Contract vulnerability detection method and system based on cross-granularity feature fusion and meta learning
By employing cross-granularity feature fusion and meta-learning methods, the problems of incomplete feature representation and semantic gap in smart contract vulnerability detection are solved, achieving high-precision vulnerability detection and interpretable code localization, and improving detection capabilities in rare vulnerability scenarios.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHENGDU UNIV OF INFORMATION TECH
- Filing Date
- 2026-04-13
- Publication Date
- 2026-07-03
AI Technical Summary
Existing smart contract vulnerability detection methods suffer from problems such as limited feature representation, difficulty in bridging semantic gaps between different modalities, low detection accuracy in rare vulnerability scenarios, and poor generalization ability.
We employ a cross-granularity feature fusion and meta-learning approach. By acquiring source code and bytecode, we extract semantic features, opcode execution features, and graph structure features from the source code. We then perform cross-granularity attention interactions, combine them with a meta-learning strategy to train a classifier, output vulnerability detection results, and use a graph-source code attention weight matrix to locate the vulnerability code.
It achieves deep alignment of source code semantics, underlying opcode execution logic, and program dependency graph structure information, improves generalization ability on long-tailed distributed data, and provides support for interpretable code line location, thereby improving the accuracy and reliability of vulnerability detection.
Smart Images

Figure CN122020676B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of blockchain security technology, and in particular to a contract vulnerability detection method and system based on cross-granularity feature fusion and meta-learning. Background Technology
[0002] Early smart contract vulnerability detection primarily relied on traditional software engineering techniques, including formal verification, symbolic execution, and static analysis. Formal verification attempts to ensure the correctness of contract logic through mathematical proof, but it struggles with large-scale and logically complex modern contracts. Symbolic execution discovers potential errors by traversing program paths, but it is often hampered by path explosion, resulting in low detection efficiency. Static analysis tools, such as Slither and Mythril, are widely used in industry, but these methods heavily depend on manually predefined vulnerability feature rule bases. Because manually defined rules cannot cover the ever-evolving new attack patterns and cannot deeply understand the complex semantics of the code, traditional methods often face extremely high false positive and false negative rates in practical applications, especially when dealing with logical vulnerabilities involving complex state interactions.
[0003] In recent years, breakthroughs in deep learning technology have opened up new avenues for smart contract vulnerability detection. Unlike traditional methods, deep learning models can automatically extract high-dimensional features from massive amounts of source code or bytecode in a data-driven manner, thereby identifying potential vulnerability patterns. Early research was mainly based on sequence modeling ideas from natural language processing, treating smart contract code as a text sequence. Researchers used techniques such as Word2Vec or FastText to map opcodes or source code identifiers into word embedding vectors, and combined them with Long Short-Term Memory (LSTM) networks or Gated Recurrent Units (GRUs) to capture contextual dependencies in the code sequence. To address the problems of gradient vanishing and poor parallel computing capabilities of recurrent neural networks when processing long sequences, subsequent research further introduced Convolutional Neural Networks (CNNs) and Transformer architectures. In particular, methods based on pre-trained language models (such as CodeBERT), through self-supervised learning on large-scale code corpora, can capture rich syntactic and semantic knowledge in the code, significantly improving the accuracy of vulnerability detection.
[0004] However, deep learning methods based solely on sequence models have significant limitations. Smart contracts are not simple linear text; they contain complex control flow transitions and data dependencies. Forcing the code to flatten into a one-dimensional sequence destroys the program's inherent structural information, making it difficult for the model to detect complex vulnerabilities across function calls or dependent on specific execution paths. To overcome this deficiency, graph neural network (GNN)-based methods have emerged. These methods first transform the smart contract into a control flow graph (CFG) or program dependency graph (PDG), explicitly modeling the execution logic and data transfer relationships between code statements. Subsequently, they utilize graph convolutional networks to perform message passing and feature aggregation on the graph structure. Although graph neural networks can effectively capture structural features, they often neglect fine-grained semantic information within nodes and the execution details of underlying opcodes. Furthermore, the construction of high-quality graph structures is highly susceptible to code syntax errors or limitations of parsing tools.
