Sicong Cao,Xiaobing Sun,Xiaoxue Wu,David Lo,Lili Bo,Bin Li,Xiaolei Liu,Xingwei Lin,Wei Liu

DOI: https://doi.org/10.1145/3691620.3695057

2024-01-01

Abstract:Deep Learning (DL) has emerged as a promising means for vulnerability detection due to its ability to automatically derive features from vulnerable code. Unfortunately, current solutions struggle to focus on vulnerability-related parts of vulnerable functions, and tend to exploit spurious correlations for prediction, thus undermining their effectiveness in practice. In this paper, we propose Snopy, a novel DL-based approach, which bridges sample denoising with causal graph learning to capture real vulnerability patterns from vulnerable samples with numerous noise for effective detection. Specifically, Snopy adopts a change-based sample denoising approach to automatically weed out vulnerability-irrelevant code elements in the vulnerable functions without sacrificing the label accuracy. Then, Snopy constructs a novel Causality-Aware Graph Attention Network (CA-GAT) with Feature Caching Scheme (FCS) to learn causal vulnerability features while maintaining efficiency. Experiments on the three public benchmark datasets show that Snopy outperforms the state-of-the-art baselines by an average of 27.22%, 85.89%, and 75.50% in terms of F1-score, respectively.

Mengliang Li,Xiaoxue Ren,Han Fu,Zhuo Li,Jianling Sun

DOI: https://doi.org/10.1109/issre59848.2023.00025

2023-01-01

Abstract:Smart contracts are essential for executing computing logic on blockchain networks. However, they are also susceptible to various vulnerabilities. In recent years, the detection of smart contract vulnerabilities has become a significant concern due to the substantial losses caused by hacker attacks. Traditional vulnerability detection approaches rely on expert rules, which often suffer from limitations in accuracy and completeness. Deep learning-based methods offer better coverage of vulnerabilities but may overlook certain vulnerability characteristics and suffer from overfitting during training. In this paper, we propose a novel approach called ConvMHSA-SCVD, which combines knowledge-driven and data-driven algorithms together to detect smart contract vulnerabilities. By incorporating feature selection, data balancing, and a combination of multi-channel convolution and multi-head self-attention neural networks, our ConvMHSA-SCVD achieves effective vulnerability detection in smart contracts. Extensive experiments demonstrate that our approach outperforms the state-of-the-art method in accuracy and F1 score, with improvements ranging from 0.4% to 3.84% and 1.28% to 1.90%, respectively.

Feng Luo,Ruijie Luo,Ting Chen,Ao Qiao,Zheyuan He,Shuwei Song,Yu Jiang,Sixing Li

DOI: https://doi.org/10.1145/3597503.3639213

2023-01-01

Abstract:Due to the rapid development of blockchain, security issues caused by smart contract vulnerabilities are receiving increasingly widespread attention. Unfortunately, traditional smart contract vulnerability detection methods rely heavily on expert knowledge and elaborate rules, while neural network-based vulnerability detection methods have not yet achieved satisfactory accuracy either. In this paper, we propose a novel vulnerability detection method for smart contracts called VULDET. We first construct a contract graph based on the structure of the smart contract source code and combine security domain knowledge to attach additional features to nodes in the graph that are closely associated with vulnerabilities to highlight key nodes, and finally use graph attention networks for contract vulnerability detection. We apply VULDET to reentrancy vulnerability as well as timestamp dependency vulnerability detection and conduct extensive experiments, and the results show that our approach has significant advantages over existing methods.

