Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study
Code vulnerability detection (CVD) is essential for addressing and preventing system security issues, playing a crucial role in ensuring software security. Previous learning-based vulnerability detection methods rely on either fine-tuning medium-size sequence models or training smaller neural networ...
Gespeichert in:
| Hauptverfasser: | , , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Jiang, Xuefeng Wu, Lvhua Sun, Sheng Li, Jia Xue, Jingjing Wang, Yuwei Wu, Tingting Liu, Min |
| description | Code vulnerability detection (CVD) is essential for addressing and preventing
system security issues, playing a crucial role in ensuring software security.
Previous learning-based vulnerability detection methods rely on either
fine-tuning medium-size sequence models or training smaller neural networks
from scratch. Recent advancements in large pre-trained language models (LLMs)
have showcased remarkable capabilities in various code intelligence tasks
including code understanding and generation. However, the effectiveness of LLMs
in detecting code vulnerabilities is largely under-explored. This work aims to
investigate the gap by fine-tuning LLMs for the CVD task, involving four
widely-used open-source LLMs. We also implement other five previous graph-based
or medium-size sequence models for comparison. Experiments are conducted on
five commonly-used CVD datasets, including both the part of short samples and
long samples. In addition, we conduct quantitative experiments to investigate
the class imbalance issue and the model's performance on samples of different
lengths, which are rarely studied in previous works. To better facilitate
communities, we open-source all codes and resources of this study in
https://github.com/SakiRinn/LLM4CVD and
https://huggingface.co/datasets/xuefen/VulResource. |
| doi_str_mv | 10.48550/arxiv.2412.18260 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2412_18260</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2412_18260</sourcerecordid><originalsourceid>FETCH-arxiv_primary_2412_182603</originalsourceid><addsrcrecordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjE00jO0MDIz4GSI9swrSy0uyUxPLMnMS1fwSSxKTwWSeemliUCGb35Kak6xQlp-kYIzkKkQVpqTl1qUmJSZk1lSqeCSWpKaXJKZn2el4Jin4FpRkFqUmZuaV5KYoxBcUppSycPAmpaYU5zKC6W5GeTdXEOcPXTBzogvAKpOLKqMBzknHuwcY8IqAPxmQKc</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study</title><source>arXiv.org</source><creator>Jiang, Xuefeng ; Wu, Lvhua ; Sun, Sheng ; Li, Jia ; Xue, Jingjing ; Wang, Yuwei ; Wu, Tingting ; Liu, Min</creator><creatorcontrib>Jiang, Xuefeng ; Wu, Lvhua ; Sun, Sheng ; Li, Jia ; Xue, Jingjing ; Wang, Yuwei ; Wu, Tingting ; Liu, Min</creatorcontrib><description>Code vulnerability detection (CVD) is essential for addressing and preventing
system security issues, playing a crucial role in ensuring software security.
Previous learning-based vulnerability detection methods rely on either
fine-tuning medium-size sequence models or training smaller neural networks
from scratch. Recent advancements in large pre-trained language models (LLMs)
have showcased remarkable capabilities in various code intelligence tasks
including code understanding and generation. However, the effectiveness of LLMs
in detecting code vulnerabilities is largely under-explored. This work aims to
investigate the gap by fine-tuning LLMs for the CVD task, involving four
widely-used open-source LLMs. We also implement other five previous graph-based
or medium-size sequence models for comparison. Experiments are conducted on
five commonly-used CVD datasets, including both the part of short samples and
long samples. In addition, we conduct quantitative experiments to investigate
the class imbalance issue and the model's performance on samples of different
lengths, which are rarely studied in previous works. To better facilitate
communities, we open-source all codes and resources of this study in
https://github.com/SakiRinn/LLM4CVD and
https://huggingface.co/datasets/xuefen/VulResource.</description><identifier>DOI: 10.48550/arxiv.2412.18260</identifier><language>eng</language><subject>Computer Science - Computation and Language</subject><creationdate>2024-12</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2412.18260$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2412.18260$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Jiang, Xuefeng</creatorcontrib><creatorcontrib>Wu, Lvhua</creatorcontrib><creatorcontrib>Sun, Sheng</creatorcontrib><creatorcontrib>Li, Jia</creatorcontrib><creatorcontrib>Xue, Jingjing</creatorcontrib><creatorcontrib>Wang, Yuwei</creatorcontrib><creatorcontrib>Wu, Tingting</creatorcontrib><creatorcontrib>Liu, Min</creatorcontrib><title>Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study</title><description>Code vulnerability detection (CVD) is essential for addressing and preventing
system security issues, playing a crucial role in ensuring software security.
