Strengthening the Security of Smart Contracts through the Power of Artificial Intelligence
Abstract
:1. Introduction
- The DAO was a crowdfunding effort on the Ethereum blockchain that raised over $150 million in Ether before it was hacked in 2016. However, in June of 2016, a hacker used a SC flaw to steal more than $50 million worth of Ether. A hard fork in the Ethereum blockchain was necessary to restore the missing money;
- A prominent Ethereum wallet known as Parity was hacked in July of 2017 and more than $30 million’s worth of Ether was stolen. The Parity multi-signature wallets were compromised due to a flaw in an SC library;
- KingDice is an open-source Ethereum-based gambling platform that was compromised in 2017. A hacker stole almost $300,000 worth of Ether in August 2017 by taking advantage of a flaw in the SC of the network;
- Binance Smart Chain Exploits—In 2021, various SC exploits occurred on Binance Smart Chain, a blockchain platform developed by the cryptocurrency exchange Binance, leading to the theft of millions of dollars’ worth of cryptocurrency. Over $200 million’s worth of cryptocurrency was stolen through the hacking of a Venus Protocol SC.
- A description of SCs and any potential security holes;
- A discussion of blockchain’s involvement in SC security;
- An overview of artificial intelligence, covering its various subtypes and applications in cybersecurity;
- An examination of the potential advantages of implementing AI for SC security, including its capacity to identify and stop threats;
- A review of unresolved problems and potential future study areas in this field.
2. Background on Smart Contracts
2.1. Blockchain and Smart Contracts
2.2. Application Domains
- Transparency: Decentralized blockchains are completely transparent. Transactions on the blockchain are transparent and verifiable. Nobody can also update network information. As a result, a user or company owner can create or use an SC without fear of a hacker altering it to steal money or data.
- Efficiency in the Economy: SCs automate numerous agreement-processing commercial activities. SCs do not require the services of attorneys, banks, or brokers. Both provide for significant cost reductions.
- Time-Saving Autonomy: Writing and monitoring a standard contract takes time. SCs are simpler and faster to implement: the programmer writes the contract code once and then utilizes it any time it is required (such as when trying to construct an NFT or for automatically filling out a bill and making trades).
- Building Trust: There are no humans among the SCs. This builds long-term trust amongst counteragents. If something goes wrong, the parties will look into it together.
- Safe Backup: Since businesses and governments risk losing important data, everyone copies it and backs it up. Even the most secure backup mechanisms cannot ensure data preservation. Hackers can either succeed or fail. Blockchain and SCs differ in that data are stored on several devices until the blockchain functions.
- Fraud Prevention: SCs prevent fraudulent access if the blockchain code is correct. Phishing can be prevented with time.
- Safety and Dependability: SCs are well known for their data security and market-leading encryption in IT. Blockchain and SC agreements are the most secure contracts available today.
2.3. Possible Attacks
- Reentrancy attacks: An attacker can use this vulnerability to drain the contract’s cash by repeatedly calling an SC function before the previous call has completed. An attacker can steal money from a contract by making a malicious contract that repeatedly calls the function of the target contract before the target contract has finished processing the previous call.
- Integer overflow and underflow attacks: These exploits make use of flaws in the way SCs handle integer values to subvert the contract’s logic and steal money. By sending a huge negative number to a contract function that expects a positive number, the attacker can trigger an underflow and gain access to a significant amount of tokens.
- Denial-of-Service (DoS) attacks: The goal of these assaults is to prevent an SC from handling valid transactions by overwhelming its resources. This can be achieved by flooding the contract with a large number of little transactions or by sending transactions with input data that are too large and so exceed the contract’s gas limit.
- Malicious input attacks: For these kinds of attacks, the attacker sends malicious data inputs to an SC in order to manipulate its behavior and, in the worst-case scenario, steal money. Input data sent by an attacker, for instance, could trigger a contract to transmit funds to an unauthorized address.
- Front-running attacks: To perform a front-running assault, one must take advantage of the brief window of opportunity between a transaction’s submission and confirmation on the blockchain. An adversary can profit from this vulnerability by watching the blockchain for pending transactions and then submitting their own transaction with a greater gas price.
- Logic bombs: A logic bomb is malicious code that waits in an SC until a certain trigger condition is met, at which point the code is activated. For instance, an adversary can craft a contract that, at first glance, appears to work as intended, but actually contains malicious code that, after a certain date or time is reached, transfers funds to the adversary’s account.
- Cross-chain attacks: These assaults take advantage of flaws in the way several blockchains communicate with one another. By taking advantage of differences in how several networks handle cross-chain transactions, an attacker can take cash from one network and move it to another.
- Time manipulation attacks: Time manipulation attacks take advantage of how SCs process information about the passage of time. An attacker may be able to cause a contract to execute too soon or wait forever if it depends on a timestamp or block number to trigger a certain action.
- Authorization flaws: A breach in authorization occurs when an SC does not adequately verify the identities of those who access the contract. An adversary could potentially use this flaw to conduct fraudulent transactions or gain access to the contract’s cash.
