Papers
Topics
Authors
Recent
Search
2000 character limit reached

PMDetector: Multi-Domain Detection Frameworks

Updated 3 July 2026
  • PMDetector is a multi-domain detection framework that identifies flash loan exploits, railway degradation, and domain shifts through tailored algorithmic pipelines.
  • It employs hybrid techniques including static taint analysis with LLM reasoning, signal processing with SOM and SVM, and prompt memory alignment for robust detection.
  • Each variant delivers actionable insights—from preemptive DeFi vulnerability reporting to maintenance scheduling and domain-adaptive object detection improvements.

PMDetector refers to three distinct frameworks from the academic literature, each addressing detection problems in a specialized domain: (1) price manipulation detection in DeFi smart contracts, (2) degradation detection in railway point machines, and (3) prompt-based domain adaptation for detection transformers. Each instantiation shares a common goal of identifying critical states (vulnerabilities, degradations, or domain shifts) via algorithmic analysis and pattern recognition, but they employ fundamentally different pipelines and technologies tailored to their respective domains.

1. PMDetector for Price Manipulation in DeFi

PMDetector in the context of decentralized finance (DeFi) is a hybrid framework for proactively detecting flash-loan-based price manipulation vulnerabilities in smart contracts. It integrates static program analysis with LLM-powered semantic reasoning under a formal economic attack model (Liu et al., 24 Oct 2025).

Formal Economic Attack Model

This PMDetector instance formalizes attacks with a five-phase model anchored in AMM (Automated Market Maker) mechanics:

  • Setup (Phase 0): Attacker borrows assets through a flash loan.
  • Taint Introduction (Phase 1): Asset swap alters AMM reserves (x,y)(x, y), manipulating the constant-product invariants and introducing a tainted spot price P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}.
  • Propagation & Exploitation (Phase 2): Manipulated oracle values propagate into victim contract logic.
  • Value Extraction (Phase 3): The contract executes a value transfer or internal accounting update benefiting the attacker.
  • Cleanup (Phase 4): The attacker repays the flash loan, retaining net profit.

Three-Stage Detection Pipeline

2.1 Static Taint Analysis

  • Source code (Solidity) is compiled to IR, constructing an inter-procedural control flow graph.
  • Taint sources include public/external inputs and oracle/DEX call returns.
  • Taint propagates via data-flow and control-flow, culminating at economic sinks: ETH/token transfers or account storage modifications.
  • Paths between sources and sinks are exhaustively identified and clustered using semantic keys; representatives are selected for further analysis.

2.2 LLM-Based Reasoning

  • Path Filtering: LLMs are prompted to scrutinize each taint path for effective mitigations such as access control, intended economic purpose, or on-chain defenses (oracle checks, TWAP, cooldowns). Only paths marked “VULNERABLE” proceed.
  • Attack Simulation: Surviving paths prompt the LLM to simulate plausible flash-loan exploit scenarios, yielding structured verdicts and exploit narratives.

2.3 Semantic Sanity Checking

  • Rule-based heuristics reject candidates protected by owner-only access, time-locks, or fee-on-transfer update orderings.

Performance and Evaluation

Extensive experiments on 73 real-world vulnerable and 288 benign DeFi protocols demonstrate:

Model Precision Recall F1 Cost/Contract (\$) Latency (s)
PMDetector (GPT-4.1) 1.00 0.84 0.91 0.03 4.0
DeFiTainter (static) 1.00 0.06 0.13
GPTScan (LLM+static) 0.44 0.50 0.47
Pure-CoT (LLM only) 0.80 0.59 0.68

Ablation confirms each pipeline stage is necessary for optimal performance. Auditing cost with PMDetector is orders-of-magnitude lower than manual methods ($0.03–$0.016 per contract, \approx4–10 s per contract).

2. PMDetector for Railway Point Machine Degradation

A separate PMDetector system addresses physical asset reliability by detecting degradation in railway point machines (PMs). This approach combines signal processing, unsupervised clustering, and supervised classification on machine power curves (Bian et al., 2018).

Signal Processing and Feature Extraction

  • Utilizes three-phase voltage and current readings sampled at 25 Hz.
  • Computes instantaneous power $p[n] = U[n]\,I[n]\,\cos\varphi[n}$.
  • Segments power curves into four operation phases (start-release, switch, lock, indication) and three value bands (slow-release, switch, release).
  • Extracts 64 statistical features per stroke (40 time-domain, 24 value-domain).
  • Applies Fisher-score-based feature selection, correlation filtering, and kernel principal component analysis (KPCA) to yield a compact six-dimensional feature space.

