.1109/TSE.2019.2942301

    Article  Google Scholar 

  8. Hu, T., Liu, X., Chen, T., et al. (2021). Transaction-based classification and detection approach for Ethereum smart contract. Information Processing & Management, 58(2), 102462. https://doi.org/10.1016/j.ipm.2020.102462

  9. Amiet, N. (2021). Blockchain Vulnerabilities in Practice. ACM Digital Library (vol. 2, no. 2, article 8).

  10. Wang, T., Wei, T., Gu, G., et al. (2011). Checksum-aware fuzzing combined with dynamic taint analysis and symbolic execution. ACM Transactions on Information and System Security (TISSEC), 14(2), 1–28.

    Article  Google Scholar 

  11. Chung, J., Gulcehre, C., Cho, K., et al. (2014). Empirical evaluation of gated recurrent neural networks on sequence modeling. In NIPS 2014 Workshop on Deep Learning, December 2014.

  12. Hinton, G. E., & Salakhutdinov, R. R. (2009). Replicated softmax: An undirected topic model. Advances in Neural Information Processing Systems, 22, 1607–1614.

    Google Scholar 

  13. Liu, W., Wen, Y., Yu, Z., et al. (2016). Large-margin softmax loss for convolutional neural networks. ICML, 2(3), 7.

    Google Scholar 

  14. Cortes, C., & Vapnik, V. (1995). Support-vector networksm. Machine Learning, 20(3), 273–297.

    Article  Google Scholar 

  15. Agarap, A. F. M. (2018). A neural network architecture combining gated recurrent unit (GRU) and support vector machine (SVM) for intrusion detection in network traffic data. Proceedings: the 2018 10th international conference on machine learning and computing (ICMLC), (pp. 26–30).

  16. Alalshekmubarak, A., & Smith, L. S. (2013). A novel approach combining recurrent neural network and support vector machines for time series classification. In 2013 9th International Conference. Proceedings: Innovations in Information Technology (IIT), (pp. 42–47). Al Ain, United Arab Emirates.

    Google Scholar 

  17. Agarap, A. F. (2017). An architecture combining convolutional neural network (CNN) and support vector machine (SVM) for image classification.

  18. Hao, X., Ren, W., Zheng, W. (2020). SCScan: An SVM-based Scanning System for Vulnerabilities in Blockchain Smart Contracts. In 2020 IEEE 19th International Conference. Proceedings: Trust, Security and Privacy in Computing and Communications (TrustCom), (pp. 1598–1605). Guangzhou, China.

    Google Scholar 

  19. She, D., & Jia, M. (2021). A BiGRU method for remaining useful life prediction of machinery. Measurement, 167, 108277.

    Article  Google Scholar 

  20. Qian, P., Liu, Z., He, Q., et al. (2020). Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access, 8, 19685–19695. https://doi.org/10.1109/ACCESS.2020.2969429

    Article  Google Scholar 

  21. Luu, L., Chu, D. H., Olickel, H. (2016). Making smart contracts smarter. In 2016 ACM SIGSAC Conference. Proceedings: Computer and Communications Security (CCS), (pp. 254–269). New York City, NY, USA.

    Google Scholar 

  22. Ferreira Torres, C., Baden, M., Norvill, R., et al. (2020). Ægis: Shielding vulnerable smart contracts against attacks. In the 15th ACM Asia Conference. Proceedings: Computer and Communications Security, (pp. 584–597).

  23. Mueller, B. (2017). Mythril-Reversing and bug hunting framework for the Ethereum blockchain. 2021–08–31]. https://pypi.org/project/mythril/0.8.2

  24. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., et al. (2018). Smartcheck: Static analysis of ethereum smart contracts. In International Conference on Software Engineering, ICSE 2018. Proceedings: the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. Gothenburg, Sweden, (pp. 9–16).

  25. Tsankov, P., Dan, A., Drachsler-Cohen, D. (2018). Securify: Practical security analysis of smart contracts. In 2018 ACM SIGSAC Conference. Proceedings: Computer and Communications Security, (pp. 67–82). Toronto, Canada.

    Google Scholar 

  26. Fu, M. L., Wu, L. F., Hong, Z., & Feng, W. B. (2019). Research on vulnerability mining technique for smart contracts. Journal of Computer Applications, 39(7), 1959–1966.

    Google Scholar 

  27. Li, Z., Zou, D., Xu, S., et al. (2018). Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681

  28. Zhuang, Y., Liu, Z., Qian, P., et al. (2020). Smart Contract Vulnerability Detection using Graph Neural Network. In Twenty-Ninth International Joint Conference on Artificial Intelligence, IJCAI, (pp. 3283–3290).

  29. Liu, Z., Qian, P., Wang, X., et al. (2021). Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Transactions on Knowledge and Data Engineering. https://doi.org/10.1109/TKDE.2021.3095196

    Article  Google Scholar 

  30. Tann, W. J. W., Han, X. J., Gupta, S. S., et al. (2018). Towards safer smart contracts: A sequence learning approach to detecting security threats. arXiv preprint arXiv:1811.06632

  31. He, J., Balunović, M., Ambroladze, N. (2019). Learning to fuzz from symbolic execution with application to smart contracts. In 2019 ACM SIGSAC Conference. Proceedings: Computer and Communications Security, (pp. 531–548). London, United Kingdom.

    Google Scholar 

  32. Hildenbrandt, E., Saxena, M., Rodrigues, N., et al. Kevm: A complete formal semantics of the ethereum virtual machine. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, (204–217).