- Gas limit attacks: In order to execute a contract, SCs must perform a certain amount of computational labor, which is measured in gas. An attacker can cause a transaction to fail by setting a low gas limit, resulting in the contract running out of gas before its execution is complete. The attacker may then be able to undo the transaction and steal money from the contract.
3. Background on Artificial Intelligence
3.1. Artificial Intelligence
- Data collection: Collecting and preparing a large dataset that represents the problem domain.
- Data preprocessing: Cleaning and transforming the data to make it usable for ML models.
- Model selection and training: Choosing an appropriate ML model and training it on the dataset.
- Model evaluation: Evaluating the performance of the model on a separate dataset to measure its accuracy and effectiveness.
- Deployment: Implementing the model in a production system and integrating it with other systems as needed.
- Monitoring and maintenance: Continuously monitoring the model’s performance and making updates and improvements as necessary.
3.2. Different Types of AI
- Supervised learning (SL) [42,43]: Supervised learning involves training an algorithm on a labeled dataset in which each input is accompanied by its corresponding label. The goal is to train the algorithm to correctly anticipate an output for inputs it has never seen before. Image categorization, voice recognition, and language translation are all applications of supervised learning.
- Unsupervised learning (USL) [44,45]: Unsupervised learning involves training an algorithm on a dataset without an associated label or output. The purpose of the algorithm is to autonomously identify such links or patterns in the data. Clustering, anomaly detection, and dimensionality reduction are all types of unsupervised learning.
- Semi-supervised learning (SSL) [46,47]: In semi-supervised learning, the algorithm is trained on a dataset with just some of the input data coupled with the right output or label. The goal is to train the algorithm to correctly predict an output for input data that it has never seen before, using both the labeled and unlabeled data to help it.
- Reinforcement learning (RL) [48,49]: In reinforcement learning, the algorithm learns to make decisions through trial and error. The algorithm receives feedback in the form of rewards or punishments for its actions and adjusts its behavior to maximize the reward. Examples of reinforcement learning include game playing, robotics, and autonomous vehicles.
3.3. AI for Cybersecurity in General
4. AI for Smart Contract Security
5. Recommendations for Developers
- Use AI for automated vulnerability detection: AI-based techniques can be used by developers to find flaws in SCs. These programs can examine code and detect potential security flaws. This can assist developers in finding and fixing vulnerabilities faster more effectively than manual testing.
- Use artificial intelligence to discover anomalies: AI may be used to monitor SCs and detect unusual behavior. A smart contract, for example, may suggest a security compromise if it suddenly begins performing a large number of transactions or accessing unexpected data. AI-based anomaly detection can aid in the rapid identification and response to these situations.
- AI may be used for predictive analytics to examine data from SCs and detect future security issues. For example, if a smart contract is utilized in a novel way, AI may analyze the data to predict whether this novel usage pattern is likely to result in security issues.
- AI can be utilized for behavior-based security by monitoring the behavior of SCs and detecting suspicious behavior. For example, if a smart contract begins to behave abnormally, AI can flag it for further examination.
- Efficiency: Since AI-based technologies can analyze code and data far more quickly than humans can, software engineers are able to locate and resolve issues much more quickly.
- Accuracy: AI has the ability to analyze massive amounts of data and recognize patterns that people would miss. This has the potential to result in improved vulnerability identification and more accurate predictive analytics.
- Scalability: AI-based tools can scan vast volumes of SCs at once, enabling developers to detect problems in a large number of contracts quickly. This is made possible through scalability.
- Adaptability: AI-powered technologies may learn from fresh data and adapt to new threats over time, making them more effective.
6. Analysis, Findings, and Open Issues
- Adversarial attacks: SCs are prone to adversarial attacks, in which attackers purposefully introduce malicious code or inputs to exploit contract weaknesses. Adversarial attacks provide a substantial barrier for AI-based SC security detection approaches because attackers can manipulate training data or circumvent detection by providing inputs targeted to elude detection. Future research should concentrate on creating more robust AI models capable of detecting adversarial attacks.
- Data privacy: AI-based SC vulnerability detection technologies necessitate access to massive volumes of data, raising privacy issues among users. SCs frequently contain sensitive information, such as financial transactions or personal data, which may be exposed if data are not anonymized or protected adequately. Future research should concentrate on building privacy-preserving AI algorithms for detecting vulnerabilities in SCs while protecting user privacy.
- Scalability: AI-based SC security detection solutions will require scalability as the number of SCs on blockchain networks continues to expand. Due to the extensive time and computing power needed to train on huge datasets, scalability is a major issue for AI systems. The increasing volume of SC data necessitates the development of more effective and scalable AI solutions in the future.
- Interpretability: It can be difficult for users to comprehend the reasoning behind AI-based SC security detection models due to a lack of interpretability. Trust in the system is vital for the success of AI, and interpretability is the key to assuring the transparency and accountability of AI models. The next step in SC security research should be to create AI models that are easier to interpret for end users.
