跳到主要內容

臺灣博碩士論文加值系統

(44.220.181.180) GMT+8:2024/09/18 11:00
Font Size: Enlarge Font   Word-level reduced   Reset  
Back to format1 :::

Browse Content

Author my cdr record
 
twitterline
Author:吳威廷
Author (Eng.):Wu, Wei-Ting
Title:應用自然語言處理技術自動偵測智能合約安全性
Title (Eng.):Detecting Smart Contract Security Vulnerabilities with Natural Language Processing Method
Advisor:魏澤人
advisor (eng):Wei, Tzer-jen
Oral Defense Committee:陳建志蔡炎龍魏澤人
Oral Defense Committee (eng):Chen, Jen-JeeTsai, Yen-LungWei, Tzer-jen
degree:Master
Institution:國立陽明交通大學
Department:智慧與綠能產學研究所
Narrow Field:工程學門
Detailed Field:電資工程學類
Types of papers:Academic thesis/ dissertation
Publication Year:2023
Graduated Academic Year:111
language:English
number of pages:26
keyword (chi):自然語言處理區塊鏈智能合約特徵學習
keyword (eng):Natural language ProcessingSmart ContractBlockchainRepresentation Learning
Ncl record status:
  • Cited Cited :0
  • HitsHits:184
  • ScoreScore:system iconsystem iconsystem iconsystem iconsystem icon
  • DownloadDownload:0
  • gshot_favorites title msgFav:0
區塊鏈技術在供應鏈管理、去中心化金融服務等應用上逐漸扮演重要的角色,在其中
智能合約的安全檢測也是區塊鏈技術發展的重點之一。智能合約可以自動執行程式邏
輯,控制和處理數字資產的流動,從而使上述的應用更加方便和安全。然而,如果智
能合約中含有安全性漏洞,那麼這些漏洞可能會被駭客利用,導致用戶資產的損失。
因此,確保智能合約的安全性對於區塊鏈技術的發展具有很大的重要性。現有的檢測
工具雖然能夠有效的檢測合約漏洞,但規則導向的檢測工具往往需要仰賴專家知識,
隨著智能合約越來越廣泛的應用,所需的檢測成本也會隨之提升。因此本研究實驗應
用自然語言處理技術用來快速檢測智能合約是否存在安全性漏洞,並與先前研究成果
比較,在準確率上獲得有效的提升。
Blockchain technology is increasingly playing a key role in applications such as supply chain and
decentralized finance, where the security of smart contracts is the focus in the development of
blockchain technology. Smart contracts can automatically execute code, control and process the
flow of digital assets, making these applications more efficient and secure. However, if there are
security vulnerabilities in smart contracts, they can be exploited by hackers, potentially leading
to losses of digital assets. Therefore, ensuring the security of smart contracts is important for
the development of blockchain technology. Existing tools for scanning vulnerabilities in smart
contracts are limited by their reliance on hard rules defined by experts. These rules are useful for
detecting basic vulnerabilities, but they become less effective when the complexity of the smart
contract grows. This can result in longer detection times and a higher risk of vulnerabilities going
undetected. We used natural language processing techniques to detect smart contract security
vulnerabilities and obtained better results than previous research in the experiments.
摘要 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
List of Figure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
List of Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.1 Static Analysis Method . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.2 Dynamic Analysis Method . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.3 Deep Learning Method . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Smart Contract Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2.1 Reentrancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.2 Timestamp Dependency . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 Natural Language Processing Method . . . . . . . . . . . . . . . . . . . . . . 6
2.3.1 Doc2vec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3.2 Transformer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3 Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1 Model Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 Data Preprocess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.3 Machine Learning With Doc2vec Embedding Method . . . . . . . . . . . . . . 10
3.3.1 Doc2vec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3.2 Machine Learning Classifiers . . . . . . . . . . . . . . . . . . . . . . . 10
3.4 Improve Classification Using Large Language Model . . . . . . . . . . . . . . 12
iv
3.4.1 Large Language Model . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4 Experiment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1 Experiment Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2 Dataset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.3 Evaluation Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.4 Baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.5 Doc2vec Experiment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.5.1 Training Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.5.2 Different Dimensions Of Doc2vec . . . . . . . . . . . . . . . . . . . . 16
4.5.3 Experiment On Machine Learning Classifiers . . . . . . . . . . . . . . 17
4.5.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.6 Transformer Experiment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.6.1 Training Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.6.2 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5 Conclusion And Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2.1 Explainable Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2.2 Multimodal Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
