{"title":"代码漏洞检测:新兴大型语言模型的比较分析","authors":"Shaznin Sultana, Sadia Afreen, Nasir U. Eisty","doi":"arxiv-2409.10490","DOIUrl":null,"url":null,"abstract":"The growing trend of vulnerability issues in software development as a result\nof a large dependence on open-source projects has received considerable\nattention recently. This paper investigates the effectiveness of Large Language\nModels (LLMs) in identifying vulnerabilities within codebases, with a focus on\nthe latest advancements in LLM technology. Through a comparative analysis, we\nassess the performance of emerging LLMs, specifically Llama, CodeLlama, Gemma,\nand CodeGemma, alongside established state-of-the-art models such as BERT,\nRoBERTa, and GPT-3. Our study aims to shed light on the capabilities of LLMs in\nvulnerability detection, contributing to the enhancement of software security\npractices across diverse open-source repositories. We observe that CodeGemma\nachieves the highest F1-score of 58\\ and a Recall of 87\\, amongst the recent\nadditions of large language models to detect software security vulnerabilities.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":"49 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Code Vulnerability Detection: A Comparative Analysis of Emerging Large Language Models\",\"authors\":\"Shaznin Sultana, Sadia Afreen, Nasir U. Eisty\",\"doi\":\"arxiv-2409.10490\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The growing trend of vulnerability issues in software development as a result\\nof a large dependence on open-source projects has received considerable\\nattention recently. This paper investigates the effectiveness of Large Language\\nModels (LLMs) in identifying vulnerabilities within codebases, with a focus on\\nthe latest advancements in LLM technology. Through a comparative analysis, we\\nassess the performance of emerging LLMs, specifically Llama, CodeLlama, Gemma,\\nand CodeGemma, alongside established state-of-the-art models such as BERT,\\nRoBERTa, and GPT-3. Our study aims to shed light on the capabilities of LLMs in\\nvulnerability detection, contributing to the enhancement of software security\\npractices across diverse open-source repositories. We observe that CodeGemma\\nachieves the highest F1-score of 58\\\\ and a Recall of 87\\\\, amongst the recent\\nadditions of large language models to detect software security vulnerabilities.\",\"PeriodicalId\":501278,\"journal\":{\"name\":\"arXiv - CS - Software Engineering\",\"volume\":\"49 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.10490\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.10490","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Code Vulnerability Detection: A Comparative Analysis of Emerging Large Language Models
The growing trend of vulnerability issues in software development as a result
of a large dependence on open-source projects has received considerable
attention recently. This paper investigates the effectiveness of Large Language
Models (LLMs) in identifying vulnerabilities within codebases, with a focus on
the latest advancements in LLM technology. Through a comparative analysis, we
assess the performance of emerging LLMs, specifically Llama, CodeLlama, Gemma,
and CodeGemma, alongside established state-of-the-art models such as BERT,
RoBERTa, and GPT-3. Our study aims to shed light on the capabilities of LLMs in
vulnerability detection, contributing to the enhancement of software security
practices across diverse open-source repositories. We observe that CodeGemma
achieves the highest F1-score of 58\ and a Recall of 87\, amongst the recent
additions of large language models to detect software security vulnerabilities.