Multi-role Consensus through LLMs Discussions for Vulnerability Detection

TL;DR

This paper proposes a multi-role LLM-based discussion framework simulating real-life code review roles to improve vulnerability detection, achieving significant gains in precision, recall, and F1 score.

Contribution

It introduces a novel multi-role discussion approach with LLMs for vulnerability detection, incorporating diverse perspectives from developers and testers.

Findings

13.48% increase in precision

18.25% increase in recall

16.13% increase in F1 score

Abstract

Recent advancements in large language models (LLMs) have highlighted the potential for vulnerability detection, a crucial component of software quality assurance. Despite this progress, most studies have been limited to the perspective of a single role, usually testers, lacking diverse viewpoints from different roles in a typical software development life-cycle, including both developers and testers. To this end, this paper introduces a multi-role approach to employ LLMs to act as different roles simulating a real-life code review process and engaging in discussions toward a consensus on the existence and classification of vulnerabilities in the code. Preliminary evaluation of this approach indicates a 13.48% increase in the precision rate, an 18.25% increase in the recall rate, and a 16.13% increase in the F1 score.