Zhenguang Liu,Peng Qian,Xiaoyang Wang,Yuan Zhuang,Lin Qiu,Xun Wang

DOI: https://doi.org/10.1109/tkde.2021.3095196

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Smart contract vulnerability detection draws extensive attention in recent years due to the substantial losses caused by hacker attacks. Existing efforts for contract security analysis heavily rely on rigid rules defined by experts, which are labor-intensive and non-scalable. More importantly, expert-defined rules tend to be error-prone and suffer the inherent risk of being cheated by crafty attackers. Recent researches focus on the symbolic execution and formal analysis of smart contracts for vulnerability detection, yet to achieve a precise and scalable solution. Although several methods have been proposed to detect vulnerabilities in smart contracts, there is still a lack of effort that considers combining expert-defined security patterns with deep neural networks. In this paper, we explore using graph neural networks and expert knowledge for smart contract vulnerability detection. Specifically, we cast the rich control- and data- flow semantics of the source code into a contract graph. To highlight the critical nodes in the graph, we further design a node elimination phase to normalize the graph. Then, we propose a novel temporal message propagation network to extract the graph feature from the normalized graph, and combine the graph feature with designed expert patterns to yield a final detection system. Extensive experiments are conducted on all the smart contracts that have source code in Ethereum and VNT Chain platforms. Empirical results show significant accuracy improvements over the state-of-the-art methods on three types of vulnerabilities, where the detection accuracy of our method reaches 89.15, 89.02, and 83.21 percent for reentrancy, timestamp dependence, and infinite loop vulnerabilities, respectively.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Jiale Li,Xiao Yu,Jie Yu,Haoxin Sun,Mengdi Sun

DOI: https://doi.org/10.1007/978-981-97-5588-2_27

2024-01-01

Abstract:Smart contracts can contain vulnerable program code, making their security a significant concern in the past few years. Traditional detection techniques rely on expert defined features and source code analysis, but both have scalability issues and high false alarm rates. This paper presents a method for the detection of vulnerabilities in smart contracts, employing a multi graph convolutional neural network and self-attention mechanism. The method models the key function information, flow of control, and flow of data information of the smart contract source code as a semantic graph to emphasize the relationship between the flow of data and the flow of control in program operation. It predicts learning edges between nodes in the graph using an edge prediction network and constructs a multi graph of the smart contract semantics. Additionally, it utilizes a self-attention mechanism to gather and extract features from many layers to achieve precise detection of smart contract vulnerabilities. Outcomes of an experiment demonstrate that the proposed vulnerability detection method has significant advantages in identifying reentrant vulnerabilities and timestamp dependency vulnerabilities, with accuracy rates of 92.5% and 92.67%.

Jianxin Cheng,Yizhou Chen,Yongzhi Cao,Hanpin Wang

DOI: https://doi.org/10.1016/j.jss.2024.112118

IF: 3.5

2024-06-03

Journal of Systems and Software

Abstract:Vulnerability detection in smart contracts is critical to secure blockchain systems. Existing methods represent the bytecode as a graph structure and leverage graph neural networks to learn graph features for vulnerability detection. However, these methods are limited to handling the long-range dependencies between nodes. This means that they might focus on learning local node feature while ignoring global node information. In this paper, we propose a novel vulnerability detection framework with E nhanced G raph F eature L earning (EGFL), which aims to extract the global node information and utilize it to improve vulnerability detection in smart contracts. Specifically, we first represent the bytecode as a Control Flow Graph (CFG). To extract global node information, EGFL constructs a linear node feature matrix from CFG, and uses the feature-aware and relationship-aware modules to handle long-range dependencies between nodes. Meanwhile, a graph neural network is adopted to extract the local node feature from CFG. Subsequently, we fuse the global node information and local node feature to generate an enhanced graph feature for capturing more vulnerability features. We evaluate EGFL on the benchmark dataset with six types of smart contract vulnerabilities. Results show that EGFL outperforms fourteen state-of-the-art vulnerability detection methods by 10.83%–60.28% in F1 score.

computer science, theory & methods, software engineering

Ziyue Wei,Weining Zheng,Xiaohong Su,Wenxin Tao,Tiantian Wang

DOI: https://doi.org/10.1007/978-3-031-44216-2_20

2023-01-01

Abstract:As blockchain technology advances, the security of smart contracts has become increasingly crucial. However, most of smart contract vulnerability detection tools available on the market currently rely on artificial-predefined vulnerability rules, which result in suboptimal generalization ability and detection accuracy. Deep learning-based methods usually treat smart contracts as token sequences, which limit the utilization of structural information and the integration of artificial rules. To mitigate these issues, we propose a novel smart contract vulnerability detection method. First, we propose an approach for constructing contract graph to capture vital structural information, such as control- and data- flow. Then, we employ a Wide & Deep learning model to integrate the structural feature, sequencial feature, and artificial rules for smart contract vulnerability detection. Extensive experiments show that the proposed method performs exceptionally well in detecting four different types of vulnerabilities. The results demonstrate that integrating structural information and artificial rules can significantly improve the effectiveness of smart contract vulnerability detection.

