DLAP: A Deep Learning Augmented Large Language Model Prompting Framework for Software Vulnerability Detection

TL;DR

DLAP is a novel framework that combines deep learning and large language models to improve software vulnerability detection, offering better performance, explainability, and cross-project applicability compared to existing methods.

Contribution

The paper introduces DLAP, a prompting framework that integrates deep learning with large language models to enhance vulnerability detection accuracy and interpretability.

Findings

DLAP outperforms existing prompting methods in multiple metrics.

DLAP demonstrates superior cross-project vulnerability detection.

Experimental results show improved explainability of detection results.

Abstract

Software vulnerability detection is generally supported by automated static analysis tools, which have recently been reinforced by deep learning (DL) models. However, despite the superior performance of DL-based approaches over rule-based ones in research, applying DL approaches to software vulnerability detection in practice remains a challenge due to the complex structure of source code, the black-box nature of DL, and the domain knowledge required to understand and validate the black-box results for addressing tasks after detection. Conventional DL models are trained by specific projects and, hence, excel in identifying vulnerabilities in these projects but not in others. These models with poor performance in vulnerability detection would impact the downstream tasks such as location and repair. More importantly, these models do not provide explanations for developers to comprehend detection results. In contrast, Large Language Models (LLMs) have made lots of progress in addressing these issues by leveraging prompting techniques. Unfortunately, their performance in identifying vulnerabilities is unsatisfactory. This paper contributes \textbf{\DLAP}, a \underline{\textbf{D}}eep \underline{\textbf{L}}earning \underline{\textbf{A}}ugmented LLMs \underline{\textbf{P}}rompting framework that combines the best of both DL models and LLMs to achieve exceptional vulnerability detection performance. Experimental evaluation results confirm that \DLAP outperforms state-of-the-art prompting frameworks, including role-based prompts, auxiliary information prompts, chain-of-thought prompts, and in-context learning prompts, as well as fine-turning on multiple metrics.