Vulnerability Analysis of Smart Contract for Blockchain-Based IoT Applications: A Machine Learning Approach

• Published in: IEEE internet of things journal Vol. 9; no. 24; pp. 24695 - 24707
• Main Authors: Zhou, Qihao, Zheng, Kan, Zhang, Kuan, Hou, Lu, Wang, Xianbin
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 15.12.2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Blockchain; Blockchains; Computational modeling; Contracts; Cryptography; Internet of Things; Internet of Things (IoT); Machine learning; machine learning (ML); Prediction models; Scalability; Security; smart contract; Smart contracts; Taxonomy; Training; vulnerability analysis
• ISSN: 2327-4662; 2327-4662
• DOI: 10.1109/JIOT.2022.3196269

With the emergence of Blockchain-based Internet of Things (BIoT) applications, smart contracts have become one of the most appealing aspects because they reduce the cost and complexity of distributed administration. However, the immaturity of smart contracts may result in significant financial losses or the leakage of sensitive information. This article first investigates the taxonomy of security issues associated with smart contracts considering BIoT scenarios. To address these security concerns and overcome the limitations of existing methods, a tree-based machine learning vulnerability detection (TMLVD) method is proposed to perform the vulnerability analysis of smart contracts. TMLVD feeds the intermediate representations of smart contracts derived from abstract syntax trees (AST) into a tree-based training network for building the prediction model. Multidimensional features are captured by this model to identify smart contracts as vulnerable. The detection phase can be implemented quickly with limited computing resources and the accuracy of the detection results is guaranteed. The experimental evaluation demonstrated the effectiveness and efficiency of TMLVD on a data set comprised of Ethereum smart contracts.