- Integration challenges: Integrating AI with formal methodologies presents substantial obstacles, but the benefits of doing so for SC security seem promising. Verifying the accuracy of an SC can be accomplished using either formal approaches, which use mathematical proofs and logical reasoning, or artificial intelligence (AI) methods, which utilize statistical models and AI algorithms to spot trends and outliers in the data. Developing formal models that can handle large-scale data and introducing AI techniques into the formal verification process are only two of the many technical hurdles that must be cleared in order to successfully merge these two approaches. More thorough and powerful SC security analysis tools cannot be created until these integration issues are resolved in future studies.
7. Conclusions and Future Work
Funding
Data Availability Statement
Conflicts of Interest
References
- Zheng, Z.; Xie, S.; Dai, H.N.; Chen, W.; Chen, X.; Weng, J.; Imran, M. An overview on smart contracts: Challenges, advances and platforms. Future Gener. Comput. Syst. 2020, 105, 475–491. [Google Scholar] [CrossRef]
- Derhab, A.; Guerroumi, M.; Belaoued, M.; Cheikhrouhou, O. BMC-SDN: Blockchain-based multicontroller architecture for secure software-defined networks. Wirel. Commun. Mob. Comput. 2021, 2021, 9984666. [Google Scholar] [CrossRef]
- Dannen, C. Introducing Ethereum and Solidity; Springer: Berlin/Heidelberg, Germany, 2017; Volume 1. [Google Scholar]
- Wohrer, M.; Zdun, U. Smart contracts: Security patterns in the ethereum ecosystem and solidity. In Proceedings of the 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Campobasso, Italy, 20 March 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 2–8. [Google Scholar]
- Androulaki, E.; Barger, A.; Bortnikov, V.; Cachin, C.; Christidis, K.; De Caro, A.; Enyeart, D.; Ferris, C.; Laventman, G.; Manevich, Y.; et al. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the Thirteenth EuroSys Conference, Porto, Portugal, 23–26 April 2018; pp. 1–15. [Google Scholar]
- Baliga, A.; Solanki, N.; Verekar, S.; Pednekar, A.; Kamat, P.; Chatterjee, S. Performance characterization of hyperledger fabric. In Proceedings of the 2018 Crypto Valley conference on blockchain technology (CVCBT), Zug, Switzerland, 20–22 June 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 65–74. [Google Scholar]
- Gorenflo, C.; Lee, S.; Golab, L.; Keshav, S. FastFabric: Scaling hyperledger fabric to 20000 transactions per second. Int. J. Netw. Manag. 2020, 30, e2099. [Google Scholar] [CrossRef]
- Mohanty, D.; Mohanty, D. Corda architecture. In R3 Corda for Architects and Developers: With Case Studies in Finance, Insurance, Healthcare, Travel, Telecom, and Agriculture; Apress: New York, NY, USA, 2019; pp. 49–60. [Google Scholar]
- Nadir, R.M. Comparative study of permissioned blockchain solutions for enterprises. In Proceedings of the 2019 International Conference on Innovative Computing (ICIC), Lahore, Pakistan, 1–2 November 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–6. [Google Scholar]
- Rouhani, S.; Deters, R. Security, performance, and applications of smart contracts: A systematic survey. IEEE Access 2019, 7, 50759–50779. [Google Scholar] [CrossRef]
- Tsankov, P.; Dan, A.; Drachsler-Cohen, D.; Gervais, A.; Buenzli, F.; Vechev, M. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 67–82. [Google Scholar]
- Sayeed, S.; Marco-Gisbert, H.; Caira, T. Smart contract: Attacks and protections. IEEE Access 2020, 8, 24416–24427. [Google Scholar] [CrossRef]
- Atzei, N.; Bartoletti, M.; Cimoli, T. A survey of attacks on ethereum smart contracts (sok). In Proceedings of the Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, 22–29 April 2017, Proceedings 6; Springer: Berlin/Heidelberg, Germany, 2017; pp. 164–186. [Google Scholar]
- Krichen, M.; Maâlej, A.J.; Lahami, M. A model-based approach to combine conformance and load tests: An eHealth case study. Int. J. Crit. Comput.-Based Syst. 2018, 8, 282–310. [Google Scholar] [CrossRef]
- Almakhour, M.; Sliman, L.; Samhat, A.E.; Mellouk, A. Verification of smart contracts: A survey. Pervasive Mob. Comput. 2020, 67, 101227. [Google Scholar] [CrossRef]
- Bhargavan, K.; Delignat-Lavaud, A.; Fournet, C.; Gollamudi, A.; Gonthier, G.; Kobeissi, N.; Kulatova, N.; Rastogi, A.; Sibut-Pinote, T.; Swamy, N.; et al. Formal verification of smart contracts: Short paper. In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, Vienna, Austria, 24 October 2016; pp. 91–96. [Google Scholar]
- Krichen, M. Contributions to Model-Based Testing of Dynamic and Distributed Real-Time Systems. Ph.D. Thesis, École Nationale d’Ingénieurs de Sfax (Tunisie), Sfax, Tunisia, 2018. [Google Scholar]
