基于字节码的以太坊智能合约分类方法

doi:10.11959/j.issn.2096-109x.2022046

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (5): 111-120.doi: 10.11959/j.issn.2096-109x.2022046

基于字节码的以太坊智能合约分类方法

林丹¹, 林凯欣², 吴嘉婧², 郑子彬¹

¹ 中山大学软件工程学院，广东珠海 519082
² 中山大学计算机学院，广东广州 510006

修回日期:2022-09-01 出版日期:2022-10-15 发布日期:2022-10-01
作者简介:林丹（1996- ），女，广东揭阳人，中山大学博士生，主要研究方向为区块链、加密货币、网络科学的理论和应用
林凯欣（2000- ），女，广东广州人，中山大学硕士生，主要研究方向为区块链、智能合约以及加密“货币”
吴嘉婧（1989- ），女，江西吉安人，中山大学副教授，主要研究方向为网络科学、区块链交易网络、网络表示学习
郑子彬（1982- ），男，广东潮州人，中山大学教授，主要研究方向为区块链、大数据、服务计算、机器学习、软件可靠性
基金资助:
国家重点研发计划(2020YFB1006005);国家自然科学基金(61973325);广东省自然科学基金(2021A1515011661);广州市科技计划项目(202102020616)

Bytecode-based approach for Ethereum smart contract classification

Dan LIN¹, Kaixin LIN², Jiajing WU², Zibin ZHENG¹

¹ School of Software Engineering, Sun Yat-sen University, Zhuhai 519082, China
² School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou 510006, China

Revised:2022-09-01 Online:2022-10-15 Published:2022-10-01
Supported by:
The National Key R＆D Program of China(2020YFB1006005);The National Natural Science Foundation of China(61973325);The Natural Science Foundations of Guangdong Province(2021A1515011661);Guangzhou Basic and Applied Basic Research Project(202102020616)

摘要/Abstract

摘要：

近年来，区块链技术已在金融、医疗和政务等领域得到了广泛应用和关注。然而，由于智能合约的不易篡改性和运行环境的特殊性，各类安全问题频繁出现。一方面是合约开发者在编写合约时出现的代码安全问题，另一方面是以太坊出现不少高风险智能合约，普通用户很容易被高风险合约提供的高回报所吸引，但对合约的风险却无从知晓。然而，关于智能合约安全的研究主要集中于代码安全方面，对合约功能识别的研究相对较少。假如能对智能合约功能进行准确分类，将有助于人们更好地理解智能合约的行为，同时保障智能合约生态安全，减少或挽回用户的损失。已有的智能合约分类方法通常依赖于对智能合约开源代码的分析，但以太坊发布的合约仅强制要求部署字节码，且只有极少数合约公布了其开源代码。因此，提出了一种基于字节码的以太坊智能合约分类方法。收集以太坊智能合约字节码和对应类别标签，然后提取操作码频率特征以及控制流图特征；通过实验对特征重要性进行分析，获取适合的图向量维度及最优的分类模型；在交易所、金融、赌博、游戏和高风险5个类别的智能合约多分类任务中进行实验验证，使用XGBoost分类器时的F1值达到0.913 8。实验结果表明所提方法能较好地完成以太坊智能合约的分类任务，并且能够应用于现实中的智能合约类别预测。

关键词: 区块链, 智能合约, 字节码, 分类

Abstract:

In recent years, blockchain technology has been widely used and concerned in many fields, including finance, medical care and government affairs.However, due to the immutability of smart contracts and the particularity of the operating environment, various security issues occur frequently.On the one hand, the code security problems of contract developers when writing contracts, on the other hand, there are many high-risk smart contracts in Ethereum, and ordinary users are easily attracted by the high returns provided by high-risk contracts, but they have no way to know the risks of the contracts.However, the research on smart contract security mainly focuses on code security, and there is relatively little research on the identification of contract functions.If the smart contract function can be accurately classified, it will help people better understand the behavior of smart contracts, while ensuring the ecological security of smart contracts and reducing or recovering user losses.Existing smart contract classification methods often rely on the analysis of the source code of smart contracts, but contracts released on Ethereum only mandate the deployment of bytecode, and only a very small number of contracts publish their source code.Therefore, an Ethereum smart contract classification method based on bytecode was proposed.Collect the Ethereum smart contract bytecode and the corresponding category label, and then extract the opcode frequency characteristics and control flow graph characteristics.The characteristic importance is analyzed experimentally to obtain the appropriate graph vector dimension and optimal classification model, and finally the multi-classification task of smart contract in five categories of exchange, finance, gambling, game and high risk is experimentally verified, and the F1 score of the XGBoost classifier reaches 0.913 8.Experimental results show that the algorithm can better complete the classification task of Ethereum smart contracts, and can be applied to the prediction of smart contract categories in reality.

Key words: blockchain, smart contract, bytecode, classification

中图分类号:

TP393

林丹, 林凯欣, 吴嘉婧, 郑子彬. 基于字节码的以太坊智能合约分类方法[J]. 网络与信息安全学报, 2022, 8(5): 111-120.

Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG. Bytecode-based approach for Ethereum smart contract classification[J]. Chinese Journal of Network and Information Security, 2022, 8(5): 111-120.

图/表 12

图1

表1

表2

表3

表4

表5

表6

表7

图2

图3

表8

表9

参考文献 26

[1]	沈鑫, 裴庆祺, 刘雪峰 . 区块链技术综述[J]. 网络与信息安全学报, 2016,2(11): 11-20.
	SHEN X , PEI Q Q , LIU X F . Survey of block chain[J]. Chinese Journal of Network and Information Security, 2016,2(11): 11-20.
[2]	贺海武, 延安, 陈泽华 . 基于区块链的智能合约技术与应用综述[J]. 计算机研究与发展, 2018,55(11): 2452-2466.
	HE H W , YAN A , CHEN Z H . Survey of smart contract technology and application based on blockchain[J]. Journal of Computer Research and Development, 2018,55(11): 2452-2466.
[3]	付梦琳, 吴礼发, 洪征 ,等. 智能合约安全漏洞挖掘技术研究[J]. 计算机应用, 2019,39(7): 1959-1966.
	FU M L , WU L F , HONG Z ,et al. Research on vulnerability mining technique for smart contracts[J]. Journal of Computer Applications, 2019,39(7): 1959-1966.
[4]	陈伟利, 郑子彬 . 区块链数据分析:现状、趋势与挑战[J]. 计算机研究与发展, 2018,55(9): 1853-1870.
	CHEN W L , ZHENG Z B . Blockchain data analysis:a review of status,trends and challenges[J]. Journal of Computer Research and Development, 2018,55(9): 1853-1870.
[5]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. 2009.
[6]	张亮, 刘百祥, 张如意 ,等. 区块链技术综述[J]. 计算机工程, 2019,45(5): 1-12.
	ZHANG L , LIU B X , ZHANG R Y ,et al. Overview of blockchain technology[J]. Computer Engineering, 2019,45(5): 1-12.
[7]	BUTERIN V . A next-generation smart contract and decentralized blockchain platform[EB].
[8]	WU J J , YUAN Q , LIN D ,et al. Who are the phishers? phishing scam detection on ethereum via network embedding[J]. IEEE Transactions on Systems,Man,and Cybernetics:Systems, 2022,52(2): 1156-1166.
[9]	HUANG T , LIN D , WU J J . Ethereum account classification based on graph convolutional network[J]. IEEE Transactions on Circuits and Systems II:Express Briefs, 2022,69(5): 2528-2532.
[10]	LIN D , WU J J , YUAN Q ,et al. Modeling and understanding ethereum transaction records via a complex network approach[J]. IEEE Transactions on Circuits and Systems II:Express Briefs, 2020,67(11): 2737-2741.
[11]	吴嘉婧, 刘洁利, 林丹 ,等. 区块链交易网络研究综述[J]. 中山大学学报(自然科学版), 2021,60(5): 1-12.
	WU J J , LIU J L , LIN D ,et al. Blockchain transaction networks:a survey[J]. Acta Scientiarum Naturalium Universitatis Sunyatseni, 2021,60(5): 1-12.
[12]	黄步添, 刘琦, 何钦铭 ,等. 基于语义嵌入模型与交易信息的智能合约自动分类系统[J]. 自动化学报, 2017,43(9): 1532-1543.
	HUANG B T , LIU Q , HE Q M ,et al. Towards automatic smart-contract codes classification by means of word embedding model and transaction information[J]. Acta Automatica Sinica, 2017,43(9): 1532-1543.
[13]	SHI C , XIANG Y , DOSS R ,et al. A bytecode-based approach for smart contract classification[J]. arXiv preprint arXiv:2106.15497, 2021.
[14]	CHEN W L , ZHENG Z B , CUI J H ,et al. Detecting ponzi schemes on Ethereum:towards healthier blockchain technology[C]// Proceedings of the 2018 World Wide Web Conference. 2018: 1409-1418.
[15]	HU T , LIU X L , CHEN T ,et al. Transaction-based classification and detection approach for Ethereum smart contract[J]. Information Processing ＆ Management, 2021,58(2): 102462.
[16]	ZHENG P L , ZHENG Z B , WU J J ,et al. XBlock-ETH:extracting and exploring blockchain data from Ethereum[J]. IEEE Open Journal of the Computer Society, 2020,1: 95-106.
[17]	CONTRO F , CROSARA M , CECCATO M ,et al. EtherSolve:computing an accurate control-flow graph from Ethereum bytecode[C]// Proceedings of 2021 IEEE/ACM 29th International Conference on Program Comprehension (ICPC). 2021: 127-137.
[18]	NARAYANAN A , CHANDRAMOHAN M , VENKATESAN R ,et al. Graph2vec:learning distributed representations of graphs[J]. arXiv preprint arXiv:1707.05005, 2017.
[19]	LAU J H , BALDWIN T . An empirical evaluation of doc2vec with practical insights into document embedding generation[J]. arXiv preprint arXiv:1607.05368, 2016.
[20]	SHERVASHIDZE N , SCHWEITZER P , VAN LEEUWEN E J ,et al. Weisfeiler-Lehman graph kernels[J]. Journal of Machine Learning Research, 2011,12(9).
[21]	CHEN T , HE T , BENESTY M ,et al. XGBoost:extreme gradient boosting[J]. R Package Version 0.4-2, 2015,1(4): 1-4.
[22]	SAFAVIAN S R , LANDGREBE D . A survey of decision tree classifier methodology[J]. IEEE Transactions on Systems,Man,and Cybernetics, 1991,21(3): 660-674.
[23]	BELGIU M , DR?GU? L , . Random forest in remote sensing:a review of applications and future directions[J]. ISPRS Journal of Photogrammetry and Remote Sensing, 2016,114: 24-31.
[24]	RISH I , . An empirical study of the naive bayes classifier[C]// IJCAI 2001 Workshop on Empirical Methods in Artificial Intelligence. 2001: 41-46.
[25]	SCHULDT C , LAPTEV I , CAPUTO B . Recognizing human actions:a local SVM approach[C]// Proceedings of the 17th International Conference on Pattern Recognition. 2004: 32-36.
[26]	RAO H D , SHI X Z , RODRIGUE A K ,et al. Feature selection based on artificial bee colony and gradient boosting decision tree[J]. Applied Soft Computing, 2019,74: 634-642.

