基于漏洞子树的链码漏洞检测方法
Chaincode vulnerability detection method based on pre-training model
针对联盟链超级账本(Hyperledger Fabric)中链码的安全漏洞问题,提出了一种基于漏洞子树和预训练模型的深度学习漏洞检测网络。 检测方法包括 2 个关键阶段:首先,通过自动化工具提取链码为抽象语法树,并设计了漏洞子树结构 VB-tree,确保模型专注于关键漏洞特征,在此基础上根据程序语句之间的数据和控制依赖关系转化为数据流图;其次,利用预训练模型对提取的特征进行处理,准确识别潜在漏洞。 最后,从 Github 收集了 6935 个不同领域开源项目的链码构建可用于评估方法有效性的数据集。 实验结果表明,在检测链码中的 21 种漏洞时,模型的平均 F1 分数为 93.68%,优于现有的方法。
Aiming at the problem of security vulnerabilities in chaincodes in the consortium chain Hyperledger Fabric, a deep learning vulnerability detection network based on vulnerability subtrees and pre-trained models is proposed. The detection method includes two key stages: first, the chaincode is extracted into an abstract syntax tree through an automated tool, and a vulnerability subtree structure VB-tree is designed to ensure that the model focuses on key vulnerability features. On this basis, it is converted into a data flow graph based on the data and control dependencies between program statements; second, the extracted features are processed using a pre-trained model to accurately identify potential vulnerabilities. Finally, chaincodes of 6935 open source projects in different fields are collected from Github to construct a dataset that can be used to evaluate the effectiveness of the method. Experimental results show that when detecting 21 types of vulnerabilities in chaincodes, the average F1 score of the model is 93.68%, which is better than existing methods.
| [1] |
|
| [2] |
|
| [3] |
|
| [4] |
|
| [5] |
|
| [6] |
|
| [7] |
|
| [8] |
|
| [9] |
|
| [10] |
|
| [11] |
|
| [12] |
|
| [13] |
|
| [14] |
|
| [15] |
|
| [16] |
|
| [17] |
|
| [18] |
|
| [19] |
|
| [20] |
|
| [21] |
|
| [22] |
|
| [23] |
|
| [24] |
ANDROULAKI E, BARGER A, BORTNIKOV V, |
| [25] |
|
| [26] |
|
| [27] |
|
| [28] |
|
| [29] |
|
| [30] |
|
| [31] |
|
/
| 〈 |
|
〉 |