You Only Train Once: A Flexible Training Framework for Code Vulnerability Detection Driven by Vul-Vector

TL;DR

This paper presents YOTO, a training framework that allows multiple vulnerability detection models to be integrated without joint training, enabling rapid updates to detect new vulnerabilities efficiently.

Contribution

The paper introduces YOTO, a novel framework that fuses parameters of different models for vulnerability detection, reducing retraining time and resource consumption.

Findings

Enables quick adaptation to new vulnerabilities

Reduces training time and computational resources

Supports integration of multiple detection models

Abstract

With the pervasive integration of computer applications across industries, the presence of vulnerabilities within code bases poses significant risks. The diversity of software ecosystems coupled with the intricate nature of modern software engineering has led to a shift from manual code vulnerability identification towards the adoption of automated tools. Among these, deep learning-based approaches have risen to prominence due to their superior accuracy; however, these methodologies encounter several obstacles. Primarily, they necessitate extensive labeled datasets and prolonged training periods, and given the rapid emergence of new vulnerabilities, the frequent retraining of models becomes a resource-intensive endeavor, thereby limiting their applicability in cutting-edge scenarios. To mitigate these challenges, this paper introduces the \underline{\textbf{YOTO}}--\underline{\textbf{Y}}ou \underline{\textbf{O}}nly \underline{\textbf{T}}rain \underline{\textbf{O}}nce framework. This innovative approach facilitates the integration of multiple types of vulnerability detection models via parameter fusion, eliminating the need for joint training. Consequently, YOTO enables swift adaptation to newly discovered vulnerabilities, significantly reducing both the time and computational resources required for model updates.