Efficient Software Vulnerability Detection Using Transformer-based Models
This addresses security and reliability issues in computer systems, but is incremental as it adapts existing transformer methods to a specific domain.
The paper tackles software vulnerability detection in C/C++ code by applying transformer models to program slices, achieving accurate identification with moderate resource usage and training time.
Detecting software vulnerabilities is critical to ensuring the security and reliability of modern computer systems. Deep neural networks have shown promising results on vulnerability detection, but they lack the capability to capture global contextual information on vulnerable code. To address this limitation, we explore the application of transformers for C/C++ vulnerability detection. We use program slices that encapsulate key syntactic and semantic features of program code, such as API function calls, array usage, pointer manipulations, and arithmetic expressions. By leveraging transformers' capability to capture both local and global contextual information on vulnerable code, our work can identify vulnerabilities accurately. Combined with data balancing and hyperparameter fine-tuning, our work offers a robust and efficient approach to identifying vulnerable code with moderate resource usage and training time.