Abstract

Abstract

Blockchain technology is a disruptive technology that revolutionized digital payments and transactions of digital assets. Blockchain transactions operate using smart contracts which are automated software code that facilitates transactions between parties without the need for intermediary systems. Smart contracts have become an increasingly popular means of conducting transactions and executing code in a decentralized manner. As it can be written in various languages which have their flaws in terms of logic and vulnerabilities, also the immutability and autonomy of smart contracts also make them vulnerable to various security threats. Security for smart contracts is essential as exploiting bad logic or vulnerabilities in the code can lead to financial losses of digital assets as well as undermining the integrity of blockchain technology. As such, validating the security posture of smart contracts is now essential. Several static tools which can detect specific attacks on smart contracts exist. However, a comprehensive automated solution is not available. This thesis provides a comprehensive survey of the various attack detection techniques used in smart contracts, including static analysis, dynamic analysis, and hybrid approaches. We also discuss the advantages and limitations of each approach and provide a comparative analysis of the existing tools used for the different types of smart contract analysis techniques. Furthermore, we present a machine learning based approach for the detection of attacks on smart contracts. We developed a tool that collects data from etherscan.io, which was not previously available. After collecting the dataset, static detection tools were used to test the data. The results of these tools were manually multi labeled and then fed into machine learning algorithms. The purpose of this process is to improve the accuracy of the dataset, and reduce the time cost of getting results. Results shown for four ML models, namely Decision Tree, Perceptron, Support Vector Machine (SVM), and Long Short-Term Memory (LSTM) are used for this research based on final datasets and sub dataset and the best accuracy results for full dataset 85.7% using SVM, Reentrancy dataset 97.7% using LSTM, Etherlock dataset 80.9% using LSTM, integer overflow/underflow dataset 100% using SVM, Perceptron, and LSTM, Overall LSTM was the highest algorithm in terms of accuracy but the lowest in terms of Time cost.

Library of Congress Subject Headings

Ethereum (Databases)--Security measures; Smart contracts--Security measures; Blockchains (Databases)--Security measures; Machine learning

Publication Date

5-2023

Document Type

Thesis

Student Type

Graduate

Degree Name

Computing Security (MS)

Advisor

Wesam Almobaideen

Advisor/Committee Member

Huda Saadeh

Advisor/Committee Member

Kevser Akpinar

Campus

RIT Dubai

Plan Codes

COMPSEC-MS

Download

Share

COinS