Ruidong Chen,Yangyang Liu,Shiping Huang,Yuyan Sun,Guozheng Li,Qiwen Jiang

DOI: https://doi.org/10.1109/ICCBD-AI62252.2023.00022

2023-12-15

Abstract:The increasement of blockchain applications has brought about many security issues, with smart contract vulnerabilities causing significant financial losses. The majority of current smart contract vulnerability detection methods predominantly rely on static analysis of the source code and predefined expert rules. However, these approaches exhibit certain limitations, characterized by their restricted scalability and lower detection accuracy. Therefore in this paper, we use graph neural networks to perform smart contract vulnerability detection at the bytecode level, aiming to address the aforementioned issues. In particular, we propose a novel detection model. In order to acquire a comprehensive understanding of the dependencies among individual functions within a smart contract, we first construct a Program Dependency Graph(PDG) of functions, extract function-level features using graph neural networks, then augment function-level features using a self-attentive mechanism to learn the dependencies between functions, and finally aggregate function-level features for detecting the vulnerabilities. Our model possesses the capability to identify the subtle nuances in the interactions and interdependencies among different functions, consequently enhancing the precision of vulnerability detection. Experimental results show the performance of the method compared to existing smart contract vulnerability detection methods across multiple evaluation metrics.

Computer Science

Bing Chen,Jie Cai,Xiaobing Sun,Jiale Zhang,Bin Li

DOI: https://doi.org/10.1109/saner56733.2023.00101

2023-03-01

Abstract:Existing smart contract vulnerability detection efforts heavily rely on fixed rules defined by experts, which are inefficient and inflexible. To overcome the limitations of existing vulnerability detection approaches, we propose a GNN based approach. First, we construct a graph representation for a smart contract function with syntactic and semantic features by combining abstract syntax tree (AST), control flow graph (CFG), and program dependency graph (PDG). To further strengthen the presentation ability of our approach, we perform program slicing to normalize the graph and eliminate the redundant information unrelated to vulnerabilities. Then, we use a Bidirectional Gated Graph Neural-Network model with hybrid attention pooling to identify potential vulnerabilities in smart contract functions. Experiment results show that our approach can achieve 89.2% precision and 92.9% recall in smart contract vulnerability detection on our dataset and reveal the effectiveness and efficiency of our approach.

Computer Science

Zhenguang Liu,Peng Qian,Xiang Wang,Lei Zhu,Qinming He,Shouling Ji

DOI: https://doi.org/10.48550/arXiv.2106.09282

2021-06-17

Abstract:Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

Machine Learning,Programming Languages

Yujian Zhang,Daifu Liu

DOI: https://doi.org/10.3390/fi14110326

2022-11-12

Future Internet

Abstract:With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on fuzzing, symbolic execution, formal verification, and static analysis. In this paper, we propose two static analysis approaches called ASGVulDetector and BASGVulDetector for detecting vulnerabilities in Ethereum smart contacts from source-code and bytecode perspectives, respectively. First, we design a novel intermediate representation called abstract semantic graph (ASG) to capture both syntactic and semantic features from the program. ASG is based on syntax information but enriched by code structures, such as control flow and data flow. Then, we apply two different training models, i.e., graph neural network (GNN) and graph matching network (GMN), to learn the embedding of ASG and measure the similarity of the contract pairs. In this way, vulnerable smart contracts can be identified by calculating the similarity to labeled ones. We conduct extensive experiments to evaluate the superiority of our approaches to state-of-the-art competitors. Specifically, ASGVulDetector improves the best of three source-code-only static analysis tools (i.e., SmartCheck, Slither, and DR-GCN) regarding the F1 score by 12.6% on average, while BASGVulDetector improves that of the three detection tools supporting bytecode (i.e., ContractFuzzer, Oyente, and Securify) regarding the F1 score by 25.6% on average. We also investigate the effectiveness and advantages of the GMN model for detecting vulnerabilities in smart contracts.

