A portable and interpretable model of function-lvl static vulnerability finding has been created with the help of pretrained large language design. Devign dataset provided Code snippets which were embedded by means of CodeT5, transformer-based model pretrained on code representation tasks. These embeddings were seen as fixed length feature vectors and were tested using standard machine learning classifiers such as logistic regression, random forest, multilayer perceptron, and XGBoost. To make the classification more robust a stacking ensemble was also tested. The proposed pipeline is preferable to the traditional methods based on graph neural networks or a program analysis framework in that no fine-tuning is necessary and the implementation of static semantic embedding is suggested, which is efficient to train and convenient to apply to practice. By showing that transformer-based code comprehension with simpler classifiers can be used as an effective method of finding function-level vulnerability, the approach has provided a valid path needed to integrate LLM-based vulnerability researching into reliable security review automation pipelines.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

LLM-Based Vulnerability Detection in Decompiled Binary Code for Automated Reverse Engineering

  • Pavan Nutalapati,
  • Nandagopal Seshagiri,
  • Arun Kumar Elengovan,
  • Lahari Putty

摘要

A portable and interpretable model of function-lvl static vulnerability finding has been created with the help of pretrained large language design. Devign dataset provided Code snippets which were embedded by means of CodeT5, transformer-based model pretrained on code representation tasks. These embeddings were seen as fixed length feature vectors and were tested using standard machine learning classifiers such as logistic regression, random forest, multilayer perceptron, and XGBoost. To make the classification more robust a stacking ensemble was also tested. The proposed pipeline is preferable to the traditional methods based on graph neural networks or a program analysis framework in that no fine-tuning is necessary and the implementation of static semantic embedding is suggested, which is efficient to train and convenient to apply to practice. By showing that transformer-based code comprehension with simpler classifiers can be used as an effective method of finding function-level vulnerability, the approach has provided a valid path needed to integrate LLM-based vulnerability researching into reliable security review automation pipelines.