VulDetect: A novel technique for detecting software vulnerabilities using language models

Marwan Omar, Stavros Shiaeles

Research output: Chapter in Book/Report/Conference proceedingConference contribution

147 Downloads (Pure)

Abstract

Recently, deep learning techniques have garnered substantial attention for their ability to identify vulnerable code patterns accurately. However, current state-of-the-art deep learning models, such as Convolutional Neural Networks (CNN), and Long Short-Term Memories (LSTMs) require substantial computational resources. This results in a level of overhead that makes their implementation unfeasible for deployment in realtime settings. This study presents a novel transformer-based vulnerability detection framework, referred to as VulDetect, which is achieved through the fine-tuning of a pretrained large language model, (GPT) on various benchmark datasets of vulnerable code. Our empirical findings indicate that our framework is capable of identifying vulnerable software code with an accuracy of up to 92.65%. Our proposed technique outperforms SyseVR and VuIDeBERT, two state-of-the-art vulnerability detection techniques.
Original languageEnglish
Title of host publication2023 IEEE International Conference on Cyber Security and Resilience (CSR)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9798350311709
ISBN (Print)9798350311716
DOIs
Publication statusPublished - 28 Aug 2023
Event3rd IEEE International Conference on Cyber Security and Resilience, CSR 2023 - Hybrid, Venice, Italy
Duration: 31 Jul 20232 Aug 2023

Conference

Conference3rd IEEE International Conference on Cyber Security and Resilience, CSR 2023
Country/TerritoryItaly
CityHybrid, Venice
Period31/07/232/08/23

Cite this