A Novel Smart Contract Vulnerability Detection Method Based on Information Graph and Ensemble Learning

• Main Authors: Cai, Z. (Author), Chen, H. (Author), Jin, Z. (Author), Wang, J. (Author), Wang, W. (Author), Zhang, L. (Author), Zhao, C. (Author)
• Format: Article
• Language: English
• Published: MDPI 2022
• Subjects: Block-chain; blockchain security; Blockchain security; Data-driven methods; Detection methods; Ensemble learning; Ensemble Learning; Flow graphs; Forecasting; information graph; Information graph; Learning systems; Network security; operation flow; Operation flow; Security and privacy issues; Security issues; smart contract; Smart contract; vulnerability detection; Vulnerability detection
• Online Access: View Fulltext in Publisher

 Blockchain presents a chance to address the security and privacy issues of the Internet of Things; however, blockchain itself has certain security issues. How to accurately identify smart contract vulnerabilities is one of the key issues at hand. Most existing methods require large-scale data support to avoid overfitting; machine learning (ML) models trained on small-scale vulnerability data are often difficult to produce satisfactory results in smart contract vulnerability prediction. However, in the real world, collecting contractual vulnerability data requires huge human and time costs. To alleviate these problems, this paper proposed an ensemble learning (EL)-based contract vulnerability prediction method, which is based on seven different neural networks using contract vulnerability data for contract-level vulnerability detection. Seven neural network (NN) models were first pretrained using an information graph (IG) consisting of source datasets, which then were integrated into an ensemble model called Smart Contract Vulnerability Detection method based on Information Graph and Ensemble Learning (SCVDIE). The effectiveness of the SCVDIE model was verified using a target dataset composed of IG, and then its performances were compared with static tools and seven independent data-driven methods. The verification and comparison results show that the proposed SCVDIE method has higher accuracy and robustness than other data-driven methods in the target task of predicting smart contract vulnerabilities. © 2022 by the authors. Licensee MDPI, Basel, Switzerland.