零样本场景下基于提示工程的智能合约漏洞检测研究
Prompt engineering for smart contract vulnerability detection in zero-shot scenarios
耿辰 1常舒予 1黄海平2
作者信息
- 1. 南京邮电大学计算机学院,江苏南京 210023
- 2. 南京邮电大学计算机学院,江苏南京 210023;江苏省无线传感网高技术研究重点实验室,江苏南京 210023
- 折叠
摘要
智能合约是区块链技术的重要组成部分,但由于编程人员的开发和代码审查经验不足,智能合约漏洞引发的安全问题日益增多.现有的形式化验证和符号执行检测方法误报率和漏报率较高,基于深度学习的方法尽管提高了检测效果,但仍存在解释性较差和依赖大量标注数据的问题.为解决这些局限性,提出一种在零样本场景下基于提示工程的智能合约漏洞检测方法Prompt-enhanced ChatGPT.该方法以使用标准提示文本的ChatGPT为研究对象,通过将传统的漏洞检测任务转化为文本问答任务,利用模型的推理能力进行检测.智能合约源码经过预处理去除冗余信息,并设计包含"任务描述""漏洞描述""检测步骤""推理过程"和"答案格式"的提示文本模板,Prompt-enhanced ChatGPT可以生成漏洞检测结果和可解释的分析过程.在公开的数据集上进行一系列对比实验和分析后,结果表明所提方法能够提升零样本场景下智能合约漏洞检测性能,揭示了大语言模型在相关领域的潜在能力.
Abstract
Due to insufficient development and code review experience of programmers,smart contracts,which are essential components of blockchain technology,are facing a growing number of security issues.Existing formal verification and symbolic execution methods have high false positive and false negative rates.Although deep learning-based methods have im-proved detection performance,they still face challenges in interpretability and reliance on ex-tensive labeled data.To address these limitations,this paper proposed a smart contract vul-nerability detection approach based on prompt engineering in a zero-shot scenario called Prompt-enhanced ChatGPT.Taking ChatGPT using standard prompt as the research subject,this approach reframed the traditional classification task as a text-based question-answering task,leveraging the model's reasoning capabilities.After preprocessing to remove redundant information from the smart contract source code and designing specific prompt text templates which includes"task description""vulnerability description""detection steps""reasoning process"and"answer format",Prompt-enhanced ChatGPT can produce vulnerability detec-tion results along with interpretable analysis.After a series of comparative experiments and analysis on public datasets,the results indicate that the proposed approach enhances vulnera-bility detection performance in zero-shot scenarios,highlighting the potential of large lan-guage models in related domains.
关键词
智能合约/大语言模型/提示工程/漏洞检测Key words
smart contracts/large language model/prompt engineering/vulnerability detection引用本文复制引用
出版年
2024
NETL
NSTL
维普
万方数据