- Krichen, M.; Mihoub, A.; Alzahrani, M.Y.; Adoni, W.Y.H.; Nahhal, T. Are Formal Methods Applicable To Machine Learning And Artificial Intelligence? In Proceedings of the 2022 2nd International Conference of Smart Systems and Emerging Technologies (SMARTTECH), Riyadh, Saudi Arabia, 9–11 May 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 48–53. [Google Scholar]
- Yang, Z.; Lei, H.; Qian, W. A hybrid formal verification system in coq for ensuring the reliability and security of ethereum-based service smart contracts. IEEE Access 2020, 8, 21411–21436. [Google Scholar] [CrossRef]
- Momeni, P.; Wang, Y.; Samavi, R. Machine learning model for smart contracts security analysis. In Proceedings of the 2019 17th International Conference on Privacy, Security and Trust (PST), Fredericton, NB, Canada, 26–28 August 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–6. [Google Scholar]
- Eshghie, M.; Artho, C.; Gurov, D. Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning. In Proceedings of the Evaluation and Assessment in Software Engineering, Trondheim, Norway, 21–23 June 2021; pp. 305–312. [Google Scholar]
- Liao, J.W.; Tsai, T.T.; He, C.K.; Tien, C.W. Soliaudit: Smart contract vulnerability assessment based on machine learning and fuzz testing. In Proceedings of the 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Granada, Spain, 22–25 October 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 458–465. [Google Scholar]
- Xing, C.; Chen, Z.; Chen, L.; Guo, X.; Zheng, Z.; Li, J. A new scheme of vulnerability analysis in smart contract with machine learning. Wirel. Netw. 2020, 1–10. [Google Scholar] [CrossRef]
- Namane, S.; Ahmim, M.; Kondoro, A.; Dhaou, I.B. Blockchain-Based Authentication Scheme for Collaborative Traffic Light Systems Using Fog Computing. Electronics 2023, 12, 431. [Google Scholar] [CrossRef]
- Krichen, M.; Ammi, M.; Mihoub, A.; Almutiq, M. Blockchain for modern applications: A survey. Sensors 2022, 22, 5274. [Google Scholar] [CrossRef] [PubMed]
- Namane, S.; Ben Dhaou, I. Blockchain-Based Access Control Techniques for IoT Applications. Electronics 2022, 11, 2225. [Google Scholar] [CrossRef]
- Abbas, A.; Alroobaea, R.; Krichen, M.; Rubaiee, S.; Vimal, S.; Almansour, F.M. Blockchain-assisted secured data management framework for health information analysis based on Internet of Medical Things. Pers. Ubiquitous Comput. 2021, 1–14. [Google Scholar] [CrossRef]
- Latifi, S.; Zhang, Y.; Cheng, L.C. Blockchain-based real estate market: One method for applying blockchain technology in commercial real estate market. In Proceedings of the 2019 IEEE International Conference on Blockchain (Blockchain), Atlanta, GA, USA, 14–17 July 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 528–535. [Google Scholar]
- Gupta, A.; Rathod, J.; Patel, D.; Bothra, J.; Shanbhag, S.; Bhalerao, T. Tokenization of real estate using blockchain technology. In Proceedings of the Applied Cryptography and Network Security Workshops: ACNS 2020 Satellite Workshops, AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA, Rome, Italy, 19–22 October 2020, Proceedings 18; Springer: Cham, Switzerland, 2020; pp. 77–90. [Google Scholar]
- Agbo, C.C.; Mahmoud, Q.H.; Eklund, J.M. Blockchain technology in healthcare: A systematic review. Healthcare 2019, 7, 56. [Google Scholar] [CrossRef] [PubMed]
- Hölbl, M.; Kompara, M.; Kamišalić, A.; Nemec Zlatolas, L. A systematic review of the use of blockchain in healthcare. Symmetry 2018, 10, 470. [Google Scholar] [CrossRef]
- Dutta, P.; Choi, T.M.; Somani, S.; Butala, R. Blockchain technology in supply chain operations: Applications, challenges and research opportunities. Transp. Res. Part E Logist. Transp. Rev. 2020, 142, 102067. [Google Scholar] [CrossRef]
- Chang, S.E.; Chen, Y. When blockchain meets supply chain: A systematic literature review on current development and potential applications. IEEE Access 2020, 8, 62478–62494. [Google Scholar] [CrossRef]
- Taş, R.; Tanrıöver, Ö.Ö. A systematic review of challenges and opportunities of blockchain for E-voting. Symmetry 2020, 12, 1328. [Google Scholar] [CrossRef]
- Kshetri, N.; Voas, J. Blockchain-enabled e-voting. IEEE Softw. 2018, 35, 95–99. [Google Scholar] [CrossRef]
- Gupta, M.; Kumar, R.; Shekhar, S.; Sharma, B.; Patel, R.B.; Jain, S.; Dhaou, I.B.; Iwendi, C. Game Theory-Based Authentication Framework to Secure Internet of Vehicles with Blockchain. Sensors 2022, 22, 5119. [Google Scholar] [CrossRef]
- Boulila, W.; Driss, M.; Alshanqiti, E.; Al-Sarem, M.; Saeed, F.; Krichen, M. Weight initialization techniques for deep learning algorithms in remote sensing: Recent trends and future perspectives. In Advances on Smart and Soft Computing: Proceedings of ICACIn 2021; Springer: Singapore, 2022; pp. 477–484. [Google Scholar]