Latent State Mining via Self-Organizing Feature Map (SOM)

  • Applies SOMs (grid sizes 4×4, 5×5, 6×6) to non-fault samples to identify latent degradation states.
  • Multi-resolution clustering, neuron filtering, and U-matrix-guided merging yield six distinct degradation clusters (D1D_1D6D_6).

SVM-Based State Classification

Empirical Performance

Method Avg. CA (%)
KPCA + PSO-SVM 97.73
PCA + PSO-SVM 92.42
KPCA + SVM (no PSO) 92.43
PSO-SVM (no KPCA) 89.39
SVM (plain) 81.82

Per-state test accuracy ranges from 81.82% to 100% depending on the degradation state.

Application to Maintenance Scheduling

Each degradation state has direct maintenance implications. Early states (D1D_1, D2D_2) prompt inspection; later states (D3D_3, P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}0) recommend partial maintenance; P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}1 and P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}2 indicate need for hardware replacement. This enables a nuanced, six-level degradation-alert hierarchy rather than a binary alarm.

3. PMDetector in Domain Adaptive Detection Transformers

A third PMDetector variant, described as "PM-DETR," targets domain adaptive learning for detection transformers, specifically Deformable DETR (Jia et al., 2023).

Hierarchical Prompt Domain Memory (PDM)

  • Architecture: Maintains a prompt memory P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}3 per domain (source, target), where P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}4 encodes distributional statistics and P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}5 are learnable prompt embeddings.
  • Multi-level Injection: Injects selected prompts at three levels: input token, encoder output, and decoder object queries.
  • Long-term Diversity: Prompt memories are continually updated by gradient descent and not reset between batches, allowing accumulation of domain-specific information.

Prompt Selection and Injection

  • Forms a summary embedding P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}6 of each input and computes cosine similarity with all P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}7 in memory.
  • Selects top P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}8 matching prompts for injection at all three architectural levels, using nearest-neighbor selection in the distribution space.

Prompt Memory Alignment (PMA)

  • Adversarially aligns prompt embeddings between source and target domains via discriminative losses on encoder and decoder prompt projections.

Training Protocol

  • Utilizes a teacher–student framework with EMA for teacher weight updates.
  • The composite loss includes supervised source detection, unsupervised pseudo-labeling on target, and PMA adversarial terms:

P=x+Δ1yΔyP' = \frac{x+\Delta_1}{y-\Delta y}9

with $0.03–$0, $0.03–$1.

Benchmark Results

Adaptation Bench. Baseline Deformable DETR MTTrans (SOTA) PM-DETR
Cityscapes→FoggyCity (Wx) 28.5 43.4 44.3
Cityscapes→BDD100k-day 26.2 32.6 33.3
Sim10k→Cityscapes (S→R) 47.4 57.9 58.6

Ablation shows all three prompt-injection stages and adversarial alignment are necessary for peak performance. Memory size and selection (best with $0.03–$2, $0.03–$3) substantively impact results.

4. Comparative Table of PMDetector Variants

Domain Core Technology Input Data Principal Output
DeFi vulnerability Static taint + LLM Solidity contract code Exploitability, report
Railway degradation Signal+SOM+SVM Real-time PM power data Degradation state $0.03–$4
Domain adaptation (DETR) Prompt memory+PMA Images/Annotations Adapted object detector

5. Significance and Implications

The PMDetector frameworks collectively illustrate the convergence of knowledge-driven modeling (attack economics, failure physics, domain memory) with advanced algorithmic tooling (deep LLMs, unsupervised neural clustering, adversarial alignment). In DeFi, PMDetector achieves precision/recall profiles superior to both static and naive LLM methods and offers orders-of-magnitude faster and cheaper auditing than human examiners (Liu et al., 24 Oct 2025). In railway applications, it enables granular, interpretable maintenance triggers rooted in latent state discovery and robust classification (Bian et al., 2018). In domain-adaptive detection, prompt memory endows deep transformers with fine-grained domain adaptation capacity, improving benchmark performance and outstripping prior approaches (Jia et al., 2023).

A plausible implication is that the “PMDetector” architectural pattern—integrating hybrid feature mining, memory mechanisms, and learned semantic reasoning—can be adapted across detection domains, provided sufficient model specificity and interpretability are retained.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to PMDetector.