Fadul:
Milestone: USENIX Security ‘25
Key Dates:
Milestone Date: January 22
Completed Tasks:
Tasks to Do:
Replies:
Dr. Lei:
very good. i think the writeups you are providing are really good and help make the discussions more productive. keep it up.
Fadul:
Hello everyone,
I’ve been a bit under the weather this week with flu-like symptoms, but I’m almost recovered. Despite this, I’ve been consolidating my research findings and plan to send them to Dr. Lei and Dr. Ji by the end of today.
Experimentation on Fine-tuning Smart Contracts
Fadul:
Over the past few days, I have been reviewing literature to understand how graph-based neural networks, particularly those utilizing attention mechanisms, are being applied to smart contract vulnerability detection. Below is a summary of the methodologies I came to find:
Current Focus and Next Steps:
Replies:
Dr. Lei:
please try to write down your findings and send to the group before our meeting on Thu
Fadul:
Milestone: USENIX Security ‘25
Key Dates:
Weekly Updates:
I have been exploring how slicing criteria can effectively reduce the feature space. This analysis focuses on assessing its adaptability to various types of vulnerabilities.
Replies:
Dr. Lei:
one of the two new directions we discussed is not about GNN. instead it is about GNN-Attention networks, i.e., combining GNN with Attention mechanism or pretrained LLM.
Fadul:
Milestone: USENIX Security ‘25
Key Dates:
Tasks Completed This Week:
I have been analyzing the program slicing process with a focus on Solidity smart contracts. Building on insights from a 2024 paper that employs program slicing to detect reentrancy vulnerabilities, I aim to refine and expand its approach. Specifically, my work involves:
I am documenting these slicing criteria approach in details. I aim to share the document by midday. Additionally, I am implementing these criteria to assess their effectiveness in put size reduction.
Projects Page: https://fadulsikder.github.io/portfolio/
Fadul:
Milestone: USENIX Security ‘25
Key Dates:
Tasks Completed This Week:
Pattern Identification in Vulnerabilities:
I can think of two ways to move forword One approach to vulnerability identification involves recognizing common patterns in abstract domains, such as Abstract Syntax Trees (AST), Control Flow Graphs (CFG), or taint analysis chains. Existing studies uses state variables or opcode-level similarities or some other form of similarities for detecting vulnerabilities. Another potential strategy is to apply a state-of-the-art approach to my data and assess its effectiveness in identifying key code segments of interest with out delving deep first.
Fadul:
Hello everyone,
Action Items Completed:
Next Steps: I have three main action items identified going forward:
Upcoming Goals: My immediate goal is to conduct a literature review and compile research on feature engineering. I plan to approach this in two phases:
While I haven’t yet decided on a specific conference date for my next Milestone, I aim to finalize this choice by my next update.
Replies:
Dr. Lei:
sounds good. one suggestion is perhaps looking beyond vulnearability detection. there is a lot of work on vulnerability detection, which is kind of crowded. are there any other problems to address with smart contracts, e.g., fault localization, contract synthesis (i.e., automatically construct a smart contract based on some kind of user description), and others?
Fadul:
Milestone: Submission to ISSTA on October 31st
This week, I have focused on conducting baseline experiments and setting up additional ones to observe the results. I have completed about 70% of the experiments section but am still awaiting baseline results from experiments currently running on TACC. Additionally, I have drafted the related work section, which took more time than anticipated. I haven’t updated the Overleaf document yet but plan to do so by this evening or tomorrow afternoon. Finally, I have addressed all technical comments from the last draft and adjusted the writing accordingly.
Fadul:
Next Milestone: ISSTA Paper Submission on Oct 31.
I have been working on the experiments and completing the remaining tasks. I obtained one set of results: for binary classification, an accuracy of 67%, and for multi-label classification, 48%, across a total of 17 classes with five vulnerabilities. Here is the current dataset distribution:
I believe some of the multi-label classifications are too many for the limited number of contracts available. I already reduced the original 37 labels to 17, but this still may be too many. Therefore, I aim to reduce the number of classes further and run another set of experiments with 7 labels.
The revised dataset distribution is as follows:
I am currently running this new set of experiments and aim to complete the updated version by tomorrow night.
Replies:
Dr. Lei:
even though the results are not as good as expected, still try to make the submission with the results you have.
Fadul:
Next Major Milestone: Submit the paper to ISSTA 2025 - October 31st
Action Item Completed:
Initially, I planned to complete the environment setup for the training pipeline by Friday. However, resolving dependency conflicts proved more complex than anticipated, requiring manual inspection and management of numerous packages. I eventually completed this by Monday afternoon.
Current Experiments in Progress:
Dr. Lei, when you have a moment, could you please review my current draft?
Replies:
Dr. Lei:
is your latest version on overleaf? time is running out, and this is a deadline that you cannot miss. you need to have an internal deadline, say have a reasonable, complete version latest by one week before the submission.
Fadul:
Next Major Milestone: Submit the paper to ISSTA 2025 - October 31st
Action Items Completed:
Actions to be Completed:
Replies:
Dr. Lei:
sounds good. just want to say, time is very tight. take it as challenge to you to make the submission.
Fadul:
Next Milestone: October 1st – Complete the current version by October 4th.
Actions performed: Set up the experiments, but experienced a setback due to unfortunate data deletion. I am hoping to resolve this issue by today or tomorrow and get everything up and running again. Wrote the latest version addressing the comments. However, some data support and diagrams still need to be added, as suggested. I aim to finish this version by October 3rd with all the result.
Actions for the next meeting: Complete binary and multi-label classification experiments and generate other data statistics and incorporate them in paper.
Fadul:
Next Milestone: October 1st – Complete the current version.
Actions performed:
Actions for the next meeting:
Replies:
Dr. Lei:
i made comments on your draft. if you want to make the milestone, you really need to work hard. there is still a lot to do for a complete version.
Fadul:
Milestone: October 1
Complete the current paper, including all experiments and writing.
Action Items Completed:
Action Items for Next Meeting:
Fadul:
added an integration to this channel: <https://softwareengin-m1a1973.slack.com/services/B07MAHUQFFD | Website Update Notification> |
Fadul:
Milestone: October 1
Complete the current paper, carrying out all experiments and writing.
Action Items Before Next Meeting:
Action Items Performed:
Replies:
Dr. Lei:
make a commitment to meet this milestone, whatever it takes
© 2023 Jeff Lei's Lab.
Site made with Jekyll. Template from the Allan Lab
We are part of the CSE Department at University of Texas at Arlington.