StagedVulBERT: Multi-granular vulnerability detection with a novel pre-trained code model

Author

Yuan JIANG
Yujian ZHANG
Xiaohong SU
Christoph TREUDE, Singapore Management UniversityFollow
Tiantian WANG

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

10-2024

Abstract

The emergence of pre-trained model-based vulnerability detection methods has significantly advanced the field of automated vulnerability detection. However, these methods still face several challenges, such as difficulty in learning effective feature representations of statements for fine-grained predictions and struggling to process overly long code sequences. To address these issues, this study introduces StagedVulBERT, a novel vulnerability detection framework that leverages a pre-trained code language model and employs a coarse-to-fine strategy. The key innovation and contribution of our research lies in the development of the CodeBERT-HLS component within our framework, specialized in hierarchical, layered, and semantic encoding. This component is designed to capture semantics at both the token and statement levels simultaneously, which is crucial for achieving more accurate multi-granular vulnerability detection. Additionally, CodeBERT-HLS efficiently processes longer code token sequences, making it more suited to real-world vulnerability detection. Comprehensive experiments demonstrate that our method enhances the performance of vulnerability detection at both coarse- and fine-grained levels. Specifically, in coarse-grained vulnerability detection, StagedVulBERT achieves an F1 score of 92.26%, marking a 6.58% improvement over the best-performing methods. At the fine-grained level, our method achieves a Top-5% accuracy of 65.69%, which outperforms the state-of-the-art methods by up to 75.17%.

Keywords

Vulnerability detection, Code language model, Pre-training task, Program representation

Discipline

Software Engineering

Research Areas

Intelligent Systems and Optimization

Areas of Excellence

Digital transformation

Publication

IEEE Transactions on Software Engineering

Volume

50

Issue

12

First Page

3454

Last Page

3471

ISSN

0098-5589

Identifier

10.1109/TSE.2024.3493245

Publisher

Institute of Electrical and Electronics Engineers

Citation

JIANG, Yuan; ZHANG, Yujian; SU, Xiaohong; TREUDE, Christoph; and WANG, Tiantian. StagedVulBERT: Multi-granular vulnerability detection with a novel pre-trained code model. (2024). IEEE Transactions on Software Engineering. 50, (12), 3454-3471.
Available at: https://ink.library.smu.edu.sg/sis_research/10490

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TSE.2024.3493245