- Abdalzaher, M.S.; Salim, M.M.; Elsayed, H.A.; Fouda, M.M. Machine learning benchmarking for secured iot smart systems. In Proceedings of the 2022 IEEE International Conference on Internet of Things and Intelligence Systems (IoTaIS), Bali, Indonesia, 24–26 November 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 50–56. [Google Scholar]
- Zidi, S.; Mihoub, A.; Qaisar, S.M.; Krichen, M.; Al-Haija, Q.A. Theft detection dataset for benchmarking and machine learning based classification in a smart grid environment. J. King Saud Univ.-Comput. Inf. Sci. 2023, 35, 13–25. [Google Scholar] [CrossRef]
- Hamdy, O.; Gaber, H.; Abdalzaher, M.S.; Elhadidy, M. Identifying exposure of urban area to certain seismic hazard using machine learning and GIS: A case study of greater Cairo. Sustainability 2022, 14, 10722. [Google Scholar] [CrossRef]
- Zhang, C.; Lu, Y. Study on artificial intelligence: The state of the art and future prospects. J. Ind. Inf. Integr. 2021, 23, 100224. [Google Scholar] [CrossRef]
- Cunningham, P.; Cord, M.; Delany, S.J. Supervised learning. In Machine Learning Techniques for Multimedia: Case Studies on Organization and Retrieval; Springer: Berlin/Heidelberg, Germany, 2008; pp. 21–49. [Google Scholar]
- Hastie, T.; Tibshirani, R.; Friedman, J.; Hastie, T.; Tibshirani, R.; Friedman, J. Overview of supervised learning. In The Elements of Statistical Learning: Data Mining, Inference, and Prediction; Springer: New York, NY, USA, 2009; pp. 9–41. [Google Scholar]
- Hastie, T.; Tibshirani, R.; Friedman, J.; Hastie, T.; Tibshirani, R.; Friedman, J. Unsupervised learning. In The Elements of Statistical Learning: Data Mining, Inference, and Prediction; Springer: New York, NY, USA, 2009; pp. 485–585. [Google Scholar]
- Ghahramani, Z. Unsupervised learning. In Advanced Lectures on Machine Learning: ML Summer Schools 2003, Canberra, Australia, 2–14 February 2003, Tübingen, Germany, 4–16 August 2003, Revised Lectures; Springer: Berlin/Heidelberg, Germany, 2004; pp. 72–112. [Google Scholar]
- Zhou, Z.H.; Zhou, Z.H. Semi-supervised learning. In Machine Learning; Springer: Singapore, 2021; pp. 315–341. [Google Scholar]
- Van Engelen, J.E.; Hoos, H.H. A survey on semi-supervised learning. Mach. Learn. 2020, 109, 373–440. [Google Scholar] [CrossRef]
- Mazyavkina, N.; Sviridov, S.; Ivanov, S.; Burnaev, E. Reinforcement learning for combinatorial optimization: A survey. Comput. Oper. Res. 2021, 134, 105400. [Google Scholar] [CrossRef]
- Sutton, R.S.; Barto, A.G. Reinforcement Learning: An Introduction; MIT Press: Cambridge, MA, USA, 2018. [Google Scholar]
- Dbouk, T.; Mourad, A.; Otrok, H.; Tout, H.; Talhi, C. A novel ad-hoc mobile edge cloud offering security services through intelligent resource-aware offloading. IEEE Trans. Netw. Serv. Manag. 2019, 16, 1665–1680. [Google Scholar] [CrossRef]
- Sarker, I.H.; Furhad, M.H.; Nowrozy, R. Ai-driven cybersecurity: An overview, security intelligence modeling and research directions. SN Comput. Sci. 2021, 2, 173. [Google Scholar] [CrossRef]
- Dash, B.; Ansari, M.F.; Sharma, P.; Ali, A. Threats and Opportunities with AI-based Cyber Security Intrusion Detection: A Review. Int. J. Softw. Eng. Appl. (IJSEA) 2022, 13. [Google Scholar] [CrossRef]
- Jaber, A.; Fritsch, L. Towards AI-powered Cybersecurity Attack Modeling with Simulation Tools: Review of Attack Simulators. In Proceedings of the Advances on P2P, Parallel, Grid, Cloud and Internet Computing: Proceedings of the 17th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2022); Springer: Cham, Switzerland, 2022; pp. 249–257. [Google Scholar]
- Ansari, M.F.; Dash, B.; Sharma, P.; Yathiraju, N. The Impact and Limitations of Artificial Intelligence in Cybersecurity: A Literature Review. Int. J. Adv. Res. Comput. Commun. Eng. 2022. [Google Scholar] [CrossRef]
- Srinivasan, S.; Ravi, V.; Sowmya, V.; Krichen, M.; Noureddine, D.B.; Anivilla, S.; Soman, K. Deep convolutional neural network based image spam classification. In Proceedings of the 2020 6th Conference on Data Science and Machine Learning Applications (CDMA), Riyadh, Saudi Arabia, 4–5 March 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 112–117. [Google Scholar]
- Demertzis, K.; Iliadis, L.; Tziritas, N.; Kikiras, P. Anomaly detection via blockchained deep learning smart contracts in industry 4.0. Neural Comput. Appl. 2020, 32, 17361–17378. [Google Scholar] [CrossRef]