[0005] A more significant challenge lies in the fact that most existing deep learning methods rely on large-scale and evenly distributed labeled datasets. However, in real-world blockchain security scenarios, vulnerability samples exhibit a significant long-tail distribution, meaning that common, simple vulnerability samples are plentiful, while high-risk, complex, and novel "zero-day vulnerability" samples are extremely scarce. Faced with such limited sample scenarios, traditional supervised learning models are highly susceptible to overfitting, resulting in severely insufficient generalization ability. Furthermore, existing multimodal research often employs simple feature concatenation strategies, failing to address the semantic gap between source code semantics, underlying execution logic, and graph structure features, and lacks effective interpretability mechanisms, making the detection results difficult for security auditors to trust. Summary of the Invention
[0006] To address the technical problems in existing technologies, such as single feature representation, difficulty in bridging semantic gaps between different modalities, low detection accuracy and poor generalization ability in rare vulnerability scenarios, this invention provides a contract vulnerability detection method and system based on cross-granularity feature fusion and meta-learning.
[0007] In a first aspect, the present invention provides a contract vulnerability detection method based on cross-granularity feature fusion and meta-learning, comprising:
[0008] Obtain the source code and compiled bytecode of the contract to be tested;
[0009] Extract source code semantic features from source code, extract opcode execution features from bytecode, and extract graph structure features after constructing a program dependency graph from source code;
[0010] Using graph structure features as the query subject, cross-granularity attention interactions are performed with source code semantic features and opcode execution features respectively to generate cross-granularity fusion features;
[0011] The cross-granularity fusion features are modulated with the vulnerability type identifier of the current detection task using type-aware feature modulation, and a meta-learning strategy is used to train a classifier to output the vulnerability detection results.
[0012] In response to the vulnerability detection result indicating the existence of a vulnerability, the location of the vulnerable code is located based on the graph-source code attention weight matrix generated during the cross-granularity attention interaction process.
[0013] Preferably, the source code semantic feature extraction method is as follows: the source code is segmented into words, and the output hidden state is extracted as a semantic feature matrix through a pre-trained code language model, and then mapped to a unified dimension through a fully connected layer.
[0014] Preferably, the opcode execution feature extraction method is as follows:
[0015] Disassembling the bytecode yields the opcode sequence;
[0016] The opcode sequence is transformed into a vector sequence through an embedding layer and then input into a bidirectional long short-term memory network to obtain the context hidden state sequence.
[0017] The contextual hidden state sequence is processed by a convolutional neural network and a max pooling layer to obtain the opcode execution feature matrix.
[0018] Preferably, the graph structure feature extraction step specifically includes:
[0019] A program dependency graph is constructed from the source code. The nodes of the program dependency graph correspond to code statements or basic blocks, and the edges of the program dependency graph correspond to control dependencies or data dependencies. The initial feature vector of the program dependency graph is assigned through the semantic features of the source code.
[0020] The program depends on the graph, which is then fed into the graph neural network. The node features are updated through a message passing mechanism, and the graph structure feature matrix is output.
[0021] Preferably, the steps of cross-granularity attention interaction include:
[0022] Using the graph structure feature matrix as the query, and the source code semantic feature matrix and the opcode execution feature matrix as the key and value respectively, dot product scaling attention is calculated to obtain context features; the context features include graph-source code context features and graph-opcode context features.
[0023] An adaptive gating mechanism is used to calculate the dynamic fusion ratio of graph structure features and context features, respectively, to generate enhanced graph features;
[0024] Global max pooling and global average pooling are performed on the enhanced graph features, and the pooling results are concatenated and projected through a multilayer perceptron to obtain a cross-granularity fused feature vector.
[0025] Preferably, the adaptive gating mechanism determines the gating coefficients using the Sigmoid function and performs a weighted summation of the graph structure features and context features based on the gating coefficients.
[0026] Preferably, type-aware feature modulation includes:
[0027] Vulnerability type identifiers are mapped to type vectors through a learnable embedding layer;
[0028] Channel attention weights are generated using type vectors through nonlinear transformations.