Previous learning-based vulnerability detection methods rely on either
fine-tuning medium-size sequence models or training smaller neural networks
from scratch. Recent advancements in large pre-trained language models (LLMs)
have showcased remarkable capabilities in various code intelligence tasks
including code understanding and generation. However, the effectiveness of LLMs
in detecting code vulnerabilities is largely under-explored. This work aims to
investigate the gap by fine-tuning LLMs for the CVD task, involving four
widely-used open-source LLMs. We also implement other five previous graph-based
or medium-size sequence models for comparison. Experiments are conducted on
five commonly-used CVD datasets, including both the part of short samples and
long samples. In addition, we conduct quantitative experiments to investigate
the class imbalance issue and the model's performance on samples of different
lengths, which are rarely studied in previous works. To better facilitate
communities, we open-source all codes and resources of this study in
https://github.com/SakiRinn/LLM4CVD and
https://huggingface.co/datasets/xuefen/VulResource.</description><subject>Computer Science - Computation and Language</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjE00jO0MDIz4GSI9swrSy0uyUxPLMnMS1fwSSxKTwWSeemliUCGb35Kak6xQlp-kYIzkKkQVpqTl1qUmJSZk1lSqeCSWpKaXJKZn2el4Jin4FpRkFqUmZuaV5KYoxBcUppSycPAmpaYU5zKC6W5GeTdXEOcPXTBzogvAKpOLKqMBzknHuwcY8IqAPxmQKc</recordid><startdate>20241224</startdate><enddate>20241224</enddate><creator>Jiang, Xuefeng</creator><creator>Wu, Lvhua</creator><creator>Sun, Sheng</creator><creator>Li, Jia</creator><creator>Xue, Jingjing</creator><creator>Wang, Yuwei</creator><creator>Wu, Tingting</creator><creator>Liu, Min</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20241224</creationdate><title>Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study</title><author>Jiang, Xuefeng ; Wu, Lvhua ; Sun, Sheng ; Li, Jia ; Xue, Jingjing ; Wang, Yuwei ; Wu, Tingting ; Liu, Min</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-arxiv_primary_2412_182603</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science - Computation and Language</topic><toplevel>online_resources</toplevel><creatorcontrib>Jiang, Xuefeng</creatorcontrib><creatorcontrib>Wu, Lvhua</creatorcontrib><creatorcontrib>Sun, Sheng</creatorcontrib><creatorcontrib>Li, Jia</creatorcontrib><creatorcontrib>Xue, Jingjing</creatorcontrib><creatorcontrib>Wang, Yuwei</creatorcontrib><creatorcontrib>Wu, Tingting</creatorcontrib><creatorcontrib>Liu, Min</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Jiang, Xuefeng</au><au>Wu, Lvhua</au><au>Sun, Sheng</au><au>Li, Jia</au><au>Xue, Jingjing</au><au>Wang, Yuwei</au><au>Wu, Tingting</au><au>Liu, Min</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study</atitle><date>2024-12-24</date><risdate>2024</risdate><abstract>Code vulnerability detection (CVD) is essential for addressing and preventing
system security issues, playing a crucial role in ensuring software security.
Previous learning-based vulnerability detection methods rely on either
fine-tuning medium-size sequence models or training smaller neural networks
from scratch. Recent advancements in large pre-trained language models (LLMs)
have showcased remarkable capabilities in various code intelligence tasks
including code understanding and generation. However, the effectiveness of LLMs
in detecting code vulnerabilities is largely under-explored. This work aims to
investigate the gap by fine-tuning LLMs for the CVD task, involving four
widely-used open-source LLMs. We also implement other five previous graph-based
or medium-size sequence models for comparison. Experiments are conducted on
five commonly-used CVD datasets, including both the part of short samples and
long samples. In addition, we conduct quantitative experiments to investigate
the class imbalance issue and the model's performance on samples of different
lengths, which are rarely studied in previous works. To better facilitate
communities, we open-source all codes and resources of this study in
https://github.com/SakiRinn/LLM4CVD and
https://huggingface.co/datasets/xuefen/VulResource.</abstract><doi>10.48550/arxiv.2412.18260</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2412.18260 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2412_18260 |
| source | arXiv.org |
| subjects | Computer Science - Computation and Language |
| title | Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-22T18%3A01%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Investigating%20Large%20Language%20Models%20for%20Code%20Vulnerability%20Detection:%20An%20Experimental%20Study&rft.au=Jiang,%20Xuefeng&rft.date=2024-12-24&rft_id=info:doi/10.48550/arxiv.2412.18260&rft_dat=%3Carxiv_GOX%3E2412_18260%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |