VulPrompt: Prompt-Based Vulnerability Detection Using Few-Shot Graph Learning

VulPrompt: Prompt-Based Vulnerability Detection Using Few-Shot Graph Learning

연구 분야: Strategies

학회: IFIP Annual Conference on Data and Applications Security and Privacy

VulPrompt is a new approach for detecting software vulnerabilities from source code by employing a prompt-based graph learning technique within a few-shot learning framework. Rather than adopting the Pretrain-Finetune paradigm typical of prior works, it is the first to adopt the more recent Pretrain-Prompt paradigm in this domain, which affords the creation of a smaller, lightweight model that outperforms larger models within other baseline methods. Evaluations conducted in a few-shot setting reflect the scarcity of large, high-quality labeled datasets for vulnerability detection in large software products—a prevalent issue in cybersecurity. Results show that the reduced number of trainable parameters for prompt-based learning models make them well-suited for this learning scenario, requiring only n instances to train efficiently. The learnable prompt reduces the gap between the pretrain and downstream objectives for a particular task by adjusting the input data for the downstream task to fit the pretrained model. Comparative analyses between VulPrompt and other baseline methods demonstrate the model’s robust performance across all datasets tested, consistently achieving notable results. This success showcases the efficacy and adaptability of VulPrompt for detecting software vulnerabilities across different datasets, highlighting its potential as an impactful tool in the cybersecurity domain.