Enhancing Fine-Grained Vulnerability Detection With Reinforcement Learning

IF 5.6 1区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IEEE Transactions on Software Engineering Pub Date : 2025-08-29 DOI:10.1109/TSE.2025.3603400

Yuan Jiang;Zhichen Qu;Christoph Treude;Xiaohong Su;Tiantian Wang

{"title":"Enhancing Fine-Grained Vulnerability Detection With Reinforcement Learning","authors":"Yuan Jiang;Zhichen Qu;Christoph Treude;Xiaohong Su;Tiantian Wang","doi":"10.1109/TSE.2025.3603400","DOIUrl":null,"url":null,"abstract":"The rapid growth of vulnerabilities has significantly accelerated the development of automated vulnerability detection methods, especially those based on data-driven models. However, most of them primarily focus on extracting accurate code representations while overlooking the complex vulnerability patterns among vulnerable statements, thereby leaving room for improvement. To overcome this limitation, we present a novel reinforcement learning framework (<italic>RLFD</i>) for detecting vulnerabilities at a fine-grained level. <italic>RLFD</i> redefines the detection task as a sequential decision-making process and then employs reinforcement learning to automatically learn vulnerability-relevant structures from code snippets. Moreover, by designing reward functions aligned with fine-grained evaluation metrics, <italic>RLFD</i> focuses on the co-existence relations among statements from a global perspective, enabling the model to capture complex interactions that lead to vulnerabilities. Additionally, the framework utilizes CodeBERT-HLS for code representation, ensuring consistency with the state-of-the-art method while highlighting the improvements brought by the proposed reinforcement learning-based approach. Comprehensive experiments show that our method achieves a locating precision (IoU) of 69.7% and a Top-5% Acc of 67.7% on the <italic>big_vul</i> dataset, outperforming the state-of-the-art method by an overall 3.4% improvement in IoU. Notably, our method achieves up to a 19.7% increase in IoU for specific categories, e.g., CWE-416 (use-after-free).","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 10","pages":"2900-2920"},"PeriodicalIF":5.6000,"publicationDate":"2025-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11145224/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid growth of vulnerabilities has significantly accelerated the development of automated vulnerability detection methods, especially those based on data-driven models. However, most of them primarily focus on extracting accurate code representations while overlooking the complex vulnerability patterns among vulnerable statements, thereby leaving room for improvement. To overcome this limitation, we present a novel reinforcement learning framework (RLFD) for detecting vulnerabilities at a fine-grained level. RLFD redefines the detection task as a sequential decision-making process and then employs reinforcement learning to automatically learn vulnerability-relevant structures from code snippets. Moreover, by designing reward functions aligned with fine-grained evaluation metrics, RLFD focuses on the co-existence relations among statements from a global perspective, enabling the model to capture complex interactions that lead to vulnerabilities. Additionally, the framework utilizes CodeBERT-HLS for code representation, ensuring consistency with the state-of-the-art method while highlighting the improvements brought by the proposed reinforcement learning-based approach. Comprehensive experiments show that our method achieves a locating precision (IoU) of 69.7% and a Top-5% Acc of 67.7% on the big_vul dataset, outperforming the state-of-the-art method by an overall 3.4% improvement in IoU. Notably, our method achieves up to a 19.7% increase in IoU for specific categories, e.g., CWE-416 (use-after-free).

查看原文本刊更多论文

强化学习增强细粒度漏洞检测

漏洞的快速增长极大地促进了自动化漏洞检测方法的发展，特别是基于数据驱动模型的自动化漏洞检测方法。然而，它们中的大多数主要关注于提取准确的代码表示，而忽略了脆弱语句中复杂的漏洞模式，从而留下了改进的空间。为了克服这一限制，我们提出了一种新的强化学习框架（RLFD），用于在细粒度级别检测漏洞。RLFD将检测任务重新定义为一个连续的决策过程，然后采用强化学习从代码片段中自动学习漏洞相关结构。此外，通过设计与细粒度评估指标一致的奖励函数，RLFD从全局角度关注语句之间的共存关系，使模型能够捕获导致漏洞的复杂交互。此外，该框架利用CodeBERT-HLS进行代码表示，确保与最先进方法的一致性，同时突出提出的基于强化学习的方法带来的改进。综合实验表明，我们的方法在big_vul数据集上实现了69.7%的定位精度（IoU）和67.7%的Top-5% Acc， IoU总体提高了3.4%，优于最先进的方法。值得注意的是，我们的方法使特定类别的IoU增加了19.7%，例如CWE-416 （use-after-free）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Software Engineering 工程技术-工程：电子与电气

CiteScore

9.70

自引率

10.80%

发文量

724

审稿时长

6 months

期刊介绍： IEEE Transactions on Software Engineering seeks contributions comprising well-defined theoretical results and empirical studies with potential impacts on software construction, analysis, or management. The scope of this Transactions extends from fundamental mechanisms to the development of principles and their application in specific environments. Specific topic areas include: a) Development and maintenance methods and models: Techniques and principles for specifying, designing, and implementing software systems, encompassing notations and process models. b) Assessment methods: Software tests, validation, reliability models, test and diagnosis procedures, software redundancy, design for error control, and measurements and evaluation of process and product aspects. c) Software project management: Productivity factors, cost models, schedule and organizational issues, and standards. d) Tools and environments: Specific tools, integrated tool environments, associated architectures, databases, and parallel and distributed processing issues. e) System issues: Hardware-software trade-offs. f) State-of-the-art surveys: Syntheses and comprehensive reviews of the historical development within specific areas of interest.