Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion

Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

Download Full-text

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

Security and Communication Networks ◽

10.1155/2021/2897565 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Amir Ali ◽

Zain Ul Abideen ◽

Kalim Ullah

Keyword(s):

Static Analysis ◽

Source Code ◽

Analysis Tool ◽

Smart Contracts ◽

Vulnerability Detection ◽

Taint Analysis ◽

Analysis Techniques ◽

Blockchain Technology ◽

Smart Contract ◽

Static Analysis Tool

Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.

Download Full-text

SEMANTIC APPROACH TO SMART CONTRACT VERIFICATION

Facta Universitatis Series Automatic Control and Robotics ◽

10.22190/fuacr2001021p ◽

2020 ◽

Vol 19 (1) ◽

pp. 021

Author(s):

Nenad Petrović ◽

Milorad Tošić

Keyword(s):

Domain Knowledge ◽

Expert Knowledge ◽

Semantic Representation ◽

Formal Semantics ◽

Source Code ◽

Limiting Factors ◽

Smart Contracts ◽

Semantic Approach ◽

Blockchain Technology ◽

Smart Contract

Vulnerabilities of smart contract are certainly one of the limiting factors for wider adoption of blockchain technology. Smart contracts written in Solidity language are considered due to common adoption of the Ethereum blockchain platform. Despite its popularity, the semantics of the language is not completely documented and relies on implicit mechanisms not publicly available and as such vulnerable to possible attacks. In addition, creating formal semantics for the higher-level language provides support to veriﬁcation mechanisms. In this paper, a novel approach to smart contact verification is presented that uses ontologies in order to leverage semantic annotations of the smart contract source code combined with semantic representation of domain-specific aspects. The following aspects of smart contracts, apart from source code are taken into consideration for verification: business logic, domain knowledge, run-time state changes and expert knowledge about vulnerabilities. Main advantages of the proposed verification approach are platform independence and extendability.

Download Full-text

Flying Free: A Research Overview of Deep Learning in Drone Navigation Autonomy

Drones ◽

10.3390/drones5020052 ◽

2021 ◽

Vol 5 (2) ◽

pp. 52

Author(s):

Thomas Lee ◽

Susan Mckeever ◽

Jane Courtney

Keyword(s):

Deep Learning ◽

Research Work ◽

Learning Approaches ◽

Clear Definition ◽

Top Down ◽

Research Activity ◽

Comprehensive Overview ◽

The Past ◽

Computer Vision Applications ◽

Definition Of

With the rise of Deep Learning approaches in computer vision applications, significant strides have been made towards vehicular autonomy. Research activity in autonomous drone navigation has increased rapidly in the past five years, and drones are moving fast towards the ultimate goal of near-complete autonomy. However, while much work in the area focuses on specific tasks in drone navigation, the contribution to the overall goal of autonomy is often not assessed, and a comprehensive overview is needed. In this work, a taxonomy of drone navigation autonomy is established by mapping the definitions of vehicular autonomy levels, as defined by the Society of Automotive Engineers, to specific drone tasks in order to create a clear definition of autonomy when applied to drones. A top–down examination of research work in the area is conducted, focusing on drone navigation tasks, in order to understand the extent of research activity in each area. Autonomy levels are cross-checked against the drone navigation tasks addressed in each work to provide a framework for understanding the trajectory of current research. This work serves as a guide to research in drone autonomy with a particular focus on Deep Learning-based solutions, indicating key works and areas of opportunity for development of this area in the future.

Download Full-text

Secured Insurance Framework Using Blockchain and Smart Contract

Scientific Programming ◽

10.1155/2021/6787406 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Abid Hassan ◽

Md. Iftekhar Ali ◽

Rifat Ahammed ◽

Mohammad Monirujjaman Khan ◽

Nawal Alsufyani ◽

...

Keyword(s):

