DESIGNING AND EVALUATING DL-MODEL FOR VULNERABILITY DETECTION IN SMART CONTRACTS
Article Sidebar
Main Article Content
Abstract
Task features. Smart-contracts are programs that are stored in a distributed registry and execute code written in them in response to transactions addressed to them. Such smart- contracts are written in the Solidity programming language, which has a specific structure and syntax. The language was developed for the Ethereum platform. Having a specific structure, such languages are prone to certain vulnerabilities, the use of which can lead to large financial losses. Task statement. In this paper, a Deep Learning (DL) model is used to detect the vulnerabilities. Using the chosen approach and a properly specified input data structure, it is possible to detect complex dependencies between various program variables that contain vulnerabilities and bugs. Research results. Using well-defined experiments, this approach was investigated to better understand the model and improve its performance. The developed model classified vulnerabilities at the string level, using the Solidity corpus of smart-contracts as input data. The application of the DL model allows vulnerabilities of varying complexity to be identified in smart-contracts. Conclusions. Thus, the pipeline developed by us can capture more internal code information than other models. Information from software tokens, although semantically incapable of capturing vulnerabilities, increases the accuracy of models. The interpretability of the model has been added through the use of the attention mechanism. Operator accounting has shown significant performance improvements.
Article Details
References
(2020), “Vulnerabilities and Exploits”, European Union Agency for Cybersecurity, available at:
https://www.enisa.europa.eu/topics/incident-response/glossary/vulnerabilities-and-exploits
Luu, L., Chu, D.-H., Olickel, H., Saxena, P. and Hobor A. (2016), “Making smart contracts smarter”, Proc. of the 2016 ACM SIGSAC Conf. on Computer and Comm. Security, ACM, pp. 254–269, doi: https://doi.org/10.1145/2976749.2978309
Mozhaev, O., Kuchuk, H., Kuchuk, N., Mykhailo, M. and Lohvynenko, M. (2017), “Multiservice network security metric”, 2nd International Conference on Advanced Information and Communication Technologies, AICT 2017 – Proceedings, pp. 133–136, doi: https://doi.org/10.1109/AIACT.2017.8020083
(2017), “Mythril”, ConsenSys, 2 available at: https://github.com/ConsenSys/mythril
Kalra, S., Goel, S., Dhawan, M. and Sharma, S. (2018), “Zeus: Analyzing safety of smart contracts”, Network and Distributed System Security Symposium, doi: https://doi.org/10.14722/ndss.2018.23092
Raskin, L., Sukhomlyn, L., Sokolov, D. and Vlasenko, V. (2023), “Evaluation of system controlled parameters informational importance, taking into account the source data inaccuracy”, Advanced Information Systems, Vol. 7, no. 1, pp. 29–35, doi: https://doi.org/10.20998/2522-9052.2023.1.05
Mackey, T.K., Kuo, T.T., Gummadi, B., Clauson, K.A., Church, G., Grishin, D., Obbad, K., Barkovich, R. and Palombini, M. (2019), “‘Fit-for-purpose?’—Challenges and opportunities for applications of blockchain technology in the future of healthcare”, BMC Med., 17, Article number 68, doi: https://doi.org/10.1186/s12916-019-1296-7
Dun, B., Zakovorotnyi, O. and Kuchuk, N. (2023), “Generating currency exchange rate data based on Quant-Gan model”, Advanced Information Systems, Vol. 7, no. 2, pp. 68–74, doi: https://doi.org/10.20998/2522-9052.2023.2.10
(2018), “Manticore”, Trailofbits, available at: https://github.com/trailofbits/manticore
Adomavicius, G. and Tuzhilin A. (2005), “Toward the Next Generation of Recommender Systems: A Survey of the State-of-the-Art and Possible Extensions”, IEEE Transactions on Knowledge and Data Engineering, Vol. 17, No. 6, pp. 734–749, doi: https://doi.org/10.1109/TKDE.2005.99
Hlavcheva, D., Yaloveha, V., Podorozhniak, A. and Kuchuk, H. (2021), “Comparison of CNNs for Lung Biopsy Images Classification”, 2021 IEEE 3rd Ukraine Conference on Electrical and Computer Engineering, UKRCON 2021 – Proceedings, pp. 1–5, doi: https://doi.org/10.1109/UKRCON53503.2021.9575305
Burke, R. (2002), “Hybrid Recommender Systems: Survey and Experiments”, User Modeling and User-Adapted Interaction, Vol. 12, 4 (2002), pp. 331–370, doi: https://doi.org/10.1023/A:1021240730564
