Technology

DLAP: A deep learning augmented LLMs prompting framework for detecting software vulnerabilities

Software vulnerability detection is a critical area that focuses on protecting system security and user privacy by identifying security vulnerabilities in software systems. As cyber threats become more sophisticated, it is critical to ensure that software systems are protected from potential attacks. The use of advanced AI technologies, particularly large language models (LLMs) and deep learning, has proven critical in improving the detection of software vulnerabilities.

The key challenge in software vulnerability detection is to accurately identify vulnerabilities in increasingly complex software systems to prevent potential security breaches. Traditional vulnerability detection methods, such as static analysis tools and machine learning-based models, often result in high false positive rates and cannot keep up with evolving threats. Existing tools are limited by their reliance on predefined patterns or datasets, leading to inaccuracies and overlooked vulnerabilities.

Current research on software vulnerability detection includes frameworks such as GRACE and ChatGPT-driven models that leverage deep learning and LLMs for better detection accuracy. These approaches integrate prompt engineering with machine learning-based models and leverage thought chain guidance to improve detection capabilities. However, existing frameworks often need help with high false positive rates and limited adaptability, highlighting the need for more sophisticated vulnerability detection solutions.

Researchers from Nanjing University (China) and Southern Cross University (Australia) have introduced DLAP, a framework that combines LLMs, deep learning and prompt engineering. DLAP refines vulnerability detection through a hierarchical taxonomy and chain-of-thought (COT) guidance so that LLMs can be precisely controlled. It uses custom prompts tailored to specific categories to help models effectively understand and detect complex vulnerabilities, eliminating the limitations of traditional tools.

The DLAP framework leverages static analysis tools and deep learning models to create prompts that improve LLMs. Based on a dataset of over 40,000 examples from four major software projects, DLAP integrates static analysis results with LLMs for deep semantic and logical analysis. The framework uses COT guidance to improve the accuracy of immediate actions and enable efficient identification of software vulnerabilities. This integration of methods allows DLAP to detect code vulnerabilities while precisely minimizing false positives.

The four datasets on which DLAP was tested were: Chrome, Android, Linux and Qemu, each of which included thousands of features and vulnerabilities. Compared to other methods, DLAP achieved up to 10% higher F1 values ​​and 20% higher Matthews correlation coefficient (MCC). For Chrome, DLAP achieved 40.4% precision and 73.3% recall, with F1 values ​​of 52.1% for Chrome, 49.3% for Android, 65.4% for Linux and 66.7% for Qemu, demonstrating its strong and consistent performance across different datasets.

Finally, the study introduced the DLAP framework, which combines deep learning and LLMs for effective software vulnerability detection. By using specialized prompts and mental chain guidance, DLAP improves detection accuracy and recall while reducing false alarms. Its performance on four large datasets demonstrated superior accuracy compared to existing methods, highlighting its significant potential to improve cybersecurity practices. The research highlights the importance of innovative approaches to address evolving software vulnerabilities and provides a reliable tool for software security.


Visit the Paper. All credit for this research goes to the researchers of this project. Also don’t forget to follow us Twitter. Join our… Telegram channel, Discord channelAnd LinkedIn Grupp.

If you like our work, you will love ours Newsletter..

Don’t forget to join our 41k+ ML SubReddit


Nikhil is an intern as a consultant at Marktechpost. He is pursuing an integrated double degree in materials from the Indian Institute of Technology, Kharagpur. Nikhil is an AI/ML enthusiast who is constantly researching applications in areas such as biomaterials and biomedical science. With a strong background in materials science, he explores new advances and creates opportunities to contribute.




Source link