Data Storage ◽

Consensus Algorithm ◽

Smart Contracts ◽

Insurance Policy ◽

Security Issues ◽

Insurance Contracts ◽

Smart Contract ◽

Transaction Process ◽

Single Person ◽

Contract Implementation

Traditional insurance policy settlement is a manual process that is never hassle-free. There are many issues, such as hidden conditions from the insurer or fraud claims by the insured, making the settlement process rough. This process also consumes a significant amount of time that makes the process very inefficient. This whole scenario can be disrupted by the implementation of blockchain and smart contracts in insurance. Blockchain and innovative contract technology can provide immutable data storage, security, transparency, authenticity, and security while any transaction process is triggered. With the implementation of blockchain, the whole insurance process, from authentication to claim settlement, can be done with more transparency and security. A blockchain is a virtual chain of data blocks that is a decentralized technology. Any transaction or change in the blocks is done after the decentralized validator entity, not a single person. The smart contract is a unique facility stored on the blockchain that gets executed when the predetermined conditions are met. This paper presents a framework where smart contracts are used for insurance contracts and stored on blockchain. In the case of a claim, if all the predetermined conditions are met, the transaction happens; otherwise, it is discarded. The conditions are immutable. That means there is scope for alteration from either side. This blockchain and intelligent contract-based framework are hosted on a private Ethereum network. The Solidity programming language is used to create smart contracts. The framework uses the Proof of Authority (PoA) consensus algorithm to validate the transactions. In the case of any faulty transaction request, the consensus algorithm acts according to and cancels the claim. With blockchain and smart contract implementation, this framework can solve all the trust and security issues that rely on a standard insurance policy.

Download Full-text

Comparative Analysis of Deep Learning Techniques to detect Online Public Shaming

ITM Web of Conferences ◽

10.1051/itmconf/20214003030 ◽

2021 ◽

Vol 40 ◽

pp. 03030

Author(s):

Mehdi Surani ◽

Ramchandra Mangrulkar

Keyword(s):

Social Media ◽

Deep Learning ◽

Freedom Of Speech ◽

Learning Approaches ◽

Learning Models ◽

Media Usage ◽

The Past ◽

Learning Techniques ◽

Social Media Platforms ◽

Machine Learning Models

Over the past years the exponential growth of social media usage has given the power to every individual to share their opinions freely. This has led to numerous threats allowing users to exploit their freedom of speech, thus spreading hateful comments, using abusive language, carrying out personal attacks, and sometimes even to the extent of cyberbullying. However, determining abusive content is not a difficult task and many social media platforms have solutions available already but at the same time, many are searching for more efficient ways and solutions to overcome this issue. Traditional models explore machine learning models to identify negative content posted on social media. Shaming categories are explored, and content is put in place according to the label. Such categorization is easy to detect as the contextual language used is direct. However, the use of irony to mock or convey contempt is also a part of public shaming and must be considered while categorizing the shaming labels. In this research paper, various shaming types, namely toxic, severe toxic, obscene, threat, insult, identity hate, and sarcasm are predicted using deep learning approaches like CNN and LSTM. These models have been studied along with traditional models to determine which model gives the most accurate results.

Download Full-text

Comparative analysis of approaches to source code vulnerability detection based on deep learning methods

Technology audit and production reserves ◽

10.15587/2706-5448.2021.233534 ◽

2021 ◽

Vol 3 (2(59)) ◽

pp. 19-23

Author(s):

Yevhenii Kubiuk ◽

Gennadiy Kyselov

Keyword(s):

Deep Learning ◽

Comparative Analysis ◽

Short Term Memory ◽

Source Code ◽

Vulnerability Detection ◽

Program Dependence Graph ◽

Code Analysis ◽

Advantages And Disadvantages ◽

Analysis Process ◽

Analysis System

The object of research of this work is the methods of deep learning for source code vulnerability detection. One of the most problematic areas is the use of only one approach in the code analysis process: the approach based on the AST (abstract syntax tree) or the approach based on the program dependence graph (PDG). In this paper, a comparative analysis of two approaches for source code vulnerability detection was conducted: approaches based on AST and approaches based on the PDG. In this paper, various topologies of neural networks were analyzed. They are used in approaches based on the AST and PDG. As the result of the comparison, the advantages and disadvantages of each approach were determined, and the results were summarized in the corresponding comparison tables. As a result of the analysis, it was determined that the use of BLSTM (Bidirectional Long Short Term Memory) and BGRU (Bidirectional Gated Linear Unit) gives the best result in terms of problems of source code vulnerability detection. As the analysis showed, the most effective approach for source code vulnerability detection systems is a method that uses an intermediate representation of the code, which allows getting a language-independent tool. Also, in this work, our own algorithm for the source code analysis system is proposed, which is able to perform the following operations: predict the source code vulnerability, classify the source code vulnerability, and generate a corresponding patch for the found vulnerability. A detailed analysis of the proposed system’s unresolved issues is provided, which is planned to investigate in future researches. The proposed system could help speed up the software development process as well as reduce the number of software code vulnerabilities. Software developers, as well as specialists in the field of cybersecurity, can be stakeholders of the proposed system.