[0029] The cross-granularity fusion features are multiplied element-wise with the channel attention weights to obtain the modulated adaptation features, which are then input into the classifier to obtain the vulnerability prediction probability.
[0030] Preferably, the meta-learning strategy employs model-independent meta-learning, and the training process includes:
[0031] Inner loop: Calculate the loss on the support set of each task, perform gradient descent on the model parameters, and obtain temporary parameters;
[0032] Outer loop: Calculate the loss on the query set of each task and backpropagate to update the global initialization parameters.
[0033] Preferably, locating the vulnerable code includes:
[0034] Obtain the graph-source code attention weight matrix generated during the cross-granularity attention interaction stage. The elements in the graph-source code attention weight matrix represent the degree of attention that graph nodes pay to each token in the source code.
[0035] Obtain the activation intensity of each graph node in the graph structure feature matrix;
[0036] The attention weight matrix is summed column-wise with weights equal to the activation intensity of the corresponding graph node to obtain the risk contribution of each token.
[0037] The risk contribution sequence is mapped back to the source code line number, and key vulnerability paths are filtered out using dynamic thresholds, outputting the location of the vulnerability code.
[0038] In a second aspect, the present invention provides a contract vulnerability detection system based on cross-granularity feature fusion and meta-learning, for performing the method described in the first aspect, including:
[0039] The data acquisition module is used to acquire the source code and compiled bytecode of the contract to be tested.
[0040] The feature extraction module is used to extract semantic features from source code, opcode execution features from bytecode, and graph structure features after constructing a program dependency graph from source code.
[0041] The cross-granularity fusion module is used to take graph structure features as the query subject and perform cross-granularity attention interaction with source code semantic features and opcode execution features respectively to generate cross-granularity fused features;
[0042] The vulnerability type awareness module is used to perform type-aware feature modulation by combining cross-granularity fusion features with the vulnerability type identifier of the current detection task, and to train a classifier using a meta-learning strategy to output vulnerability detection results.
[0043] The vulnerability location module is used to locate the vulnerability code based on the graph-source code attention weight matrix generated during cross-granularity attention interaction.
[0044] The beneficial effects of this invention are as follows:
[0045] 1. This invention achieves deep alignment of source code semantics, underlying opcode execution logic, and program dependency graph structure information by constructing a cross-granularity feature fusion architecture, effectively solving the problems of semantic gap and incomplete feature representation in traditional single-modality or simple splicing multimodal methods;
[0046] 2. This invention introduces a vulnerability type-aware meta-learning mechanism. Compared with traditional supervised learning models that heavily rely on massive balanced data, it can quickly adapt to new or rare vulnerabilities with only a small number of samples, greatly enhancing the model's generalization ability on long-tailed distributed data.
[0047] 3. The hierarchical interpretability framework proposed in this invention directly maps source code lines using internal attention weights, which can provide security auditors with support for locating vulnerable code lines and improve the usability and credibility of the tool in actual engineering. Attached Figure Description
[0048] Figure 1 This is a flowchart of a contract vulnerability detection method based on cross-granularity feature fusion and meta-learning provided in some embodiments of the present invention;
[0049] Figure 2 The diagram shows a specific implementation of the contract vulnerability detection method based on cross-granularity feature fusion and meta-learning provided in some embodiments of the present invention. Detailed Implementation
[0050] The specific embodiments of the present invention are described below to enable those skilled in the art to understand the present invention. However, it should be understood that the present invention is not limited to the scope of the specific embodiments. For those skilled in the art, various changes are obvious as long as they are within the spirit and scope of the present invention as defined and determined by the appended claims. All inventions utilizing the concept of the present invention are protected.
[0051] like Figure 1 and Figure 2 As shown, this embodiment of the invention provides a contract vulnerability detection method based on cross-granularity feature fusion and meta-learning, including:
[0052] Obtain the source code and compiled bytecode of the contract to be tested;
[0053] Extract source code semantic features from source code, extract opcode execution features from bytecode, and extract graph structure features after constructing a program dependency graph from source code;
[0054] Using graph structure features as the query subject, cross-granularity attention interactions are performed with source code semantic features and opcode execution features respectively to generate cross-granularity fusion features;
[0055] The cross-granularity fusion features are modulated with the vulnerability type identifier of the current detection task using type-aware feature modulation, and a meta-learning strategy is used to train a classifier to output the vulnerability detection results.
