{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T11:34:53Z","timestamp":1762342493356,"version":"3.41.0"},"reference-count":57,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T00:00:00Z","timestamp":1747008000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T00:00:00Z","timestamp":1747008000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,5,12]]},"DOI":"10.1109\/sp61157.2025.00125","type":"proceedings-article","created":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T18:46:58Z","timestamp":1750099618000},"page":"576-594","source":"Crossref","is-referenced-by-count":1,"title":["Make a Feint to the East While Attacking in the West: Blinding LLM-Based Code Auditors with Flashboom Attacks"],"prefix":"10.1109","author":[{"given":"Xiao","family":"Li","sequence":"first","affiliation":[{"name":"Nanjing University,National Key Lab for Novel Software Technology"}]},{"given":"Yue","family":"Li","sequence":"additional","affiliation":[{"name":"Nanjing University,National Key Lab for Novel Software Technology"}]},{"given":"Hao","family":"Wu","sequence":"additional","affiliation":[{"name":"Nanjing University,National Key Lab for Novel Software Technology"}]},{"given":"Yue","family":"Zhang","sequence":"additional","affiliation":[{"name":"Drexel University"}]},{"given":"Kaidi","family":"Xu","sequence":"additional","affiliation":[{"name":"Drexel University"}]},{"given":"Xiuzhen","family":"Cheng","sequence":"additional","affiliation":[{"name":"Shandong University"}]},{"given":"Sheng","family":"Zhong","sequence":"additional","affiliation":[{"name":"Nanjing University,National Key Lab for Novel Software Technology"}]},{"given":"Fengyuan","family":"Xu","sequence":"additional","affiliation":[{"name":"Nanjing University,National Key Lab for Novel Software Technology"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Phi-3 technical report: A highly capable language model locally on your phone","author":"Abdin","year":"2024","journal-title":"arXiv preprint"},{"key":"ref2","article-title":"Gpt -4 technical report","author":"Achiam","year":"2023","journal-title":"arXiv preprint"},{"volume-title":"DeepCode AI. Deepcode ai \u2502ai code review \u2502ai security for sast \u2502 snyk ai","year":"2020","key":"ref3"},{"volume-title":"Amazon. Q developer user guide","year":"2024","key":"ref4"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3475960.3475985"},{"key":"ref6","article-title":"Language models are few-shot learners","author":"Brown","year":"2020","journal-title":"arXiv preprint"},{"volume-title":"Solidity by Example. Self destruct attack","year":"2024","key":"ref7"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087402"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3702973"},{"key":"ref10","article-title":"Evaluating large language models trained on code","author":"Chen","year":"2021","journal-title":"arXiv preprint"},{"volume-title":"CodeRabbit. Cut code review time & bugs in half","year":"2023","key":"ref11"},{"volume-title":"GitHub Copilot. Github copilot","year":"2024","key":"ref12"},{"key":"ref13","article-title":"Do you still need a manual smart contract audit?","author":"David","year":"2023","journal-title":"arXiv preprint"},{"key":"ref14","article-title":"Vul-rag: Enhancing llm-based vulnerability detection via knowledge-level rag","author":"Du","year":"2024","journal-title":"arXiv preprint"},{"key":"ref15","first-page":"530","article-title":"Empirical review of automated analysis tools on 47,587 ethereum smart contracts","volume-title":"Proceedings of the ACMI\/EEE 42nd International conference on software engineering","author":"Durieux","year":"2020"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387501"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528452"},{"key":"ref18","article-title":"How far have we gone in vulnerability detection using large language models","author":"Gao","year":"2023","journal-title":"arXiv preprint"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3605764.3623985"},{"volume-title":"NCC Group. Decentralized application security project top 10","year":"2018","key":"ref20"},{"key":"ref21","article-title":"Mistral 7b","author":"Albert","year":"2023","journal-title":"arXiv preprint"},{"key":"ref22","article-title":"Mixtral of experts","author":"Albert","year":"2024","journal-title":"arXiv preprint"},{"volume-title":"Kamyul04. Leetcode-solutions","year":"2024","key":"ref23"},{"key":"ref24","first-page":"9459","article-title":"Retrieval-augmented generation for knowledge-intensive nlp tasks","volume":"33","author":"Lewis","year":"2020","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468597"},{"key":"ref26","article-title":"Attention is all you need for llm-based code vulnerability localization","author":"Li","year":"2024","journal-title":"arXiv preprint"},{"key":"ref27","article-title":"Towards general text embeddings with multi-stage contrastive learning","author":"Li","year":"2023","journal-title":"arXiv