- Yunis, M.M.; El-Khalil, R.; Ghanem, M. Towards a Conceptual Framework on the Importance of Privacy and Security Concerns in Audit Data Analytics. In Proceedings of the International Conference on Industrial Engineering and Operations Management, Sao Paulo, Brazil, 5–8 April 2021. [Google Scholar]
- Kumar, N.; Singh, A.; Handa, A.; Shukla, S.K. Detecting malicious accounts on the Ethereum blockchain with supervised learning. In Proceedings of the Cyber Security Cryptography and Machine Learning: Fourth International Symposium, CSCML 2020, Be’er Sheva, Israel, 2–3 July 2020, Proceedings 4; Springer: Cham, Switzerland, 2020; pp. 94–109. [Google Scholar]
- Liu, Z.; Qian, P.; Wang, X.; Zhuang, Y.; Qiu, L.; Wang, X. Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Trans. Knowl. Data Eng. 2021. [Google Scholar] [CrossRef]
- Jiang, F.; Cao, Y.; Xiao, J.; Yi, H.; Lei, G.; Liu, M.; Deng, S.; Wang, H. VDDL: A Deep Learning-Based Vulnerability Detection Model for Smart Contracts. In Proceedings of the International Conference on Machine Learning for Cyber Security; Springer: Cham, Switzerland, 2023; pp. 72–86. [Google Scholar]
- Jie, W.; Chen, Q.; Wang, J.; Koe, A.S.V.; Li, J.; Huang, P.; Wu, Y.; Wang, Y. A novel extended multimodal AI framework towards vulnerability detection in smart contracts. Inf. Sci. 2023, 636, 118907. [Google Scholar] [CrossRef]
- Sun, X.; Tu, L.; Zhang, J.; Cai, J.; Li, B.; Wang, Y. ASSBert: Active and semi-supervised bert for smart contract vulnerability detection. J. Inf. Secur. Appl. 2023, 73, 103423. [Google Scholar] [CrossRef]
- Zhang, Z.; Lei, Y.; Yan, M.; Yu, Y.; Chen, J.; Wang, S.; Mao, X. Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase Approach. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, Rochester, MI, USA, 10–14 October 2022; pp. 1–13. [Google Scholar]
- Abdalzaher, M.S.; Soliman, M.S.; El-Hady, S.M.; Benslimane, A.; Elwekeil, M. A deep learning model for earthquake parameters observation in IoT system-based earthquake early warning. IEEE Internet Things J. 2021, 9, 8412–8424. [Google Scholar] [CrossRef]
- Mihoub, A. A deep learning-based framework for human activity recognition in smart homes. Mob. Inf. Syst. 2021, 2021, 6961343. [Google Scholar] [CrossRef]
- Xu, G.; Liu, L.; Zhou, Z. Reentrancy Vulnerability Detection of Smart Contract Based on Bidirectional Sequential Neural Network with Hierarchical Attention Mechanism. In Proceedings of the 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS), Huaihua, China, 15–17 July 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 56–59. [Google Scholar]
- Zheng, Z.; Chen, W.; Zhong, Z.; Chen, Z.; Lu, Y. Securing the Ethereum from Smart Ponzi Schemes: Identification Using Static Features. ACM Trans. Softw. Eng. Methodol. 2022. [Google Scholar] [CrossRef]
- Liu, L.; Tsai, W.T.; Bhuiyan, M.Z.A.; Peng, H.; Liu, M. Blockchain-enabled fraud discovery through abnormal smart contract detection on Ethereum. Future Gener. Comput. Syst. 2022, 128, 158–166. [Google Scholar] [CrossRef]
- Hu, H.; Bai, Q.; Xu, Y. Scsguard: Deep scam detection for ethereum smart contracts. In Proceedings of the IEEE INFOCOM 2022-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Virtual, 2–5 May 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–6. [Google Scholar]
- Hwang, S.J.; Choi, S.H.; Shin, J.; Choi, Y.H. CodeNet: Code-targeted convolutional neural network architecture for smart contract vulnerability detection. IEEE Access 2022, 10, 32595–32607. [Google Scholar] [CrossRef]
- Andrijasa, M.F.; Ismail, S.A.; Ahmad, N. Towards Automatic Exploit Generation for Identifying Re-Entrancy Attacks on Cross-Contract. In Proceedings of the 2022 IEEE Symposium on Future Telecommunication Technologies (SOFTT), Johor Baharu, Malaysia, 14–16 November 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 15–20. [Google Scholar]
- Kang, D. Bridging Fuzz Testing and Metamorphic Testing for Classification of Machine Learning. In Proceedings of the 2022 IEEE International Conference on Consumer Electronics (ICCE), Taipei, Taiwan, 6–8 July 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–2. [Google Scholar]
- Gupta, R.; Patel, M.M.; Shukla, A.; Tanwar, S. Deep learning-based malicious smart contract detection scheme for internet of things environment. Comput. Electr. Eng. 2022, 97, 107583. [Google Scholar] [CrossRef]
- Li, N.; Liu, Y.; Li, L.; Wang, Y. Smart Contract Vulnerability Detection Based on Deep and Cross Network. In Proceedings of the 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications (CVIDL & ICCEA), Changchun, China, 20–22 May 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 533–536. [Google Scholar]