[0056] In response to the vulnerability detection result indicating the existence of a vulnerability, the location of the vulnerable code is located based on the graph-source code attention weight matrix generated during the cross-granularity attention interaction process.
[0057] The source code and compiled EVM bytecode of the smart contract to be tested are obtained to construct three feature extraction channels to cover the three dimensions of semantics, execution, and structure.
[0058] As one possible implementation, the source code semantic feature extraction method is as follows: the source code is tokenized, the output hidden state is extracted as a semantic feature matrix through a pre-trained code language model, and then mapped to a unified dimension through a fully connected layer.
[0059] Preferably, the pre-trained code language model of the present invention uses CodeBERT, which contains a 12-layer Transformer structure and is capable of capturing the contextual semantics of the code; the last hidden state is extracted as the semantic feature matrix. And mapped to a unified dimension through a fully connected layer. :
[0060]
[0061] in, For dimension identification, The length of the input sequence. The dimension of the model's hidden layers. The input source code is a sequence of tokens. and For learnable parameters, This is the extracted semantic feature matrix of the source code.
[0062] Extracting opcode execution features to capture instruction context dependencies and local execution patterns is one possible implementation method.
[0063] Disassembling the bytecode yields the opcode sequence;
[0064] The opcode sequence is transformed into a vector sequence through an embedding layer and then input into a bidirectional long short-term memory network to obtain the context hidden state sequence.
[0065] The contextual hidden state sequence is processed by a convolutional neural network and a max pooling layer to obtain the opcode execution feature matrix.
[0066] Preferably, the present invention adopts an architecture that combines BiLSTM and 1D-CNN.
[0067] First, the opcode sequence Transform it into a vector sequence through the embedding layer;
[0068] Secondly, the input is fed into the BiLSTM, and the output is a sequence of hidden states containing context information. ,in The original length of the opcode sequence;
[0069] Finally, 1D-CNN (one-dimensional convolutional network) was used to... Perform feature extraction;
[0070] The convolutional kernel slides across the sequence to capture specific instruction combinations, and then performs dimensionality reduction through a max pooling layer. The specific feature extraction formula is as follows:
[0071]
[0072]
[0073] in, The time-series characteristics output by BiLSTM; This represents a one-dimensional convolution operation, which reduces the length of the original sequence. Mapped to feature maps; The length of the feature map that is ultimately retained after the pooling operation; For feature channel dimension, This is the final extracted opcode execution feature matrix. It is a linear rectification function.
[0074] To overcome the limitation of sequence models in understanding nonlinear logic in code, this invention extracts graph structure features to obtain a clear global topological structure. As one possible implementation, the graph structure feature extraction steps specifically include:
[0075] A program dependency graph is constructed from the source code. The nodes of the program dependency graph correspond to code statements or basic blocks, and the edges of the program dependency graph correspond to control dependencies or data dependencies. The initial feature vector of the program dependency graph is assigned through the semantic features of the source code.
[0076] The program depends on the graph, which is then fed into the graph neural network. The node features are updated through a message passing mechanism, and the graph structure feature matrix is output.
[0077] Preferably, this invention utilizes graph neural networks to extract global topological structure features. The specific process consists of three steps: graph construction, initialization, and propagation.
[0078] Graph Construction: Analyzing smart contract source code and constructing a program dependency graph. V is a node The set, An edge represents a line of statement or a basic block in the source code. Edges include two types of edges: control dependency edges and data dependency edges.
