IRIS

In the last years, several software vulnerability detection techniques based on learning methods, such as deep-learning and large language models, have been proposed to detect vulnerabilities in source code. These techniques build code classification models from datasets of code snippets labeled as vulnerable and non-vulnerable, with the purpose of predicting the presence of vulnerabilities in new code snippets. Experiments documented in the literature, however, show that such techniques can achieve promising results only under specific context and conditions. In this paper, we document a preliminary investigation on the impact of the use of domain-specific knowledge information on vulnerability detection tasks. To this aim, a transformer-based vulnerability detection method has been enhanced with domain-specific knowledge information and an experiment has been performed to understand whether such additional domain knowledge information can increase the detection performance of the learning-based method.

Towards the Use of Domain Knowledge to Enhance Transformer-Based Vulnerability Detection / Marchetto, Alessandro; Foulefack, Rosmael. - 2178:(2024), pp. 373-390. ( 17th International Conference on Quality of Information and Communications Technology, QUATIC 2024 Pisa September 11–13, 2024) [10.1007/978-3-031-70245-7_26].

Towards the Use of Domain Knowledge to Enhance Transformer-Based Vulnerability Detection

Marchetto, Alessandro
;Foulefack, Rosmael
2024-01-01

Abstract

In the last years, several software vulnerability detection techniques based on learning methods, such as deep-learning and large language models, have been proposed to detect vulnerabilities in source code. These techniques build code classification models from datasets of code snippets labeled as vulnerable and non-vulnerable, with the purpose of predicting the presence of vulnerabilities in new code snippets. Experiments documented in the literature, however, show that such techniques can achieve promising results only under specific context and conditions. In this paper, we document a preliminary investigation on the impact of the use of domain-specific knowledge information on vulnerability detection tasks. To this aim, a transformer-based vulnerability detection method has been enhanced with domain-specific knowledge information and an experiment has been performed to understand whether such additional domain knowledge information can increase the detection performance of the learning-based method.
2024
Quality of Information and Communications Technology (QUATIC 2024)
Cham (SW)
Springer Cham
978-3-031-70244-0
2-s2.0-85204548040
WOS:001339216200026
Marchetto, Alessandro; Foulefack, Rosmael
Towards the Use of Domain Knowledge to Enhance Transformer-Based Vulnerability Detection / Marchetto, Alessandro; Foulefack, Rosmael. - 2178:(2024), pp. 373-390. ( 17th International Conference on Quality of Information and Communications Technology, QUATIC 2024 Pisa September 11–13, 2024) [10.1007/978-3-031-70245-7_26].
File in questo prodotto:
File Dimensione Formato  
ma_domain.pdf

Solo gestori archivio

Descrizione: Quatic 2024 paper
Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.83 MB
Formato Adobe PDF
  Visualizza/Apri
1.83 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/432111
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 2
  • OpenAlex 3
social impact