preprint"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref29","first-page":"1831","article-title":"Formalizing and benchmarking prompt injection attacks and defenses","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Liu","year":"2024"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2021.3095196"},{"key":"ref31","article-title":"Combining fine-tuning and llm-based agents for intuitive smart contract auditing with justifications","author":"Ma","year":"2024","journal-title":"arXiv preprint"},{"volume-title":"Visual Studio Magazine. Github copilot user growth and organizational impact","year":"2024","key":"ref32"},{"key":"ref33","article-title":"Llbezpeky: Leveraging large language models for vulnerability detection","author":"Saji Mathews","year":"2024","journal-title":"arXiv preprint"},{"volume-title":"Microsoft. Microsoft copilot for security microsoft security","year":"2023","key":"ref34"},{"key":"ref35","article-title":"Chain-of-thought prompting of large language models for discovering and fixing software vulnerabilities","author":"Nong","year":"2024","journal-title":"ar Xiv preprint arXiv"},{"volume-title":"OpenAI. Hello gpt-4o","year":"2024","key":"ref36"},{"volume-title":"PapersWithcode. Human eval benchmark","year":"2023","key":"ref37"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW60843.2023.00058"},{"key":"ref39","article-title":"Code llama: Open foundation models for code","author":"Roziere","year":"2023","journal-title":"arXiv preprint"},{"key":"ref40","article-title":"A comprehensive study of the capabilities of large language models for vulnerability detection","author":"Steenhoek","year":"2024","journal-title":"arXiv preprint"},{"key":"ref41","article-title":"Llm4vuln: A unified evaluation framework for decoupling and enhancing llms\u2019 vulnerability reasoning","author":"Sun","year":"2024","journal-title":"arXiv preprint"},{"key":"ref42","article-title":"When gpt meets program analysis: Towards intelligent detection of smart contract logic vulnerabilities in gptscan","author":"Sun","year":"2023","journal-title":"arXiv preprint"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639117"},{"volume-title":"Tabnine. Tabnine ai code assistant \u2502private, personalized, protected","year":"2020","key":"ref44"},{"key":"ref45","article-title":"Gemma: Open models based on gemini research and technology","author":"Team","year":"2024","journal-title":"arXiv preprint"},{"volume-title":"IEEE S&P\u2019 21 zProgram Committee Statement Regarding The \u201cHypocrite Commits\u201d Paper","year":"2021","author":"Thorsten","key":"ref46"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00210"},{"key":"ref48","article-title":"Attention is all you need","author":"Vaswani","year":"2017","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref49","first-page":"24824","article-title":"Chain-of-thought prompting elicits reasoning in large language models","volume":"35","author":"Wei","year":"2022","journal-title":"Advances in neural information processing systems"},{"key":"ref50","first-page":"1795","article-title":"An {LLM-Assisted} {Easy-to-Trigger } backdoor attack on code completion models: Injecting disguised vulnerabilities against strong detection","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Yan","year":"2024"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510146"},{"key":"ref52","article-title":"Llm lies: Hallucinations are not bugs, but features as adversarial examples","author":"Yao","year":"2023","journal-title":"arXiv preprint"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1016\/j.hcc.2024.100211"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.emnlp-industry.103"},{"key":"ref55","article-title":"Large language model for vulnerability detection and repair: Literature review and roadmap","author":"Zhou","year":"2024","journal-title":"arXiv preprint"},{"key":"ref56","article-title":"Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks","volume":"32","author":"Zhou","year":"2019","journal-title":"Advances in neural information processing systems"},{"key":"ref57","article-title":"Universal and transferable adversarial attacks on aligned language models","author":"Zou","year":"2023","journal-title":"arXiv preprint"}],"event":{"name":"2025 IEEE Symposium on Security and Privacy (SP)","start":{"date-parts":[[2025,5,12]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2025,5,15]]}},"container-title":["2025 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"https:\/\/linproxy.fan.workers.dev:443\/http\/xplorestaging.ieee.org\/ielx8\/11023178\/11023253\/11023369.pdf?arnumber=11023369","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T04:45:56Z","timestamp":1750135556000},"score":1,"resource":{"primary":{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/document\/11023369\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,12]]},"references-count":57,"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1109\/sp61157.2025.00125","relation":{},"subject":[],"published":{"date-parts":[[2025,5,12]]}}}