[0079] Node Feature Initialization: To imbue graph nodes with semantic information, this invention utilizes source code semantic features or corresponding code lines extracted by CodeBERT as initial semantic vectors, which serve as the initial feature matrix for each node in the PDG. This means that the starting point of a graph network is already a vector containing rich semantics, rather than random initialization;
[0080] Graph Convolution Propagation and Output: Feature propagation is performed on the PDG using GCN (Graph Convolutional Network). Through a message passing mechanism, each node aggregates information from its neighboring nodes (i.e., aggregates code line information that has logical dependencies on it). The formula for updating the node features of a layer is:
[0081]
[0082] in, For the set of edges in the program dependency graph The constructed original adjacency matrix, It is the identity matrix. An adjacency matrix with self-loops is used to represent the connection relationships between nodes; express The corresponding degree matrix; For the first The learnable weight matrix of the layer; For the first The node feature matrix of the layer This is the activation function.
[0083] go through After layer graph convolution propagation, the output matrix of the last layer is obtained. This is taken as the final output of this branch, denoted as the graph structure feature matrix. :
[0084] .
[0085] To address the semantic alignment challenge caused by the distribution of source code, opcode, and program dependency graph features in different vector spaces, this invention achieves deep interaction of features through a cross-granularity attention fusion module.
[0086] As one possible implementation, the steps of cross-granularity attention interaction include:
[0087] Using the graph structure feature matrix as the query, and the source code semantic feature matrix and the opcode execution feature matrix as the key and value respectively, dot product scaling attention is calculated to obtain context features; the context features include graph-source code context features and graph-opcode context features.
[0088] An adaptive gating mechanism is used to calculate the dynamic fusion ratio of graph structure features and context features, respectively, to generate enhanced graph features;
[0089] Global max pooling and global average pooling are performed on the enhanced graph features, and the pooling results are concatenated and projected through a multilayer perceptron to obtain a cross-granularity fused feature vector.
[0090] Specifically, this invention uses a graph feature matrix that includes the global topology. As the query subject, remove the source code features from the index. and opcode features The complementary information in.
[0091] Taking the fusion of graph and source code as an example, attention is scaled by calculating the dot product between graph nodes and source code tokens to generate a graph-source code attention weight matrix. and corresponding semantic context features The calculation formula is as follows:
[0092]
[0093]
[0094] in, The projection parameter matrix is a learnable matrix. This represents the feature dimension of the key vector. The weight matrix... The precise quantification of the logical mapping relationship between graph structure nodes and source code tokens is the core basis for generating the interpretability location report. Similarly, the execution context characteristics of graph nodes for opcodes can be calculated.
[0095] To prevent irrelevant redundant noise from being introduced through cross-granularity interactions, this invention introduces an adaptive gating mechanism.
[0096] As one possible implementation, the adaptive gating mechanism determines the gating coefficients using the Sigmoid function and then performs a weighted summation of graph structure features and context features based on these gating coefficients. Specifically, the gating coefficients are calculated using the Sigmoid function. Based on this, the fusion ratio of the original graph structural features and the newly acquired contextual features is dynamically adjusted to generate enhanced graph features. :
[0097]
[0098]
[0099] [;] indicates splicing. This indicates element-wise multiplication.
[0100] Finally, global max pooling and global average pooling are performed on the feature matrices processed by each branch to compress the variable-length node or sequence dimensions into fixed-length feature vectors. All vectors are then concatenated and projected and reassembled using a multilayer perceptron (MLP), ultimately outputting a high-dimensional fusion feature vector that highly condenses the complementary three-dimensional information. This serves as the input for subsequent classifiers.
[0101] To address the long-tail distribution problem caused by the scarcity of rare vulnerability samples in the field of smart contract security, this invention introduces a vulnerability type-aware mechanism to perform type-aware feature modulation.
[0102] As one possible implementation, type-aware feature modulation includes:
[0103] Vulnerability type identifiers are mapped to type vectors through a learnable embedding layer;
[0104] Channel attention weights are generated using type vectors through nonlinear transformations.
[0105] The cross-granularity fusion features are multiplied element-wise with the channel attention weights to obtain the modulated adaptation features, which are then input into the classifier to obtain the vulnerability prediction probability.
[0106] In the description of the embodiments of this application, type vector refers to mapping discrete vulnerability type identifiers (such as vulnerability numbers or category labels) into continuous, low-dimensional, learnable dense numerical representations through an embedding layer, which is used to enable the model to perceive and distinguish the semantic features of different vulnerability categories. The essence of type vector is to transform discrete identifiers into continuous, learnable dense vectors, which is used to endow the model with vulnerability type perception capabilities.
