An Interpretable Vulnerability Detection Framework Based on Multi-task Learning

An Interpretable Vulnerability Detection Framework Based on Multi-task Learning

연구 분야: Infrastructure

학회: International Conference on Neural Information Processing

Vulnerability detection (VD) techniques are critical to software security and have been widely studied. Many recent research works have proposed VD approaches built with deep learning models and achieved state-of-the-art performance. However, due to the black-box characteristic of deep learning, these approaches typically have poor interpretability, making it challenging for analysts to understand the causes and mechanisms behind vulnerabilities. Although a few strategies have been presented to improve the interpretability of deep learning models, their outputs are still difficult to understand for those with little machine learning knowledge. In this study, we propose IVDM, an Interpretable Vulnerability Detection Framework Based on Multi-task Learning. IVDM integrates the VD and explanation generation tasks into a multi-task learning mechanism. It can generate explanations of the detected vulnerabilities in the form of natural language while performing the VD task. Compared with existing methods, the explanations outputted by IVDM are easier to understand. Moreover, IVDM is trained based on a large-scale pre-trained model, which brings it the cross-programming-language VD ability. Experimental results conducted on both a dataset collected by ourselves and public datasets have demonstrated the effectiveness and rationality of IVDM.