Journal article
DLAP: A Deep Learning Augmented Large Language Model Prompting framework for software vulnerability detection
The Journal of systems and software, Vol.219, 112234
01/2025
Metrics
3 Record Views
Abstract
Software vulnerability detection is generally supported by automated static analysis tools, which have recently been reinforced by deep learning (DL) models. However, despite the superior performance of DL-based approaches over rule-based ones in research, applying DL approaches to software vulnerability detection in practice remains a challenge. This is due to the complex structure of source code, the black-box nature of DL, and the extensive domain knowledge required to understand and validate the black-box results for addressing tasks after detection. Conventional DL models are trained by specific projects and, hence, excel in identifying vulnerabilities in these projects but not in others. These models with poor performance in vulnerability detection would impact the downstream tasks such as location and repair. More importantly, these models do not provide explanations for developers to comprehend detection results. In contrast, Large Language Models (LLMs) with prompting techniques achieve stable performance across projects and provide explanations for results. However, using existing prompting techniques, the detection performance of LLMs is relatively low and cannot be used for real-world vulnerability detections. This paper contributes DLAP, a Deep Learning Augmented LLMs Prompting framework that combines the best of both DL models and LLMs to achieve exceptional vulnerability detection performance. Experimental evaluation results confirm that DLAP outperforms state-of-the-art prompting frameworks, including role-based prompts, auxiliary information prompts, chain-of-thought prompts, and in-context learning prompts, as well as fine-turning on multiple metrics.
Details
- Title
- DLAP: A Deep Learning Augmented Large Language Model Prompting framework for software vulnerability detection
- Creators
- Yanjing Yang - Nanjing UniversityXin Zhou - Nanjing UniversityRunfeng Mao - Nanjing UniversityJinwei Xu - Nanjing UniversityLanxin Yang - Nanjing UniversityYu Zhang - Nanjing UniversityHaifeng Shen - Faculty of Science and Engineering, Southern Cross University, AustraliaHe Zhang - Nanjing University
- Publication Details
- The Journal of systems and software, Vol.219, 112234
- Publisher
- Elsevier Inc; NEW YORK
- Grant note
- Natural Science Foundation of Jiangsu Province , China: BK20241195 National Natural Science Foundation of China: 62202219, 62072227, 62302210 Jiangsu Provincial Key Research and Development Program, China: BE2021002-2 Innovation Project and Overseas Open Project of State Key Laboratory for Novel Software Technology (Nanjing University) , China: ZZKT2024A18, ZZKT2024B07, KFKT2023A09, KFKT2023A10, KFKT2024A02, KFKT2024A13, KFKT2024A14
This work is supported by the Natural Science Foundation of Jiangsu Province , China (No. BK20241195) , the National Natural Science Foundation of China (No. 62202219, No. 62072227, No. 62302210) , the Jiangsu Provincial Key Research and Development Program, China (No. BE2021002-2) , and the Innovation Project and Overseas Open Project of State Key Laboratory for Novel Software Technology (Nanjing University) , China (ZZKT2024A18, ZZKT2024B07, KFKT2023A09, KFKT2023A10, KFKT2024A02, KFKT2024A13, KFKT2024A14) .
- Identifiers
- 991013225616402368
- Copyright
- © 2024 Published by Elsevier Inc.
- Academic Unit
- Faculty of Science and Engineering
- Language
- English
- Resource Type
- Journal article