[0107] Preferably, a vulnerability type-aware meta-learning classification module can be constructed for executing the method, which simultaneously receives high-dimensional fused feature vectors. And a vulnerability type identifier indicating the current detection task.
[0108] First, to enable the model to detect specific vulnerabilities, a learnable type embedding layer is used to map vulnerability type identifiers to type vectors. The type embedding layer predefines a learnable parameter matrix. ,in To support the total number of vulnerability types detected, The dimension of the type vector.
[0109] When entering a vulnerability type identifier At that time, the embedding layer directly retrieves the data from the matrix through a table lookup operation. Extract the first The vector corresponding to each row serves as the type vector for that task. The parameter matrix Also the model's global parameters A portion of it will be continuously updated during the training process, thereby learning the optimal feature representation for different vulnerability types.
[0110] This type of vector is used to generate task-specific channel attention weights. The model dynamically modulates the fused features. This mechanism allows the model to automatically enhance the weights of relevant feature channels and suppress irrelevant noise based on the currently detected vulnerability type. Modulated features and final prediction results The calculation formula is as follows:
[0111]
[0112]
[0113]
[0114] in, This indicates element-wise multiplication. The modulation parameters are used, and the Classifier is a multilayer perceptron (MLP) that should contain at least one fully connected layer.
[0115] Building upon this, to enable the model to quickly adapt to new vulnerabilities under limited sample conditions, a model-independent meta-learning (MAML) strategy is employed for training. During training, the binary cross-entropy loss function is used to measure the difference between the predicted results and the true labels, guiding parameter optimization. Its calculation formula is as follows:
[0116]
[0117] in, For real labels, Let B be the predicted value and B be the batch size. Based on this loss function, the learning process consists of two stages: an inner loop and an outer loop.
[0118] Inner loop: Calculate the loss on the support set of each task, perform gradient descent on the model parameters, and obtain temporary parameters;
[0119] Outer loop: Calculate the loss on the query set of each task and backpropagate to update the global initialization parameters.
[0120] The inner loop calculates the loss using a small number of support set samples, which is relevant to specific tasks. Gradient descent is used to obtain temporary parameters. The outer loop calculates the loss based on the query set samples and backpropagates to update the model's global initialization parameters. This optimization method allows the model to learn a general parameter initialization state that is easy to fine-tune, and its parameter update rule is as follows:
[0121]
[0122]
[0123] in, Initialize parameters globally. Indicates in the task Loss on the support set This refers to a specific type of vulnerability detection task. For gradient, The learning rate for the inner loop. For specific tasks Temporary parameters, This represents the outer loop learning rate. This represents the probability distribution of all possible vulnerability detection tasks. Is it using temporary parameters? The loss is calculated on the query set.
[0124] Through the above mechanism, the present invention can achieve high-precision detection of novel or rare smart contract vulnerabilities with only a very small number of labeled samples.
[0125] To address the black-box problem of deep learning models lacking transparency, this invention also provides intuitive line-level code location and explanation for the detection results.
[0126] As one possible approach, locating the vulnerable code includes:
[0127] Obtain the graph-source code attention weight matrix generated during the cross-granularity attention interaction stage. The elements in the graph-source code attention weight matrix represent the degree of attention that graph nodes pay to each token in the source code.
[0128] Obtain the activation intensity of each graph node in the graph structure feature matrix;
[0129] The attention weight matrix is summed column-wise with weights equal to the activation intensity of the corresponding graph node to obtain the risk contribution of each token.
[0130] The risk contribution sequence is mapped back to the source code line number, and key vulnerability paths are filtered out using dynamic thresholds, outputting the location of the vulnerability code.
