Code Vulnerability Detection: A Comparative Analysis of Emerging Large Language Models

Shaznin Sultana, Sadia Afreen, Nasir U. Eisty
{"title":"Code Vulnerability Detection: A Comparative Analysis of Emerging Large Language Models","authors":"Shaznin Sultana, Sadia Afreen, Nasir U. Eisty","doi":"arxiv-2409.10490","DOIUrl":null,"url":null,"abstract":"The growing trend of vulnerability issues in software development as a result\nof a large dependence on open-source projects has received considerable\nattention recently. This paper investigates the effectiveness of Large Language\nModels (LLMs) in identifying vulnerabilities within codebases, with a focus on\nthe latest advancements in LLM technology. Through a comparative analysis, we\nassess the performance of emerging LLMs, specifically Llama, CodeLlama, Gemma,\nand CodeGemma, alongside established state-of-the-art models such as BERT,\nRoBERTa, and GPT-3. Our study aims to shed light on the capabilities of LLMs in\nvulnerability detection, contributing to the enhancement of software security\npractices across diverse open-source repositories. We observe that CodeGemma\nachieves the highest F1-score of 58\\ and a Recall of 87\\, amongst the recent\nadditions of large language models to detect software security vulnerabilities.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":"49 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.10490","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The growing trend of vulnerability issues in software development as a result of a large dependence on open-source projects has received considerable attention recently. This paper investigates the effectiveness of Large Language Models (LLMs) in identifying vulnerabilities within codebases, with a focus on the latest advancements in LLM technology. Through a comparative analysis, we assess the performance of emerging LLMs, specifically Llama, CodeLlama, Gemma, and CodeGemma, alongside established state-of-the-art models such as BERT, RoBERTa, and GPT-3. Our study aims to shed light on the capabilities of LLMs in vulnerability detection, contributing to the enhancement of software security practices across diverse open-source repositories. We observe that CodeGemma achieves the highest F1-score of 58\ and a Recall of 87\, amongst the recent additions of large language models to detect software security vulnerabilities.
代码漏洞检测:新兴大型语言模型的比较分析
由于大量依赖开源项目,软件开发中的漏洞问题呈增长趋势,这一问题最近受到了广泛关注。本文研究了大型语言模型(LLM)在识别代码库中的漏洞方面的有效性,重点关注 LLM 技术的最新进展。通过比较分析,我们评估了新兴 LLM(特别是 Llama、CodeLlama、Gemma 和 CodeGemma)与 BERT、RoBERTa 和 GPT-3 等成熟的最先进模型的性能。我们的研究旨在揭示 LLMs 的漏洞检测能力,从而有助于加强不同开源软件库中的软件安全实践。我们观察到,在最近增加的用于检测软件安全漏洞的大型语言模型中,CodeGemma 的 F1 分数最高,为 58 分,召回率为 87 分。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信