Generalization-Enhanced Code Vulnerability Detection via Multi-Task   Instruction Fine-Tuning

Xiaohu Du; Ming Wen; Jiahao Zhu; Zifan Xie; Bin Ji; Huijun Liu,; Xuanhua Shi; Hai Jin

arXiv:2406.03718·cs.CR·June 7, 2024

Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning

Xiaohu Du, Ming Wen, Jiahao Zhu, Zifan Xie, Bin Ji, Huijun Liu,, Xuanhua Shi, Hai Jin

PDF

Open Access 1 Repo

TL;DR

This paper introduces VulLLM, a multi-task learning framework using large language models to improve code vulnerability detection by capturing deep vulnerability features and root causes, enhancing generalization and robustness.

Contribution

VulLLM integrates auxiliary tasks with LLMs for vulnerability localization and interpretation, advancing beyond traditional detection methods to understand complex vulnerability patterns.

Findings

01

Outperforms seven state-of-the-art models on six datasets

02

Enhances generalization and robustness in vulnerability detection

03

Effectively captures root causes of code vulnerabilities

Abstract

Code Pre-trained Models (CodePTMs) based vulnerability detection have achieved promising results over recent years. However, these models struggle to generalize as they typically learn superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities, resulting in poor performance in real-world scenarios beyond the training instances. To tackle this challenge, we introduce VulLLM, a novel framework that integrates multi-task learning with Large Language Models (LLMs) to effectively mine deep-seated vulnerability features. Specifically, we construct two auxiliary tasks beyond the vulnerability detection task. First, we utilize the vulnerability patches to construct a vulnerability localization task. Second, based on the vulnerability features extracted from patches, we leverage GPT-4 to construct a vulnerability interpretation task. VulLLM…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

CGCL-codes/VulLLM
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSoftware Reliability and Analysis Research · Software Testing and Debugging Techniques · Web Application Security Vulnerabilities

MethodsAttention Is All You Need · Softmax · Layer Normalization · Linear Layer · Position-Wise Feed-Forward Layer · Byte Pair Encoding · Label Smoothing · Adam · Residual Connection · Multi-Head Attention