Jianxin Cheng,Yizhou Chen,Yongzhi Cao,Hanpin Wang

DOI: https://doi.org/10.1016/j.infsof.2024.107517

IF: 3.9

2024-01-01

Information and Software Technology

Abstract:Vulnerability detection is critical to ensure software security, and detecting vulnerabilities in smart contract code is currently gaining massive attention. Existing deep learning-based vulnerability detection methods represent the code as a code structure graph and eliminate vulnerability-irrelevant nodes. Then, they learn vulnerability-related code features from the simplified graph for vulnerability detection. However, this simplified graph struggles to represent relatively complete structural information of code, which may affect the performance of existing vulnerability detection methods. In this paper, we present a novel Vulnerability Detection framework based on Critical Execution Paths (VDCEP), which aims to improve smart contract vulnerability detection. Firstly, given a code structure graph, we deconstruct it into multiple execution paths that reflect rich structural information of code. To reduce irrelevant code information, a path selection strategy is employed to identify critical execution paths that may contain vulnerable code information. Secondly, a feature extraction module is adopted to learn feature representations of critical paths. Finally, we feed all path feature representations into a classifier for vulnerability detection. Also, the feature weights of paths are provided to measure their importance in vulnerability detection. We evaluate VDCEP on a large dataset with four types of smart contract vulnerabilities. Results show that VDCEP outperforms 14 representative vulnerability detection methods by 5.34%–60.88% in F1-score. The ablation studies analyze the effects of our path selection strategy and feature extraction module on VDCEP. Moreover, VDCEP still outperforms ChatGPT by 34.46% in F1-score. Compared to existing vulnerability detection methods, VDCEP is more effective in detecting smart contract vulnerabilities by utilizing critical execution paths. Besides, we can provide interpretable details about vulnerability detection by analyzing the path feature weights.

fan jiang,yuanlong cao,jianmao xiao,hui yi,gang lei,min liu,hao wang,shuiguang deng

DOI: https://doi.org/10.1007/978-3-031-20096-0_6

2022-01-01

Abstract:With the widespread use of smart contracts in various fields, the research on smart contract vulnerability detection has increased yearly. Most of the previous research work is based on symbol detection and comparison with expert-defined error patterns to analyze the possible vulnerabilities of smart contracts. The accuracy and performance of such methods are generally low. In response to this problem, this paper proposes an efficient smart contract vulnerability detection model VDDL (Vulnerability Detection Based on Deep Learning). VDDL uses a multi-layer bidirectional Transformer architecture as the model architecture, involving a multi-head attention mechanism and a masking mechanism. A multi-head attention mechanism is applied in the encoder-decoder layer. The masking mechanism randomly masks the input tokens and combined with the context to predict the masked tokens, a deep bidirectional representation for training is realized. Furthermore, VDDL incorporates CodeBERT, a large bimodal pre-trained model for natural and programming languages, to improve training performance. We collected 47,038 smart contracts as datasets for model training and testing. In the end, the accuracy of VDDL reached 92.35%, the recall reached 81.43%, and the F1-score reached 86.38%, which can efficiently detect possible loopholes in smart contracts.

Zixian Zhen,Xiangfu Zhao,Jinkai Zhang,Yichen Wang,Haiyue Chen

DOI: https://doi.org/10.1016/j.comnet.2024.110238

IF: 5.493

2024-04-01

Computer Networks

Abstract:A smart contract is an automated computer program based on blockchain technology. In recent years, the security incidents of smart contracts have caused serious economic losses. However, existing smart contract vulnerability detection methods rely on fixed expert rules, resulting in reduced detection accuracy and scalability. Therefore, addressing the issues of low accuracy in traditional smart contract vulnerability detection methods and the insufficient feature extraction in neural network-based approaches for smart contracts, this paper introduces an intelligent contract vulnerability identification method, Dual Attention Graph Neural Network (DA-GNN). Firstly, DA-GNN transforms the operation code sequence of nodes in the smart contract Control Flow Graph (CFG) into a feature matrix of semantic features and relationships between nodes based on the five types of instructions we propose. Secondly, our proposed dual attention mechanism introduces node semantic features and relationship features between nodes into the GAT to achieve node embedding updates. The updated graph node information is fused through self-attention mechanism to obtain the graph features. Then, the classification and prediction of vulnerabilities are achieved through the classification module. Finally, we evaluated our method on 17,670 real smart contracts. The experimental results show that the precision in detecting integer overflow vulnerabilities, self-destruct vulnerabilities, and transaction sequence dependency vulnerabilities reaches 72.17%, 67.03%, and 73.66%, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Qingyao Zeng,Dapeng Xiong,Zhongwang Wu,Kechang Qian,Yu Wang,Yinghao Su

DOI: https://doi.org/10.3390/electronics13193813

IF: 2.9

2024-09-27

Electronics

Abstract:With the increasing scale and complexity of software, the advantages of using neural networks for static vulnerability detection are becoming increasingly prominent. Before inputting into a neural network, the source code needs to undergo word embedding, transforming discrete high-dimensional text data into low-dimensional continuous vectors suitable for training in neural networks. However, analysis has revealed that different implementation ideas by code writers for the same functionality can lead to varied code implementation methods. Embedding different code texts into vectors results in distinctions that can reduce the robustness of a model. To address this issue, this paper explores the impact of converting source code into different forms on word embedding and finds that a TAC (Three-Address Code) can significantly eliminate noise caused by different code implementation approaches. Given the excellent capability of a GNN (Graph Neural Network) in handling non-Euclidean space data and complex features, this paper subsequently employs a GNN to learn and classify vulnerabilities by capturing the implicit syntactic structure information in a TAC. Based on this, this paper introduces TACSan, a novel static vulnerability detection system based on a GNN designed to detect vulnerabilities in C/C++ programs. TACSan transforms the preprocessed source code into a TAC representation, adds control and data edges to create a graph structure, and then inputs it into the GNN for training. Comparative testing and evaluation of TACSan against other renowned static analysis tools, such as VulDeePecker and Devign, demonstrate that TACSan's detection capabilities not only exceed those methods but also achieve substantial enhancements in accuracy and F1 score.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuan Zhuang,Zhenguang Liu,Peng Qian,Qi Liu,Xiang Wang,Qinming He

DOI: https://doi.org/10.24963/ijcai.2020/454

2020-07-01

Abstract:The security problems of smart contracts have drawn extensive attention due to the enormous financial losses caused by vulnerabilities. Existing methods on smart contract vulnerability detection heavily rely on fixed expert rules, leading to low detection accuracy. In this paper, we explore using graph neural networks (GNNs) for smart contract vulnerability detection. Particularly, we construct a contract graph to represent both syntactic and semantic structures of a smart contract function. To highlight the major nodes, we design an elimination phase to normalize the graph. Then, we propose a degree-free graph convolutional neural network (DR-GCN) and a novel temporal message propagation network (TMP) to learn from the normalized graphs for vulnerability detection. Extensive experiments show that our proposed approach significantly outperforms state-of-the-art methods in detecting three different types of vulnerabilities.

Daojun Han,Qiuyue Li,Lei Zhang,Tao Xu

DOI: https://doi.org/10.1155/2023/9212269

2023-02-05

Wireless Communications and Mobile Computing

Abstract:As a trusted decentralized application, smart contracts manage a large number of digital assets on the blockchain. Vulnerability detection of smart contracts is an important part of ensuring the security of digital assets. At present, many researchers extract features of smart contract source code for vulnerability detection based on deep learning methods. However, the current research mainly focuses on the single representation form of the source code, which cannot fully obtain the rich semantic and structural information contained in the source code, so it is not conducive to the detection of various and complex smart contract vulnerabilities. Aiming at this problem, this paper proposes a vulnerability detection model based on the fusion of syntax and semantic features. The syntactic and semantic representation of the source code is obtained from the abstract syntax tree and control flow graph of the smart contract through TextCNN and Graph Neural Network. The syntactic and semantic features are fused, and the fused features are used to detect vulnerabilities. Experiments show that the detection accuracy and recall rate of this model have been improved on the detection tasks of five types of vulnerabilities, with an average precision of 96% and a recall rate of 90%, which can effectively identify smart contract vulnerabilities.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chi Jiang,Xihan Liu,Shenao Wang,Jinzhuo Liu,Yin Zhang

DOI: https://doi.org/10.24963/ijcai.2024/469

2024-01-01

Abstract:Because of the wide deployment of smart contracts, smart contract vulnerabilities pose a challenging risk to blockchain security. Currently, deep learning-based vulnerability detection is a very attractive solution due to its ability to identify complex patterns and features. The existing methods mainly consider the contract code content features, expert knowledge patterns, and contract code modalities. To further enhance smart contract vulnerability detection, this paper attempts to identify community features from smart contracts with similar semantic and syntactic structures, and shared features from two related vulnerability detection tasks, vulnerability classification and localization. The experimental results verify that the proposed approach significantly outperforms the state-of-the-art methods in terms of accuracy, recall, precision, and F1-score.

Anshul Tanwar,Hariharan Manikandan,Krishna Sundaresan,Prasanna Ganesan,Sathish Kumar Chandrasekaran,Sriram Ravi

DOI: https://doi.org/10.48550/arXiv.2104.09225

2021-04-19

Abstract:Security issues in shipped code can lead to unforeseen device malfunction, system crashes or malicious exploitation by crackers, post-deployment. These vulnerabilities incur a cost of repair and foremost risk the credibility of the company. It is rewarding when these issues are detected and fixed well ahead of time, before release. Common Weakness Estimation (CWE) is a nomenclature describing general vulnerability patterns observed in C code. In this work, we propose a deep learning model that learns to detect some of the common categories of security vulnerabilities in source code efficiently. The AI architecture is an Attention Fusion model, that combines the effectiveness of recurrent, convolutional and self-attention networks towards decoding the vulnerability hotspots in code. Utilizing the code AST structure, our model builds an accurate understanding of code semantics with a lot less learnable parameters. Besides a novel way of efficiently detecting code vulnerability, an additional novelty in this model is to exactly point to the code sections, which were deemed vulnerable by the model. Thus helping a developer to quickly focus on the vulnerable code sections; and this becomes the "explainable" part of the vulnerability detection. The proposed AI achieves 98.40% F1-score on specific CWEs from the benchmarked NIST SARD dataset and compares well with state of the art.

Artificial Intelligence,Software Engineering

Seon-Jin Hwang,Seok-Hwan Choi,Jinmyeong Shin,Yoon-Ho Choi

DOI: https://doi.org/10.1109/access.2022.3162065

IF: 3.9

2022-01-01

IEEE Access

Abstract:A smart contract is a computer program which is automatically executed with some conditional statements such as "if/then". Since smart contracts can include some vulnerable program codes, smart contract exploit was recently highlighted as one of the severe threats to Ethereum blockchain. As one of the efficient and effective smart contract vulnerability detection methods, deep learning methods have been studied due to the fast detection speed and the high detection accuracy. Recently, the deep learning methods using convolutional neural network(CNN) have actively studied to classify images transformed from smart contracts into vulnerable or invulnerable. However, while simply transforming a smart contract into an image and analyzing, semantics and context of the smart contract are ignored to cause false detection alarms. To detect vulnerable smart contracts while maintaining their semantics and context, we propose a new code-targeted CNN architecture, called CodeNet. To improve the performance of CodeNet, we also design a data pre-processing procedure, where a smart contract is transformed into an image while maintaining locality. From the experimental results under various types of vulnerabilities, the proposed CodeNet-based vulnerability detection method shows the good-enough detection performance and detection time compared to well-known state-of-the-art vulnerability detection tools.

computer science, information systems,telecommunications,engineering, electrical & electronic