Performance Analysis of Lightweight Transformer Models for Healthcare Application Privacy Threat Detection
摘要
The growing complexity of cyber threats in healthcare demands advanced, computationally efficient security solutions. This study employs a white-box approach to evaluate lightweight transformer models for detecting privacy threats in C/C++ healthcare software. We introduce a novel dataset annotated with privacy vulnerabilities using the LINDDUN methodology, covering linkability, identifiability, non-repudiation, detectability, information disclosure, unawareness, and non-compliance. A systematic mapping between LINDDUN threats and Common Weakness Enumeration (CWE) classifications standardize privacy risk assessment. Six lightweight transformer models—GraphCodeBERT-base, CodeGPT-small, BERT-base-uncased, DistilRoBERTa-base, DistilBERT-base, and T5-small were fine-tuned and evaluated on the dataset containing 56,395 vulnerable and 364,232 non-vulnerable C/C++ functions, sourced from open-source projects to mitigate coder bias. All models achieve over 98% accuracy, with T5-small reaching 98.64%. Detailed computational costs, including model parameters and training times (~12 h), highlight suitability for resource-constrained environments. This work validates NLP-driven privacy risk assessment, offering a scalable framework for healthcare security.