Enhanced LLM-Based Framework for Predicting Null Pointer Dereference in Source Code

TL;DR

This paper introduces DeLLNeuN, a fine-tuned large language model designed to predict null pointer dereference vulnerabilities in source code, demonstrating high accuracy and efficiency for proactive security in software development.

Contribution

The study presents a novel LLM-based approach for vulnerability detection, specifically targeting null pointer dereference issues, with improvements in model performance and efficiency.

Findings

Achieved 87% accuracy in vulnerability prediction.

Attained 88% precision on the dataset.

Demonstrated effectiveness as an early vulnerability checker.

Abstract

Software security is crucial in any field where breaches can exploit sensitive data, and lead to financial losses. As a result, vulnerability detection becomes an essential part of the software development process. One of the key steps in maintaining software integrity is identifying vulnerabilities in the source code before deployment. A security breach like CWE-476, which stands for NULL pointer dereferences (NPD), is crucial because it can cause software crashes, unpredictable behavior, and security vulnerabilities. In this scientific era, there are several vulnerability checkers, where, previous tools often fall short in analyzing specific feature connections of the source code, which weakens the tools in real-world scenarios. In this study, we propose another novel approach using a fine-tuned Large Language Model (LLM) termed "DeLLNeuN". This model leverages the advantage of various layers to reduce both overfitting and non-linearity, enhancing its performance and reliability. Additionally, this method provides dropout and dimensionality reduction to help streamline the model, making it faster and more efficient. Our model showed 87% accuracy with 88% precision using the Draper VDISC dataset. As software becomes more complex and cyber threats continuously evolve, the need for proactive security measures will keep growing. In this particular case, the proposed model looks promising to use as an early vulnerability checker in software development.