Cross-Modality Mutual Learning for Enhancing Smart Contract Vulnerability Detection on Bytecode

Page view(s)
139
Checked on Dec 25, 2024
Cross-Modality Mutual Learning for Enhancing Smart Contract Vulnerability Detection on Bytecode
Title:
Cross-Modality Mutual Learning for Enhancing Smart Contract Vulnerability Detection on Bytecode
Journal Title:
Proceedings of the ACM Web Conference 2023
Keywords:
Publication Date:
26 April 2023
Citation:
Qian, P., Liu, Z., Yin, Y., & He, Q. (2023). Cross-Modality Mutual Learning for Enhancing Smart Contract Vulnerability Detection on Bytecode. Proceedings of the ACM Web Conference 2023. https://doi.org/10.1145/3543507.3583367
Abstract:
Over the past couple of years, smart contracts have been plagued by multifarious vulnerabilities, which have led to catastrophic financial losses. Their security issues, therefore, have drawn intense attention. As countermeasures, a family of tools has been developed to identify vulnerabilities in smart contracts at the source-code level. Unfortunately, only a small fraction of smart contracts is currently open-sourced. Another spectrum of work is presented to deal with pure bytecode, but most such efforts still suffer from relatively low performance due to the inherent difficulty in restoring abundant semantics in the source code from the bytecode. This paper proposes a novel cross-modality mutual learning framework for enhancing smart contract vulnerability detection on bytecode. Specifically, we engage in two networks, a student network S as the primary network and a teacher network T as the auxiliary network. T takes two modalities, i.e., source code and its corresponding bytecode as inputs, while S is fed with only bytecode. By learning from T, S is trained to infer the missed source code embeddings and combine both modalities to approach precise vulnerability detection. To further facilitate mutual learning between S and T, we present a cross-modality mutual learning loss and two transfer losses. As a side contribution, we construct and release a labeled smart contract dataset that concerns four types of common vulnerabilities. Experimental results show that our method significantly surpasses state-of-the-art approaches.
License type:
Publisher Copyright
Funding Info:
This work was supported by the National Key R&D Program of China under Grant 2021YFB2700500, the Key R&D Program of Zhejiang Province under Grant 2022C01086 and Grant 2023C01217, and by the Scientific Research Fund of Zhejiang Provincial Education Department under Grant Y202250832.
Description:
© Author | ACM 2023. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the ACM Web Conference 2023, http://dx.doi.org/10.1145/3543507.3583367
ISBN:
978-1-4503-9416-1/23/04
Files uploaded:

File Size Format Action
smart-contract-aam.pdf 2.36 MB PDF Open