Kovalenko, A., Kuchuk, H., Kuchuk, N. and Kostolny, J. (2021), “Horizontal scaling method for a hyperconverged network”, 2021 International Conference on Information and Digital Technologies (IDT), Zilina, Slovakia, doi: https://doi.org/10.1109/IDT52577.2021.9497534
Amatriain, X., Pujol, J.M., Tintarev, N. and Oliver, N. (2009), “Rate it again: Increasing recommendation accuracy by user re-rating”, Proc. of the 3rd Conf. on Recom. Syst., ACM Press, NY, pp. 173–180, doi: https://doi.org/10.1145/1639714.1639744
Basilico, J. and Hofmann, T. (2004), “Unifying collaborative and content-based filtering”, Proceedings of the 21st International Conference on Machine Learning (ICML’04). ACM Press, New York, NY, 9, doi: https://doi.org/10.1145/1015330.1015394
Kuchuk, N., Mozhaiev, O., Mozhaiev, M. and Kuchuk, H. (2017), “Method for calculating of R-learning traffic peakedness”, 2017 4th International Scientific-Practical Conference Problems of Infocommunications Science and Technology, PIC S and T 2017 – Proceedings, pp. 359–362, doi: https://doi.org/10.1109/INFOCOMMST.2017.8246416
Bostandjiev, S., O’Donovan, J. and Hollerer, T. (2012), “TasteWeights: A Visual Interactive Hybrid Recommender System”, Proc. of the 6th ACM Conference on Recommender Systems (RecSys). 35–42, doi: https://doi.org/10.1145/2365952.2365964
Lin, W., Li, Y., Feng, S. and Wang, Y. (2014), “The optimization of weights in weighted hybrid recommendation algorithm”, Proc. of the 2014 IEEE/ACIS 13th Int. Conf. on Comp. and Inf. Sc. (ICIS) pp 415-18, doi: https://doi.org/10.1109/ICIS.2014.6912169
Sarwar, B., Karypis, J., Konstan, J., and Riedl, R. (2001), “Item-based Collaborative Filtering Recommendation Algorithms”, Proc. of the 10th International Conference on World Wide Web, pp. 285-95, doi: https://doi.org/10.1145/371920.372071
Wu, H.T. and Tsai, C.W. (2018), “Toward blockchains for health-care systems: Applying the bilinear pairing technology to ensure privacy protection and accuracy in DS”, IEEE Consum. Electron. Mag. 7, 65–71, doi: https://doi.org/10.1109/MCE.2018.2816306
Khezr, S., Moniruzzaman, M., Yassine, A. and Benlamri, R. (2019), “Blockchain technology in healthcare: A comprehensive review and directions for future research”, Appl. Sci. 2019, 9, 1736, doi: https://doi.org/10.3390/app9091736
Zakharchenko, A. and Stepanets, O. (2023), “Digital twin value in intelligent building development”, Advanced Information Systems, Vol. 7, no. 2, pp. 75–86, doi: https://doi.org/10.20998/2522-9052.2023.2.11
Vora, J., Nayyar, A., Tanwar, S., Tyagi, S., Kumar, N., Obaidat, M.S. and Rodrigues, J.J. (2018), “BHEEM: A Blockchain-Based Framework for Securing Electronic Health Records”, Proceedings of the 2018 IEEE Globecom Workshops (GC Wkshps), Abu Dhabi, UAE, 9–13 December 2018, doi: https://doi.org/10.1109/GLOCOMW.2018.8644088
Datsenko, S. and Kuchuk, H. (2023), “Biometric authentication utilizing convolutional neural networks”, Advanced Information Systems, Vol. 7, no. 2, pp. 87–91, doi: https://doi.org/10.20998/2522-9052.2023.2.12
Zhang, P., Schmidt, D.C., White, J. and Lenz, G. (2018), “Blockchain Technology Use Cases in Healthcare”, Advances in Computers, Elsevier: Amsterdam, Netherlands, Vol. 111, pp. 1–41, doi: https://doi.org/10.1016/bs.adcom.2018.03.006
Kovalenko, A. and Kuchuk, H. (2022), “Methods to Manage Data in Self-healing Systems”, Studies in Systems, Decision and Control, Vol. 425, pp. 113–171, doi: https://doi.org/10.1007/978-3-030-96546-4_3
Kumar, T., Ramani, V., Ahmad, I., Braeken, A., Harjula, E. and Ylianttila, M. (2018), “Blockchain Utilization in Healthcare: Key Requirements and Challenges”, Proceedings of the 2018 IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom), Ostrava, Czech Republic, https://doi.org/10.1109/HealthCom.2018.8531136
Salnikov, D., Karaman, D. and Krylova, V. (2023), “Highly reconfigurable soft-cpu based peripheral modules design”, Advanced Information Systems, Vol. 7, no. 2, pp. 92–97, doi: https://doi.org/10.20998/2522-9052.2023.2.13
Luu, L., Chu, D.-H., Olickel, H., Saxena, P. and Hobor, A. (2016), “Making smart contracts smarter”, Proc. of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269, doi: https://doi.org/10.1145/2976749.2978309