- Shakya, S.; Mukherjee, A.; Halder, R.; Maiti, A.; Chaturvedi, A. SmartMixModel: Machine Learning-based Vulnerability Detection of Solidity Smart Contracts. In Proceedings of the 2022 IEEE International Conference on Blockchain (Blockchain), Espoo, Finland, 22–25 August 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 37–44. [Google Scholar]
- Wang, Z.; Zheng, Q.; Sun, Y. GVD-net: Graph embedding-based Machine Learning Model for Smart Contract Vulnerability Detection. In Proceedings of the 2022 International Conference on Algorithms, Data Mining, and Information Technology (ADMIT), Xi’an, China, 23–25 September 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 99–103. [Google Scholar]
- Ashizawa, N.; Yanai, N.; Cruz, J.P.; Okamura, S. Eth2Vec: Learning contract-wide code representations for vulnerability detection on ethereum smart contracts. In Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure, Virtual Event, Hong Kong, 7 June 2021; pp. 47–59. [Google Scholar]
- Yu, X.; Zhao, H.; Hou, B.; Ying, Z.; Wu, B. Deescvhunter: A deep learning-based framework for smart contract vulnerability detection. In Proceedings of the 2021 International Joint Conference on Neural Networks (IJCNN), Shenzhen, China, 18–22 July 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–8. [Google Scholar]
- Wang, B.; Chu, H.; Zhang, P.; Dong, H. Smart Contract Vulnerability Detection Using Code Representation Fusion. In Proceedings of the 2021 28th Asia-Pacific Software Engineering Conference (APSEC), Taipei, Taiwan, 6–9 December 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 564–565. [Google Scholar]
- Hao, X.; Ren, W.; Zheng, W.; Zhu, T. SCScan: A SVM-Based Scanning System for Vulnerabilities in Blockchain Smart Contracts. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December–1 January 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1598–1605. [Google Scholar]
Attack Type | Description | Example |
---|---|---|
Reentrancy Attacks | Allows an attacker to repeatedly call an SC function before the previous call completes | Drain a contract’s funds by creating a malicious contract that calls the target contract’s function multiple times |
Integer Overflow and Underflow | Exploits vulnerabilities in the way SCs handle integer values | Underflow a contract’s balance by sending a large negative number as input to a function expecting a positive number |
Denial-of-Service (DoS) | Aims to overload an SC’s resources, making it unable to process legitimate transactions | Send a large number of transactions to the contract in a short period of time |
Malicious Input | Involves sending malicious data inputs to an SC, causing it to behave in unintended ways | Transfer funds to an unintended recipient by sending malicious input data to a contract |
Front-Running | Involves exploiting the time delay between a transaction being submitted and confirmed on the blockchain | Profit from a transaction by submitting a higher gas price transaction ahead of the original transaction |
Logic Bombs | A piece of malicious code that lies dormant in an SC until a specific trigger condition is met | Transfer funds to the attacker’s account when a specific date or time is reached |
Cross-Chain Attacks | Exploit vulnerabilities in the interaction between different blockchain networks | Steal funds from one network and transfer them to another by exploiting weaknesses in cross-chain transactions |
Time Manipulation | Exploits the way SCs handle time-based events | Trigger an action prematurely or delay it indefinitely by manipulating the timestamp or block number |
Authorization Flaws | Occurs when an SC fails to properly authenticate and authorize users who interact with it | Gain unauthorized access to a contract’s funds or execute unauthorized transactions |
Gas Limit Attacks | Exploit the way SCs handle gas, the unit of measurement for computational work | Revert a transaction and potentially steal funds by setting a low gas limit on a transaction |
Type of AI | Description | Examples |
---|---|---|
Supervised Learning | Trained on labeled data to predict correct output for new, unseen input data. | Image classification, speech recognition, language translation |
Unsupervised Learning | Trained on unlabeled data to discover patterns or relationships in the data. | Clustering, anomaly detection, dimensionality reduction |
Semi-Supervised Learning | Trained on partially labeled data to predict correct output for new, unseen input data while discovering patterns or relationships in the data. | Object recognition, speech recognition, sentiment analysis |
Reinforcement Learning | Learns to make decisions through trial and error and adjusts behavior to maximize reward. | Game playing, robotics, autonomous vehicles |
Ref. | Adopted Technique | Contribution |
---|---|---|