[1] Zibin Zheng et al. “Blockchain challenges and opportunities: A survey”. In: International
journal of web and grid services 14.4 (2018), pp. 352–375.
[2] Sam M Werner et al. “Sok: Decentralized finance (defi)”. In: arXiv preprint arXiv:2101.08778
(2021).
[3] Sara Saberi et al. “Blockchain technology and its relationships to sustainable supply chain
management”. In: International Journal of Production Research 57.7 (2019), pp. 2117–
2135.
[4] Vitalik Buterin et al. “A next-generation smart contract and decentralized application platform”. In: white paper 3.37 (2014), pp. 2–1.
[5] Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. “A survey of attacks on ethereum
smart contracts (sok)”. In: International conference on principles of security and trust.
Springer. 2017, pp. 164–186.
[6] Hack track: Analysis of C.R.E.A.M. finance hack. https://blog.merklescience.
com/hacktrack/hack- track- analysis- of- cream- finance- hack. Accessed:
2022-12-15.
[7] Peng Qian et al. “Smart Contract Vulnerability Detection Technique: A Survey”. In: arXiv
preprint arXiv:2209.05872 (2022).
[8] Loi Luu et al. “Making smart contracts smarter”. In: Proceedings of the 2016 ACM SIGSAC
conference on computer and communications security. 2016, pp. 254–269.
[9] Bernhard Mueller. Introducing Mythril: A framework for bug hunting on the Ethereum
blockchain. https://medium.com/hackernoon/introducing-mythril-a-frameworkfor-bug-hunting-on-the-ethereum-blockchain-9dc5588f82f6. 2017.
[10] Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. “A semantic framework for
the security analysis of ethereum smart contracts”. In: International Conference on Principles of Security and Trust. Springer. 2018, pp. 243–269.
24
[11] Sukrit Kalra et al. “Zeus: analyzing safety of smart contracts.” In: Ndss. 2018, pp. 1–12.
[12] Josselin Feist, Gustavo Grieco, and Alex Groce. “Slither: a static analysis framework for
smart contracts”. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends
in Software Engineering for Blockchain (WETSEB). IEEE. 2019, pp. 8–15.
[13] Bo Jiang, Ye Liu, and Wing Kwong Chan. “Contractfuzzer: Fuzzing smart contracts for
vulnerability detection”. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE. 2018, pp. 259–269.
[14] Yuan Zhuang et al. “Smart Contract Vulnerability Detection using Graph Neural Network.” In: IJCAI. 2020, pp. 3283–3290.
[15] Thomas N Kipf and Max Welling. “Semi-supervised classification with graph convolutional networks”. In: arXiv preprint arXiv:1609.02907 (2016).
[16] Lejun Zhang et al. “CBGRU: A Detection Method of Smart Contract Vulnerability Based
on a Hybrid Model”. In: Sensors 22.9 (2022), p. 3577.
[17] Peng Qian et al. “Towards automated reentrancy detection for smart contracts based on
sequential models”. In: IEEE Access 8 (2020), pp. 19685–19695.
[18] Quoc Le and Tomas Mikolov. “Distributed representations of sentences and documents”.
In: International conference on machine learning. PMLR. 2014, pp. 1188–1196.
[19] Tomas Mikolov et al. “Efficient estimation of word representations in vector space”. In:
arXiv preprint arXiv:1301.3781 (2013).
[20] Ashish Vaswani et al. “Attention is all you need”. In: Advances in neural information
processing systems 30 (2017).
[21] Jacob Devlin et al. “Bert: Pre-training of deep bidirectional transformers for language
understanding”. In: arXiv preprint arXiv:1810.04805 (2018).
[22] Sepp Hochreiter and Jürgen Schmidhuber. “Long short-term memory”. In: Neural computation 9.8 (1997), pp. 1735–1780.
[23] Alec Radford et al. “Improving language understanding by generative pre-training”. In:
(2018).
[24] Tom Brown et al. “Language models are few-shot learners”. In: Advances in neural information processing systems 33 (2020), pp. 1877–1901.
25
[25] Piotr Bojanowski et al. “Enriching word vectors with subword information”. In: Transactions of the association for computational linguistics 5 (2017), pp. 135–146.
[26] Yinhan Liu et al. “Roberta: A robustly optimized bert pretraining approach”. In: arXiv
preprint arXiv:1907.11692 (2019).
[27] Zhangyin Feng et al. “Codebert: A pre-trained model for programming and natural languages”. In: arXiv preprint arXiv:2002.08155 (2020).
[28] Xiaoaochen. Xiaoaochen/CBGRU: ”CBGRU: A detection method of smart contract vulnerability based on hybrid model”. URL: https://github.com/xiaoaochen/CBGRU.
[29] Jason Wei et al. “Chain of thought prompting elicits reasoning in large language models”.
In: arXiv preprint arXiv:2201.11903 (2022).
[30] Alec Radford et al. “Learning transferable visual models from natural language supervision”. In: International Conference on Machine Learning. PMLR. 2021, pp. 8748–8763.
Link to school's url:Link url
Link record message
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
First Page Prev Page Next Page Last Page top
None related journal articles
 
system icon system icon