Conference:
EuroCyberSec 2024, 23. October 2024, Krakow, Poland
Authors:
Siavvas M, Kalouptsoglou I, Gelenbe E, Kehagias D, Tzovaras D.
Abstract:
Vulnerability prediction is an important mechanism for secure software development, as it enables the early identification and mitigation of software vulnerabilities. Vulnerability prediction models (VPMs) are machine learning (ML) models able to detect potentially vulnerable software components based on information retrieved from their source code. Despite the notable advancements in the field of vulnerability prediction, especially with the utilization of deep learning (DL) and text mining techniques, current literature still lacks a highly accurate, reliable, and practical VPM. Recently, the Large Language Models (LLMs), which have demonstrated remarkable capabilities in text understand and processing, have started being utilized for vulnerability prediction, demonstrating highly promising results.
The purpose of the present paper is to explore the utilization of LLMs in the field of vulnerability detection, identity challenges and open issues that still need to be addressed, and potentially propose directions for future research. Our analysis suggest that while LLM-based VPMs have outperformed traditional DL approaches in vulnerability prediction, significant challenges still need to be addressed to be considered sufficiently accurate, reliable, and practical.
