Software Vulnerability Detection Using Deep Learning

Abstract

Vulnerabilities in software have remained a critical issue at the forefront of cybersecurity for as long as the field has existed. As the cost of allowing these vulnerabilities to exist increases each year, so have the efforts to detect software vulnerabilities before they can become a problem. This paper focuses specifically on static analysis, with respect to source code. Previous methods have focused on hand-crafted detections for extremely specific vulnerability types, however the recent explosion in Artificial Intelligence in the form of Large Language Models has led to a re-examination of the potential to identify common vulnerabilities more generally.

This paper aims to apply common and cross-domain Deep Learning methods to examine whether these methods can be used to improve the state-of-the-art in software vulnerability detection and classification. More specifically, the concepts of prompting and fine-tuning, as well as the loss function Additive Angular Margin Loss -- which was originally designed for face recognition and classification tasks -- are applied in a series of experiments and compared. Through experimentation, it has been found that simple and common prompting methods as well as fine-tuning methods are not enough on their own to perform reliable software vulnerability detection and classification.