You Only Train Once: A Flexible Training Framework for Code Vulnerability Detection Driven by Vul-Vector
This addresses the challenge of efficient and scalable vulnerability detection for software developers and security analysts, though it appears incremental as it builds on existing deep learning methods.
The paper tackles the problem of resource-intensive training and frequent retraining in deep learning-based code vulnerability detection by introducing the YOTO framework, which integrates multiple models via parameter fusion to enable rapid adaptation to new vulnerabilities, reducing time and computational costs.
With the pervasive integration of computer applications across industries, the presence of vulnerabilities within code bases poses significant risks. The diversity of software ecosystems coupled with the intricate nature of modern software engineering has led to a shift from manual code vulnerability identification towards the adoption of automated tools. Among these, deep learning-based approaches have risen to prominence due to their superior accuracy; however, these methodologies encounter several obstacles. Primarily, they necessitate extensive labeled datasets and prolonged training periods, and given the rapid emergence of new vulnerabilities, the frequent retraining of models becomes a resource-intensive endeavor, thereby limiting their applicability in cutting-edge scenarios. To mitigate these challenges, this paper introduces the \underline{\textbf{YOTO}}--\underline{\textbf{Y}}ou \underline{\textbf{O}}nly \underline{\textbf{T}}rain \underline{\textbf{O}}nce framework. This innovative approach facilitates the integration of multiple types of vulnerability detection models via parameter fusion, eliminating the need for joint training. Consequently, YOTO enables swift adaptation to newly discovered vulnerabilities, significantly reducing both the time and computational resources required for model updates.