Download Full-text

Challenges of Deep Learning-based Text Detection in the Wild

Journal of Computational Vision and Imaging Systems ◽

10.15353/jcvis.v6i1.3543 ◽

2021 ◽

Vol 6 (1) ◽

pp. 1-5

Author(s):

Zobeir Raisi ◽

Mohamed A. Naiel ◽

Paul Fieguth ◽

Steven Wardell ◽

John Zelek

Keyword(s):

Deep Learning ◽

State Of The Art ◽

Text Detection ◽

Detection Methods ◽

Learning Approaches ◽

Plane Rotation ◽

The Past ◽

Perspective Distortion ◽

Benchmark Datasets ◽

In The Wild

The reported accuracy of recent state-of-the-art text detection methods, mostly deep learning approaches, is in the order of 80% to 90% on standard benchmark datasets. These methods have relaxed some of the restrictions of structured text and environment (i.e., "in the wild") which are usually required for classical OCR to properly function. Even with this relaxation, there are still circumstances where these state-of-the-art methods fail. Several remaining challenges in wild images, like in-plane-rotation, illumination reflection, partial occlusion, complex font styles, and perspective distortion, cause exciting methods to perform poorly. In order to evaluate current approaches in a formal way, we standardize the datasets and metrics for comparison which had made comparison between these methods difficult in the past. We use three benchmark datasets for our evaluations: ICDAR13, ICDAR15, and COCO-Text V2.0. The objective of the paper is to quantify the current shortcomings and to identify the challenges for future text detection research.

Download Full-text

Deep-Droid: Deep Learning for Android Malware Detection

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.l7889.1091220 ◽

2020 ◽

Vol 9 (12) ◽

pp. 122-125

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Malware Detection ◽

Learning Approaches ◽

Android Malware ◽

Detection Systems ◽

Learning Framework ◽

The Past ◽

Android Malware Detection ◽

Android Os

Android OS, which is the most prevalent operating system (OS), has enjoyed immense popularity for smart phones over the past few years. Seizing this opportunity, cybercrime will occur in the form of piracy and malware. Traditional detection does not suffice to combat newly created advanced malware. So, there is a need for smart malware detection systems to reduce malicious activities risk. Machine learning approaches have been showing promising results in classifying malware where most of the method are shallow learners like Random Forest (RF) in recent years. In this paper, we propose Deep-Droid as a deep learning framework, for detection Android malware. Hence, our Deep-Droid model is a deep learner that outperforms exiting cutting-edge machine learning approaches. All experiments performed on two datasets (Drebin-215 & Malgenome-215) to assess our Deep-Droid model. The results of experiments show the effectiveness and robustness of Deep-Droid. Our Deep-Droid model achieved accuracy over 98.5%.

Download Full-text

DeeSCVHunter: A Deep Learning-Based Framework for Smart Contract Vulnerability Detection

10.1109/ijcnn52387.2021.9534324 ◽

2021 ◽

Author(s):

Xingxin Yu ◽

Haoyue Zhao ◽

Botao Hou ◽

Zonghao Ying ◽

Bin Wu

Keyword(s):

Deep Learning ◽

Vulnerability Detection ◽

Smart Contract

Download Full-text

An Organized Repository of Ethereum Smart Contracts’ Source Codes and Metrics

Future Internet ◽

10.3390/fi12110197 ◽

2020 ◽

Vol 12 (11) ◽

pp. 197

Author(s):

Giuseppe Antonio Pierro ◽

Roberto Tonelli ◽

Michele Marchesi

Keyword(s):

Software Engineering ◽

Software Metrics ◽

Source Code ◽

Empirical Software Engineering ◽

Specific Information ◽

Smart Contracts ◽

Data Set ◽

Source Codes ◽

Engineering Studies ◽

Smart Contract

Many empirical software engineering studies show that there is a need for repositories where source codes are acquired, filtered and classified. During the last few years, Ethereum block explorer services have emerged as a popular project to explore and search for Ethereum blockchain data such as transactions, addresses, tokens, smart contracts’ source codes, prices and other activities taking place on the Ethereum blockchain. Despite the availability of this kind of service, retrieving specific information useful to empirical software engineering studies, such as the study of smart contracts’ software metrics, might require many subtasks, such as searching for specific transactions in a block, parsing files in HTML format, and filtering the smart contracts to remove duplicated code or unused smart contracts. In this paper, we afford this problem by creating Smart Corpus, a corpus of smart contracts in an organized, reasoned and up-to-date repository where Solidity source code and other metadata about Ethereum smart contracts can easily and systematically be retrieved. We present Smart Corpus’s design and its initial implementation, and we show how the data set of smart contracts’ source codes in a variety of programming languages can be queried and processed to get useful information on smart contracts and their software metrics. Smart Corpus aims to create a smart-contract repository where smart-contract data (source code, application binary interface (ABI) and byte code) are freely and immediately available and are classified based on the main software metrics identified in the scientific literature. Smart contracts’ source codes have been validated by EtherScan, and each contract comes with its own associated software metrics as computed by the freely available software PASO. Moreover, Smart Corpus can be easily extended as the number of new smart contracts increases day by day.

Download Full-text