操作码值	描述	举例
0x00～0x0B	停止和算术操作	STOP,ADD,SUB,DIV
0x10～0x1A	比较和按位逻辑操作	LT,GT,EQ,ISZERO
0x20	加密操作	SHA3
0x30～0x3E	环境信息	ADDRESS,CALLER
0x40～0x45	块信息	BLOCKHASH,COINBASE
0x50～0x5B	堆栈、内存、存储和流操作	POP,JUMP,JUMPI,JUMPDEST
0x60～0x7F	Push 操作	PUSH1～PUSH32
0x80～0x8F	复制操作	DUP1～DUP16
0x90～0x9F	交换操作	SWAP1～SWAP16
0xA0～0xA4	日志操作	LOG0-LOG4
0xF0～0xFF	系统操作	CALL,RETURN

智能合约地址	创建者地址	运行字节码
0xc66ea802717b	0x12bcc9daff	0x606060405236156100c1576
fb9833400264dd	da452b6c4b0	000357c010000000000000000
12c2bceaa34a6d	a1571360925	0000000000000000000000000
	a64fcc79	0000000000000009004806309
		5ea7b3146100c357806318160d
		dd146100f857806323b872dd14
		61011b57806323de6651146101
		595780633018205f1461018357
		80635687f2b8…

类别	合约地址	x_0	x_1	...	MLOAD	SWAP2
金融	0x00000000219ab540356cbb839cbe05303d7705fa	0.44018072	0.53969365	...	158	152
交易所	0x0000000f8ef4be2b7aed6724e893c1b674b9682d	0.19015524	0.37818763	...	206	150
交易所	0x000005edbbc1f258302add96b5e20d3442e5dd89	0.27618885	0.3796904	...	214	157

分类模型	参数
决策树	Criterion = ‘entropy’, max_depth = 10
随机森林	max_depth = 10
朴素贝叶斯	均为sklearn.naive_bayes.GaussianNB的默认值
XGBoost	learning_rate = 0.30, objective = ‘multi:softprob’, tree_method = ‘exact’
SVM	decision_function_shape = ‘ovo’
GBDT	均为 sklearn.ensemble.GradientBoostingClassifier 的默认值

分类模型	精确率	召回率	F1值
朴素贝叶斯（高斯分布）	0.846 0	0.744 4	0.769 2
SVM	0.900 3	0.874 6	0.873 0
决策树	0.879 6	0.876 1	0.877 3
随机森林	0.917 4	0.894 3	0.896 0
GBDT	0.910 5	0.902 7	0.903 8
XGBoost	0.917 6	0.911 1	0.911 1

基于字节码的以太坊智能合约分类方法

Bytecode-based approach for Ethereum smart contract classification

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 26

相关文章 15

Metrics

推荐阅读 0

合约类别	合约数量
交易所	2 493
金融	182
赌博	1 020
游戏	877
高风险	185

维度	精确率	召回率	F1值
16维	0.746 4	0.743 7	0.743 0
32维	0.856 4	0.847 3	0.844 7
64维	0.847 2	0.838 9	0.836 3
128维	0.849 5	0.843 8	0.840 1

采用特征	精确率召回率	F1值
操作码频率特征	0.926 30.920 2	0.921 1
控制流图特征	0.685 90.690 8	0.668 8
操作码频率特征+控制流图特征	0.917 60.911 1	0.911 1

[1]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[2]	王贺立, 闫巧. 基于交易记录特征的自私挖矿检测方案[J]. 网络与信息安全学报, 2023, 9(2): 104-114.
[3]	余北缘, 任珊瑶, 刘建伟. 区块链资产窃取攻击与防御技术综述[J]. 网络与信息安全学报, 2023, 9(1): 1-17.
[4]	代龙, 张静, 樊雪峰, 周晓谊. 基于黑盒水印的NLP神经网络版权保护[J]. 网络与信息安全学报, 2023, 9(1): 140-149.
[5]	唐飞, 甘宁, 阳祥贵, 王金洋. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19.
[6]	陈立全, 李潇, 杨哲懿, 钱思杰. 基于区块链的高透明度PKI认证协议[J]. 网络与信息安全学报, 2022, 8(4): 1-11.
[7]	张文博, 陈思敏, 魏立斐, 宋巍, 黄冬梅. 基于形式化方法的智能合约验证研究综述[J]. 网络与信息安全学报, 2022, 8(4): 12-28.
[8]	刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.
[9]	宋晓玲, 刘勇, 董景楠, 黄勇飞. 元宇宙中区块链的应用与展望[J]. 网络与信息安全学报, 2022, 8(4): 45-65.
[10]	金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76.
[11]	姜鹏坤, 张问银, 王九如, 黄善云, 宋万水. 基于正常交易掩盖下的区块链隐蔽通信方案[J]. 网络与信息安全学报, 2022, 8(4): 77-86.
[12]	翟宝琴, 王健, 韩磊, 刘吉强, 何嘉豪, 刘天皓. 基于信任值的车联网分层共识优化协议[J]. 网络与信息安全学报, 2022, 8(3): 142-153.
[13]	张宇, 李炳龙, 李学娟, 张和禹. 基于DSR和BGRU模型的聊天文本证据分类方法[J]. 网络与信息安全学报, 2022, 8(2): 150-159.
[14]	秦中元, 贺兆祥, 李涛, 陈立全. 基于图像重构的MNIST对抗样本防御算法[J]. 网络与信息安全学报, 2022, 8(1): 86-94.
[15]	余佳仁, 田有亮, 林晖. 基于信誉管理模型的矿工类型鉴别机制设计[J]. 网络与信息安全学报, 2022, 8(1): 128-138.

类别	精确率	召回率	F1值	数据量
交易所	0.994 6	0.954 6	0.974 2	771
金融	0.705 9	0.734 7	0.720 0	49
赌博	0.937 7	0.892 0	0.914 3	287
游戏	0.785 5	0.950 4	0.860 1	262
高风险	0.787 2	0.627 1	0.698 1	59
总计	0.926 3	0.920 2	0.921 1	1 428