Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Learning-based Models for Vulnerability Detection: An Extensive Study

Chao Ni, Liyu Shen, Xiaodan Xu, Xin Yin, Shaohua Wang

TL;DR

This paper conducts a comprehensive, multi-dimensional evaluation of learning-based vulnerability detection, contrasting sequence-based and graph-based approaches on MegaVul and including ChatGPT. It finds sequence-based models generally outperform graph-based ones, while ChatGPT remains underpowered for vulnerability detection tasks. Interpretability evidence shows models concentrate on Function Calls and Field Expressions, with instability observed across semantically equivalent inputs. The work also clarifies ease of use and economic considerations, offering practical guidelines for deploying VD models safely and cost-effectively in real-world settings.

Abstract

Though many deep learning-based models have made great progress in vulnerability detection, we have no good understanding of these models, which limits the further advancement of model capability, understanding of the mechanism of model detection, and efficiency and safety of practical application of models. In this paper, we extensively and comprehensively investigate two types of state-of-the-art learning-based approaches (sequence-based and graph-based) by conducting experiments on a recently built large-scale dataset. We investigate seven research questions from five dimensions, namely model capabilities, model interpretation, model stability, ease of use of model, and model economy. We experimentally demonstrate the priority of sequence-based models and the limited abilities of both LLM (ChatGPT) and graph-based models. We explore the types of vulnerability that learning-based models skilled in and reveal the instability of the models though the input is subtlely semantical-equivalently changed. We empirically explain what the models have learned. We summarize the pre-processing as well as requirements for easily using the models. Finally, we initially induce the vital information for economically and safely practical usage of these models.

Learning-based Models for Vulnerability Detection: An Extensive Study

TL;DR

This paper conducts a comprehensive, multi-dimensional evaluation of learning-based vulnerability detection, contrasting sequence-based and graph-based approaches on MegaVul and including ChatGPT. It finds sequence-based models generally outperform graph-based ones, while ChatGPT remains underpowered for vulnerability detection tasks. Interpretability evidence shows models concentrate on Function Calls and Field Expressions, with instability observed across semantically equivalent inputs. The work also clarifies ease of use and economic considerations, offering practical guidelines for deploying VD models safely and cost-effectively in real-world settings.

Abstract

Though many deep learning-based models have made great progress in vulnerability detection, we have no good understanding of these models, which limits the further advancement of model capability, understanding of the mechanism of model detection, and efficiency and safety of practical application of models. In this paper, we extensively and comprehensively investigate two types of state-of-the-art learning-based approaches (sequence-based and graph-based) by conducting experiments on a recently built large-scale dataset. We investigate seven research questions from five dimensions, namely model capabilities, model interpretation, model stability, ease of use of model, and model economy. We experimentally demonstrate the priority of sequence-based models and the limited abilities of both LLM (ChatGPT) and graph-based models. We explore the types of vulnerability that learning-based models skilled in and reveal the instability of the models though the input is subtlely semantical-equivalently changed. We empirically explain what the models have learned. We summarize the pre-processing as well as requirements for easily using the models. Finally, we initially induce the vital information for economically and safely practical usage of these models.
Paper Structure (14 sections, 5 figures, 12 tables)

This paper contains 14 sections, 5 figures, 12 tables.

Table of Contents

  1. Introduction
  2. Experimental Setup
  3. Studied Dataset
  4. Studied Baselines and Evaluation Metrics
  5. Implementation Details
  6. Research Question and Findings
  7. D1: Capabilities of Learning-based Models for Vulnerability Detection
  8. D2: Interpretation of Learning-based Models for Vulnerability Detection
  9. D3: Stability of Learning-based Models for Vulnerability Detection
  10. D4: Ease of Use of Learning-based Models for Vulnerability Detection
  11. D5: Economy Impact of Learning-based Models for Vulnerability Detection
  12. Threats to Validity
  13. Related Work
  14. Conclusion

Figures (5)

  • Figure 1: Performance on Vulnerability Type
  • Figure 2: Vulnerability detection prompt templates used in our study
  • Figure 3: Number of occurrences for each statement type in the Top 10 most probable vulnerability lines. (diagonal shadow indicates sequence-base models)
  • Figure 4: LineVul interpretation result(CVE-2022-47519CVE-2022-47519)
  • Figure 5: Visualization of the separation between vulnerable (denoted by +) and non-vulnerable (denoted by $\bigcirc$).