[0131] Specifically, for smart contracts predicted by the model to have vulnerabilities, the system first extracts the attention matrix generated during the cross-granularity fusion stage. , of which elements Represents the first in the program dependency graph The structural node in the source code is the first The level of attention given to each token. To quantify the contribution of each code token to the final vulnerability decision, this invention defines a token risk contribution level. The calculation formula is as follows:
[0132]
[0133] in, For graph nodes The activation intensity weights in the fused features are obtained by averaging the graph feature channels. The risk contribution sequence of all tokens is calculated. The system then maps the sequence back to the line number index of the original source code. This is achieved by setting a dynamic threshold. Filter out The physical line of code containing the token was identified and marked as a critical vulnerability path.
[0134] After calculating and filtering the risk contribution, the system will further generate a line-by-line location heatmap based on the above data. Specifically, the system will fully display the original source code of the smart contract at the output end, and map it to continuously changing visual features (such as light and dark gradients of background color) according to the risk contribution of the key tokens contained in each physical line of code.
[0135] Lines of code with higher risk contribution are more prominently marked with a color on the heatmap; meanwhile, lines of code with risk contribution exceeding the aforementioned dynamic threshold... The system will further enhance the protection of the physical row containing the critical vulnerability path by highlighting or using special visual markers.
[0136] Through this complete mapping and visualization process, the code line-level location heatmap output by the system enables security auditors to intuitively locate the core code location that causes the vulnerability without analyzing the prediction results of the black-box model line by line, while preserving the complete code logic context. This significantly improves the interpretability of the model and the efficiency of vulnerability investigation in practical applications.
[0137] To implement the above method, the present invention also provides a contract vulnerability detection system based on cross-granularity feature fusion and meta-learning, comprising:
[0138] The data acquisition module is used to acquire the source code and compiled bytecode of the contract to be tested.
[0139] The feature extraction module is used to extract semantic features from source code, opcode execution features from bytecode, and graph structure features after constructing a program dependency graph from source code.
[0140] The cross-granularity fusion module is used to take graph structure features as the query subject and perform cross-granularity attention interaction with source code semantic features and opcode execution features respectively to generate cross-granularity fused features;
[0141] The vulnerability type awareness module is used to perform type-aware feature modulation by combining cross-granularity fusion features with the vulnerability type identifier of the current detection task, and to train a classifier using a meta-learning strategy to output vulnerability detection results.
[0142] The vulnerability location module is used to locate the vulnerability code based on the graph-source code attention weight matrix generated during cross-granularity attention interaction.
[0143] Preferably, after generating the graph-source code attention weight matrix, the risk contribution of each token can be further calculated and mapped to generate a line-level location heatmap to intuitively output the key vulnerability path and locate the vulnerability code.
[0144] Compared to existing smart contract vulnerability detection technologies, this invention achieves deep alignment of source code semantics, underlying opcode execution logic, and program dependency graph structure information by constructing a cross-granularity feature fusion architecture. This effectively solves the semantic gap and incomplete feature representation problems existing in traditional single-modal or simple multimodal methods. Furthermore, this invention introduces a vulnerability type-aware meta-learning mechanism. Compared to traditional supervised learning models that heavily rely on massive amounts of balanced data, this model requires only a small number of samples to quickly adapt to novel or rare vulnerabilities, greatly enhancing the model's generalization ability on long-tailed distributed data. Finally, the hierarchical interpretability framework proposed in this invention directly maps source code lines using internal attention weights, providing security auditors with support for locating vulnerability code lines and improving the tool's usability and reliability in practical engineering.
[0145] The above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application.
Claims
1. A contract vulnerability detection method based on cross-granularity feature fusion and meta-learning, characterized in that, include: Obtain the source code and compiled bytecode of the contract to be tested; Extract source code semantic features from source code, extract opcode execution features from bytecode, and extract graph structure features after constructing a program dependency graph from source code; Using graph structure features as the query subject, cross-granularity attention interactions are performed with source code semantic features and opcode execution features respectively to generate cross-granularity fusion features; The cross-granularity fusion features are combined with the vulnerability type identifier of the current detection task for type-aware feature modulation, and a meta-learning strategy is used to train the classifier to output the vulnerability detection results. In response to the vulnerability detection result indicating the existence of a vulnerability, the graph-source code attention weight matrix generated during the cross-granularity attention interaction stage is obtained. The elements in the graph-source code attention weight matrix represent the degree of attention of graph nodes to each token in the source code. The activation intensity of each graph node in the graph structure feature matrix is obtained. The graph-source code attention weight matrix is weighted and summed column by column, with the weight being the activation intensity of the corresponding graph node, to obtain the risk contribution of each token. The risk contribution sequence is mapped back to the source code line number, and key vulnerability paths are filtered out through dynamic thresholds to generate a code line-level location heatmap for intuitive output of the vulnerability code location.
2. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 1, characterized in that, The method for extracting semantic features from source code is as follows: the source code is segmented into words, and the output hidden state is extracted as a semantic feature matrix through a pre-trained code language model, and then mapped to a unified dimension through a fully connected layer.
3. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 1, characterized in that, The opcode execution feature extraction method is as follows: Disassemble the bytecode to obtain the opcode sequence; The opcode sequence is transformed into a vector sequence through an embedding layer and then input into a bidirectional long short-term memory network to obtain the context hidden state sequence. The contextual hidden state sequence is processed by a convolutional neural network and a max pooling layer to obtain the opcode execution feature matrix.
4. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 1, characterized in that, The graph structure feature extraction steps specifically include: A program dependency graph is constructed from the source code. The nodes of the program dependency graph correspond to code statements or basic blocks, and the edges of the program dependency graph correspond to control dependencies or data dependencies. The initial feature vector of the program dependency graph is assigned through the semantic features of the source code. The program depends on the graph, which is then fed into the graph neural network. The node features are updated through a message passing mechanism, and the graph structure feature matrix is output.
5. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 1, characterized in that, The steps involved in cross-granularity attention interaction include: Using the graph structure feature matrix as the query, and the source code semantic feature matrix and the opcode execution feature matrix as the key and value respectively, dot product scaling attention is calculated to obtain context features; the context features include graph-source code context features and graph-opcode context features. An adaptive gating mechanism is used to calculate the dynamic fusion ratio of graph structure features and context features respectively, and to generate enhanced graph features. Global max pooling and global average pooling are performed on the enhanced graph features, and the pooling results are concatenated and projected through a multilayer perceptron to obtain a cross-granularity fused feature vector.
6. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 5, characterized in that, The adaptive gating mechanism determines the gating coefficients using the Sigmoid function and then performs a weighted summation of the graph structure features and context features based on these gating coefficients.
7. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 1, characterized in that, Type-aware feature modulation includes: Vulnerability type identifiers are mapped to type vectors through a learnable embedding layer; Channel attention weights are generated using type vectors through nonlinear transformations. The cross-granularity fusion features are multiplied element-wise with the channel attention weights to obtain the modulated adaptation features, which are then input into the classifier to obtain the vulnerability prediction probability.
8. The contract vulnerability detection method based on cross-granularity feature fusion and meta-learning according to claim 1, characterized in that, The meta-learning strategy employs model-independent meta-learning, and the training process includes: Inner loop: Calculate the loss on the support set of each task, perform gradient descent on the model parameters, and obtain temporary parameters; Outer loop: Calculate the loss on the query set of each task and backpropagate to update the global initialization parameters.
9. A contract vulnerability detection system based on cross-granularity feature fusion and meta-learning, characterized in that, For performing the method according to any one of claims 1-8, comprising: The data acquisition module is used to acquire the source code and compiled bytecode of the contract to be tested. The feature extraction module is used to extract semantic features from source code, opcode execution features from bytecode, and graph structure features after constructing a program dependency graph from source code. The cross-granularity fusion module is used to take graph structure features as the query subject and perform cross-granularity attention interaction with source code semantic features and opcode execution features respectively to generate cross-granularity fused features; The vulnerability type awareness module is used to perform type-aware feature modulation by combining cross-granularity fusion features with the vulnerability type identifier of the current detection task, and to train a classifier using a meta-learning strategy to output vulnerability detection results. The vulnerability localization module is used to calculate the risk contribution of each token based on the graph-source code attention weight matrix generated during cross-granularity attention interaction, and map it to generate a line-level localization heatmap to intuitively output the key vulnerability path and locate the vulnerability code.