Anomaly Detection Services for Blockchain Smart Contracts with Unknown Vulnerabilities

Anomaly Detection Services for Blockchain Smart Contracts with Unknown Vulnerabilities

연구 분야: Strategies

학회: ACM Transactions on Software Engineering and Methodology

Security vulnerabilities in smart contracts can have severe economic consequences. Existing smart contract vulnerability detection methods rely primarily on rigid rules defined by experts and have difficulty in detecting unknown vulnerabilities. This paper proposes a new Anomalous Smart Contract Detector, named ASCD, to effectively detect known and unknown vulnerabilities in smart contracts. This is achieved by interpreting unknown vulnerabilities as code anomalies and detecting them with an anomaly detection technique named DeepSVDD. This is also attributed to a new design of feature extraction, in which we compile smart contract source codes into opcodes, extract semantic features from opcode sequences, and control flow features from control flow graphs. By joining LSTM and GIN, the semantic and control flow features are fused to offer a comprehensive representation of smart contracts suitable for anomaly detection. Extensive experiments were conducted to verify the ASCD model, and more than 30,000 smart contracts were tested. The new model offers a significantly better F1-score than existing methods in detecting known vulnerabilities and achieves a high accuracy of 77% in detecting unknown vulnerabilities.