  33. Huang, H., Wei, Z., & Yao, L. (2019). A Novel Approach to Component Assembly Inspection Based on Mask R-CNN and Support Vector Machines. Information, 10, 282. https://doi.org/10.3390/info10090282

    Article  Google Scholar 

  34. Felzenszwalb, P. F., Girshick, R. B., McAllester, D., & Ramanan, D. (2010). Object Detection with Discriminatively Trained Part-Based Models. IEEE Transactions on Pattern Analysis and Machine Intelligence, 32(9), 1627–1645. https://doi.org/10.1109/TPAMI.2009.167

    Article  Google Scholar 

  35. Girshick, R., Donahue, J., Darrell, T., & Malik, J. (2014). Rich Feature Hierarchies for Accurate Object Detection and Semantic Segmentation. IEEE Conference on Computer Vision and Pattern Recognition, 2014, 580–587. https://doi.org/10.1109/CVPR.2014.81

    Article  Google Scholar 

  36. Tang, Y. (2013). Deep learning using linear support vector machines. arXiv preprint arXiv:1306.0239

  37. Kingma, D. P., & Ba, J. (2014). Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980

  38. Sherstinsky, A. (2020). Fundamentals of recurrent neural network (RNN) and long short-term memory (LSTM) network. Physica D: Nonlinear Phenomena, (vol. 404, pp. 132306). https://doi.org/10.1016/j.physd.2019.132306

  39. Mao, J., Xu, W., Yang, Y., et al. (2015). Deep captioning with multimodal recurrent neural networks (m-rnn). In International Conference on Learning Representations, ICLR 2015.

  40. Dey, R., Salem, F. M. (2017). Gate-variants of gated recurrent unit (GRU) neural networks. Proceedings in 2017 IEEE 60th international midwest symposium on circuits and systems (MWSCAS), (pp. 1597–1600). IEEE.

    Google Scholar 

  41. Fu, R., Zhang, Z., Li, L. (2016). Using LSTM and GRU neural network methods for traffic flow prediction. In 2016 31st Youth Academic Annual Conference on Chinese Association of Automation (YAC), (pp. 324–328).

  42. Li, W., Qi, F., Tang, M., et al. (2020). Bidirectional LSTM with self-attention mechanism and multi-channel features for sentiment classification. Neurocomputing, 387, 63–77. https://doi.org/10.1016/j.neucom.2020.01.006

    Article  Google Scholar 

  43. Cao, P., Chen, Y., Liu, K., et al. (2018). Adversarial transfer learning for Chinese named entity recognition with self-attention mechanism. Proceedings: The Conference on Empirical Methods in Natural Language Processing, pp. 182–192.

    Google Scholar 

  44. Reyna, R. A., Esteve, D., Houzet, D., & Albenge, M. (2000). Implementation of the SVM neural network generalization function for image processing. Proceedings Fifth IEEE International Workshop on Computer Architectures for Machine Perception, (pp. 147–151). https://doi.org/10.1109/CAMP.2000.875972

  45. Otchere, D. A., Ganat, T. O. A., Gholami, R., et al. (2021). Application of supervised machine learning paradigms in the prediction of petroleum reservoir properties: Comparative analysis of ANN and SVM models. Journal of Petroleum Science and Engineering, 200, 108182. https://doi.org/10.1016/j.petrol.2020.108182

  46. Mi, F., Wang, Z., Zhao, C., Guo, J., Ahmed, F., & Khan, L. (2021). VSCL: Automating Vulnerability Detection in Smart Contracts with Deep Learning. IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2021, 1–9. https://doi.org/10.1109/ICBC5106

    Article  Google Scholar 

Download references

Funding

This work is sponsored by the National Natural Science Foundation of China under grant number No. 62172353, U20B2046. And Innovation Fund Program of the Engineering Research Center for Integration and Application of Digital Learning Technology of Ministry of Education under grant number No.1221045. Joint Research Fund of Guangzhou and University under Grant No. 202201020380. And Guangdong Higher Education Innovation Group 2020KCXTD007.

Author information

Authors and Affiliations

  1. Cyberspace Institute Advanced Technology, Guangzhou University, Guangzhou, 510006, China

    Lejun Zhang, Ran Guo, Jing Qiu, Shen Su, Yuan Liu, Guangxia Xu & Zhihong Tian

  2. Engineering Research Center of Integration and Application of Digital Learning Technology, Ministry of Education, Beijing, 100039, China

    Lejun Zhang & Guopeng Wang

  3. College of Information Engineering, Yangzhou University, Yangzhou, 225127, China

    Lejun Zhang & Yuan Li

  4. Quanzhou Normal Univ, Sch Math & Comp Sci, Fujian, 362000, China

    Lejun Zhang

  5. Department of Computer Science and Artificial Intelligence, Wenzhou University, Wenzhou, 325035, China

    Huiling Chen

Authors
  1. Lejun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ran Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guopeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jing Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Shen Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yuan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Guangxia Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Huiling Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Zhihong Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Lejun Zhang, Ran Guo or Guopeng Wang.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, L., Li, Y., Guo, R. et al. A Novel Smart Contract Reentrancy Vulnerability Detection Model based on BiGAS. J Sign Process Syst 96, 215–237 (2024). https://doi.org/10.1007/s11265-023-01859-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11265-023-01859-7

Keywords

Search

Navigation