Skip to main content
SpringerLink
Log in

An Efficient Vulnerability Detection Model for Ethereum Smart Contracts

  • Conference paper
  • First Online:
Network and System Security (NSS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11928))

Included in the following conference series:

Abstract

Smart contracts are decentralized applications running on the blockchain to meet various practical scenario demands. The increasing number of security events regarding smart contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on the blockchain. Faced with the increasing quantity of contracts, it is an emerging issue to effectively and efficiently detect vulnerabilities in smart contracts. Existing methods of detecting vulnerabilities in smart contracts like Oyente mainly employ symbolic execution. This method is very time-consuming, as the symbolic execution requires the exploration of all executable paths in a contract. In this work, we propose an efficient model for the detection of vulnerabilities in Ethereum smart contracts with machine learning techniques. The model is able to effectively and fast detect vulnerabilities based on the patterns learned from training samples. Our model is evaluated on 49502 real-world smart contracts and the results verify its effectiveness and efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ethereum Official Website. https://etherscan.io. Accessed 14 July 2019

  2. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts. IACR Cryptol. ePrint Arch. 2016, 1007 (2016)

    Google Scholar 

  3. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  4. Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint. arXiv:1809.03981 (2018)

  5. Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Pap. 3, 37 (2014)

    Google Scholar 

  6. Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)

    Article  Google Scholar 

  7. Chen, T., et al.: Towards saving money in using smart contracts. In: 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER), pp. 81–84. IEEE (2018)

    Google Scholar 

  8. Cover, T.M., Hart, P., et al.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21–27 (1967)

    Article  Google Scholar 

  9. Dannen, C.: Introducing Ethereum and Solidity. Springer, Berlin (2017). https://doi.org/10.1007/978-1-4842-2535-6

    Book  Google Scholar 

  10. Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10

    Chapter  Google Scholar 

  11. He, N., Wu, L., Wang, H., Guo, Y., Jiang, X.: Characterizing code clones in the Ethereum smart contract ecosystem. arXiv preprint. arXiv:1905.00272 (2019)

  12. Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217. IEEE (2018)

    Google Scholar 

  13. Jiang, B., Liu, Y., Chan, W.: ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269. ACM (2018)

    Google Scholar 

  14. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS (2018)

    Google Scholar 

  15. Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Future Gener. Comput. Syst. (2017)

    Google Scholar 

  16. Lin, I.C., Liao, T.C.: A survey of blockchain security issues and challenges. IJ Netw. Secur. 19(5), 653–659 (2017)

    Google Scholar 

  17. Liu, X., Liu, J., Zhu, S., Wang, W., Zhang, X.: Privacy risk analysis and mitigation of analytics libraries in the android ecosystem. IEEE Trans. Mobile Comput. (2019)

    Google Scholar 

  18. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)

    Google Scholar 

  19. Nakamoto, S., et al.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  20. Praitheeshan, P., Pan, L., Yu, J., Liu, J., Doss, R.: Security analysis methods on Ethereum smart contract vulnerabilities: a survey. arXiv preprint. arXiv:1908.08605 (2019)

  21. Suykens, J.A., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)

    Article  Google Scholar 

  22. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)

    Google Scholar 

  23. Wang, W., Guan, X., Zhang, X.: Processing of massive audit data streams for real-time anomaly intrusion detection. Comput. Commun. 31(1), 58–72 (2008). https://doi.org/10.1016/j.comcom.2007.10.010

    Article  Google Scholar 

  24. Wang, W., Guyet, T., Quiniou, R., Cordier, M., Masseglia, F., Zhang, X.: Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowl.-Based Syst. 70, 103–117 (2014)

    Article  Google Scholar 

  25. Wang, W., Li, Y., Wang, X., Liu, J., Zhang, X.: Detecting android malicious apps and categorizing benign apps with ensemble of classifiers. Future Gener. Comput. Syst. 78, 987–994 (2018)

    Article  Google Scholar 

  26. Wang, W., Shang, Y., He, Y., Li, Y., Liu, J.: BotMark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf. Sci. 511, 284–296 (2020)

    Article  Google Scholar 

  27. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  28. Wang, W., Zhao, M., Wang, J.: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J. Ambient Intell. Humaniz. Comput. 10(8), 3035–3043 (2019)

    Article  Google Scholar 

  29. Wang, X., Wang, W., He, Y., Liu, J., Han, Z., Zhang, X.: Characterizing android apps’ behavior for effective detection of malapps at large scale. Future Gener. Comput. Syst. 75, 30–45 (2017)

    Article  Google Scholar 

Download references

Acknowledgements

The work reported in this paper was supported in part by Natural Science Foundation of China, under Grant U1736114.

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, 3 Shangyuancun, Beijing, 100044, China

    Jingjing Song & Wei Wang

  2. School of Computer and Information Technology, Beijing Jiaotong University, 3 Shangyuancun, Beijing, 100044, China

    Jingjing Song & Wei Wang

  3. Shandong Computer Science Center (National Supercomputer Center in Jinan), Shandong Provincial Key Laboratory of Computer Networks, Qilu University of Technology (Shandong Academy of Sciences), Jinan, China

    Haiwu He

  4. iExec Blockchain Tech, Lyon, France

    Haiwu He

  5. State Grid Henan Electric Power Research Institute, Zhengzhou, 450052, China

    Zhuo Lv

  6. University of Aizu, Aizu-Wakamatsu, Fukushima Prefecture, Japan

    Chunhua Su

  7. Tianjin University, Tianjin, 300350, China

    Guangquan Xu

  8. Division of Computer, Electrical and Mathematical Sciences & Engineering (CEMSE), King Abdullah University of Science and Technology (KAUST), Thuwal, 23955-6900, Saudi Arabia

    Wei Wang

Authors
  1. Jingjing Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haiwu He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhuo Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chunhua Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guangquan Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Haiwu He .

Editor information

Editors and Affiliations

  1. Monash University, Clayton, VIC, Australia

    Joseph K. Liu

  2. Fujian Normal University, Fuzhou, China

    Xinyi Huang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Song, J., He, H., Lv, Z., Su, C., Xu, G., Wang, W. (2019). An Efficient Vulnerability Detection Model for Ethereum Smart Contracts. In: Liu, J., Huang, X. (eds) Network and System Security. NSS 2019. Lecture Notes in Computer Science(), vol 11928. Springer, Cham. https://doi.org/10.1007/978-3-030-36938-5_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36938-5_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36937-8

  • Online ISBN: 978-3-030-36938-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation