| 引用本文: |
-
姜思羽,罗雅柔,王宇,苏申.ConSelect:基于上下文元学习的智能合约漏洞检测[J].信息安全学报,已采用 [点击复制]
- jiangsiyu,luoyarou,wangyu,sushen.ConSelect: Smart Contract Vulnerability Detection based on Contextual Meta-Learning[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着智能合约在金融、物联网等关键领域的深度应用,其代码不可篡改的特性在提升执行效率的同时,也加剧了因漏洞引发的潜在经济风险。近年来,基于深度学习的智能合约漏洞检测方法虽取得阶段性成果,但该类方法需要大量标注数据进行训练,难以适应实际场景中新型漏洞不断涌现而标注样本稀缺的困境。针对上述挑战,本文提出一种基于源漏洞(源域)选择优化的上下文元学习智能合约漏洞检测方法——ConSelect(Contextual Meta-Learning with Source Selection Enhancement)。该方法以上下文元学习为核心架构,通过从已知漏洞数据中学习可迁移的元知识,实现对无标签目标漏洞的自适应检测。同时,考虑到不同漏洞在函数结构、调用模式等维度存在显著特征分布差异,可能导致模型迁移过程中的性能下降,ConSelect在元训练阶段采用分布相似性驱动的源漏洞选择策略,筛选与目标漏洞特征高度匹配的训练样本,从而降低数据分布差异对模型适应能力的负面影响。基于真实智能合约数据集的对比实验表明,ConSelect在多项关键指标上均优于基准方法:在数据集1中,F1值提升幅度达3.22%-51.87%;在数据集2中,绝大多数漏洞类型的检测表现显著提升,F1值最高提升44.50%,充分验证了模型性能增强的有效性。 |
| 关键词: 智能合约 漏洞检测 样本匮乏 分布差异 无监督自适应 上下文元学习 |
| DOI: |
| 投稿时间:2025-07-04修订日期:2025-10-30 |
| 基金项目:国家重点研发计划(2022YFB2702300),国家自然科学基金(62172115,U21A20463),广东省杰出青年项目(2024B1515020105),2023年创新基金项目(1331005),国家自然科学基金(62502099) |
|
| ConSelect: Smart Contract Vulnerability Detection based on Contextual Meta-Learning |
|
|
|
| Abstract: |
| With the in-depth application of smart contracts in key areas such as finance and the Internet of Things(IoT), the tamper proof nature of their codes has not only improved the execution efficiency, but also exacerbated the potential economic risks caused by vulnerabilities. In recent years, although the smart contract vulnerability detection methods based on deep learning have achieved phased results, such methods require a large number of labeled data for training, which is difficult to adapt to the dilemma of emerging new vulnerabilities and scarce labeled samples in actual scenarios. Aiming at the above challenges, this paper proposes a vulnerability detection method of contextual meta-learning smart contract based on source vulnerability (source domain) selection optimization —— ConSelect (Contextual Meta-Learning with Source Selection Enhancement). This method takes contextual meta - learning as the core architecture. By learning transferable meta - knowledge from known vulnerability data, it realizes the adaptive detection of unlabeled target tasks. At the same time, considering that different vulnerabilities have significant feature distribution differences in function structure, call mode and other dimensions, which may lead to performance degradation in the model migration process, ConSelect uses distribution similarity driven source vulnerability selection strategy in the meta training phase to screen training samples that are highly matched with the target vulnerability characteristics, thus reducing the negative impact of data distribution differences on the model adaptability. Comparative experiments based on real smart contract datasets show that ConSelect outperforms the benchmark method in multiple key indicators: in dataset 1, the F1 value has increased by 3.22% -51.87%; In Dataset 2, the detection performance of the vast majority of vulnerability types significantly improved, with the highest F1 value increasing by 44.50%, fully verifying the effectiveness of the model performance enhancement. |
| Key words: smart contracts vulnerability detection sample scarcity distribution shift unsupervised adaptation contextual meta-learning |
