首页|期刊导航|信息安全研究|基于多模态特征融合的智能合约漏洞检测方法研究

基于多模态特征融合的智能合约漏洞检测方法研究OA

Research on Smart Contract Vulnerability Detection Method Based on Multi-modal Feature Fusion

中文摘要英文摘要

针对智能合约漏洞检测方法中大多依赖单一模态进行特征提取时存在的关键特征提取不充分导致检测准确率较低的问题,提出了一种基于多模态特征融合的智能合约漏洞检测方法.首先,通过源代码层裁剪的抽象语法树(abstract syntax tree,AST)和操作码层依据的数据流关系分别构建控制流图(control flow graph,CFG),将其导入图注意力网络(graph attention network,GAT)提取2类静态特征.其次,利用动态检测工具Echidna生成的模糊测试报告提取路径覆盖率、状态变化等信息构建图模型,通过图神经网络(graph neural network,GNN)提取动态特征.最后,对提取的静态和动态特征进行融合并输入CNN-BiLSTM-ATT模型进行漏洞检测,并在47 398个智能合约上进行相关实验.实验结果表明,相较于 SmartCheck,Mythril,Oyente,Bi-GGNN,ASTNN,DR-GCN,SVCB,CBGRU这8种主流检测方法,该方法对重入漏洞、时间戳漏洞、整数溢出漏洞、Tx.origin漏洞的准确率、召回率、F1值提升了 50.26%,59.54%,58.40%.

Most of the smart contract vulnerability detection methods rely on single mode feature extraction,which leads to the problem of low detection accuracy due to insufficient key feature extraction.This paper proposes a smart contract vulnerability detection method based on multimodal feature fusion.Firstly,the construction of the control flow graph(CFG)is constructed by leveraging the abstract syntax tree(AST)trimmed at the source code layer and the data flow relationship based on the opcode layer,which is imported into the graph attention network(GAT)to extract two types of static features.Secondly,the fuzzing test report generated by echidna,a dynamic detection tool,is used to extract path coverage,state changes and other information to build a graph model,and the dynamic features are extracted by graph neural network(GNN).Finally,the extracted static and dynamic features are fused and input into CNN bilstm att model for vulnerability detection,and relevant experiments are carried out on 47 398 smart contracts.Experimental results show that compared with eight mainstream detection methods,such as SmartCheck,Mythril,Oyente,Bi-GGNN,ASTNN,DR-GCN,SVCB and CBGRU,the accuracy,recall and F1 value of this method in re-entry vulnerability,timestamp vulnerability,integer overflow vulnerability and Tx.origin vulnerability are increased by 50.26%,59.54%and 58.40%.

陈虹;芦奇;金海波;武聪;王明君

辽宁工程技术大学软件学院 辽宁葫芦岛 125105辽宁工程技术大学软件学院 辽宁葫芦岛 125105辽宁工程技术大学软件学院 辽宁葫芦岛 125105辽宁工程技术大学创新实践学院 辽宁阜新 123000辽宁工程技术大学软件学院 辽宁葫芦岛 125105

信息技术与安全科学

智能合约特征融合漏洞检测图神经网络图注意力网络

smart contractfeature fusionvulnerability detectiongraph neural networkgraph attention network

《信息安全研究》 2026 (6)

503-509,7

国家自然科学基金项目(62173171)辽宁省教育厅科研项目(LJKFZ20220198)

10.12379/j.issn.2096-1057.2026.06.02

评论