[59] | GNN, Expert Knowledge, Temporal Message Propagation Network | Proposed a technique for vulnerability detection in SCs using graph neural networks and expert knowledge, and introduced a temporal message propagation network to extract graph features |
[60] | Multi-layer bidirectional Transformer structure, CodeBERT | Introduced VDDL, a vulnerability detection model that used a multi-layer bidirectional Transformer structure and incorporated CodeBERT |
[61] | NLP, Image Processing, Code Analysis Techniques | Used a multi-modal AI framework for vulnerability detection in SCs |
[62] | Active and SSL, BERT | Introduced ASSBert, an SC vulnerability detection framework that combines active SSL and employs BERT |
[63] | DL-based Approach | Proposed ReVulDL, a two-stage SC debugger that uses a DL-based approach to detect and locate re-entry vulnerabilities |
[66] | NN, BiLSTM, Hierarchical Attention Mechanism | Proposed a vulnerability detection tool that utilized neural networks and introduced a hierarchical attention mechanism |
[67] | Multi-view Cascading Ensemble Model (MulCas) | Constructed a larger dataset and extracted numerous independent features from multiple perspectives for identifying Ponzi schemes when SC are created |
[68] | Heterogeneous Graph Transformation Network | Proposed SHGTNs, a heterogeneous graph transformation network for detecting financial frauds on Ethereum platforms |
[69] | ML, Bytecode, GRU Networks, Attention Mechanisms | Developed SCSGuard, a tool that used ML technology for detecting fraudulent behaviors in SCs by leveraging the bytecode of SCs as a novel feature |
[70] | Convolutional Neural Network (CNN) Architecture | Introduced CodeNet, a new CNN architecture for detecting SC vulnerabilities that solved the problem of loss of local information in existing CNN models |
[71] | Deep Reinforcement Learning, Multi-Agent Fuzz Testing | Developed improved techniques for detecting vulnerabilities in SCs using deep reinforcement learning and multi-agent fuzz testing |
[73] | DL Models, LSTM, ANN, GRU | Trained three different DL models, GRU, ANN, LSTM and, and used them for predicting the existence of vulnerabilities in SCs |
[74] | Deep and Cross Networks | Presented Link-DC, a new SC vulnerability detection model that used deep and cross networks for constructing high-order nonlinear features |
[75] | High-level Syntactic Features, Low-level Bytecode Features | Introduced SmartMixModel, a vulnerability detection model that extracts features on two levels: low-level bytecode features and high-level syntactic features |
[76] | AI Model | Proposed GVD-net, an AI model to detect security vulnerabilities in Ethereum SCs |
[77] | AI-based Static Analysis Tool, Eth2Vec | Introduced Eth2Vec, an AI-based static analysis tool that utilized neural networks for automatically learning features of vulnerable contracts and detecting vulnerabilities in SCs |
[79] | DL, Various Code Representations | Utilized DL techniques for detecting vulnerabilities in SCs by combining various code representations |
[78] | DL, Modular and Systematic Vulnerability Detection Framework | Proposed DeeSCVHunter, a modular and systematic vulnerability detection framework based on DL, for reentrancy and time dependence vulnerabilities |
[80] | SVM | Proposed SCscan, a scanning tool based on SVM for identifying potential security risks in SCs |
Classical Techniques | AI-Based Techniques | |
---|---|---|
Vulnerability Detection | Manual code review and testing | Automated code analysis and vulnerability detection |
Anomaly Detection | Manual monitoring and analysis | Automated behavior-based anomaly detection |
Predictive Analytics | Limited predictive capabilities | Advanced predictive analytics using machine learning |
Behavior-based Security | Limited behavior-based monitoring | Advanced behavior-based monitoring using machine learning |
Advantages | Established techniques, but slower and less accurate than AI-based techniques | Faster, more accurate, scalable, adaptable, and able to learn from new data and threats |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Krichen, M. Strengthening the Security of Smart Contracts through the Power of Artificial Intelligence. Computers 2023, 12, 107. https://doi.org/10.3390/computers12050107
Krichen M. Strengthening the Security of Smart Contracts through the Power of Artificial Intelligence. Computers. 2023; 12(5):107. https://doi.org/10.3390/computers12050107
Chicago/Turabian StyleKrichen, Moez. 2023. "Strengthening the Security of Smart Contracts through the Power of Artificial Intelligence" Computers 12, no. 5: 107. https://doi.org/10.3390/computers12050107