Two-Stage Smart Contract Vulnerability Detection Combining Semantic Features and Graph Features

Two-Stage Smart Contract Vulnerability Detection Combining Semantic Features and Graph Features

연구 분야: Strategies

학회: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Smart contract vulnerability detection is an important security practice aimed at identifying and fixing potential vulnerabilities. This detection technique involves using static and dynamic analysis methods to inspect and test contract code, in order to identify code patterns and logical errors that may lead to security vulnerabilities. However, summarizing previous research reveals limitations in terms of scalability and generalizability, which can result in higher rates of false positives and false negatives in detection results. Therefore, we propose a novel smart contract detection framework called TSCSG: Two-Stage Smart Contract Vulnerability Detection Combining Semantic Features and Graph Features. In the graph extraction stage, TSCSG utilizes the data flow graph and control flow graph of smart contracts to extract the required contract graph. After processing the graph data, TSCSG employs our proposed RTMP network to extract smart contract graph features. In the semantic extraction stage of contract vulnerabilities, TSCSG utilizes smart contract data propagation chains to extract semantic features of smart contract vulnerabilities, which are then combined with the graph features to obtain the final detection results. Our large-scale empirical study on the EtherScan dataset demonstrates that TSCSG achieves satisfactory results in detecting reentrancy and timestamp vulnerabilities, outperforming 9 state-of-the-art vulnerability detection methods.