LProtector: An LLM-driven Vulnerability Detection System
Ze Sheng, Fenghua Wu, Xiangwu Zuo, Chao Li, Yuxin Qiao, Lei Hang
TL;DR
LProtector is an automated vulnerability detection system for C/C++ code that uses GPT-4o and RAG to identify security flaws more effectively than existing methods, demonstrating superior performance on benchmark datasets.
Contribution
This work introduces LProtector, the first vulnerability detection system leveraging GPT-4o and RAG, enhancing detection accuracy in complex codebases.
Findings
LProtector outperforms state-of-the-art baselines in F1 score on Big-Vul dataset.
The system demonstrates effective binary classification of vulnerabilities.
Integration of LLMs with vulnerability detection shows promising results.
Abstract
This paper presents LProtector, an automated vulnerability detection system for C/C++ codebases driven by the large language model (LLM) GPT-4o and Retrieval-Augmented Generation (RAG). As software complexity grows, traditional methods face challenges in detecting vulnerabilities effectively. LProtector leverages GPT-4o's powerful code comprehension and generation capabilities to perform binary classification and identify vulnerabilities within target codebases. We conducted experiments on the Big-Vul dataset, showing that LProtector outperforms two state-of-the-art baselines in terms of F1 score, demonstrating the potential of integrating LLMs with vulnerability detection.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection