Zhenzhou Tian , Rui Qiu , Yudong Teng , Jiaze Sun , Yanping Chen , Lingwei Chen
{"title":"Towards cost-efficient vulnerability detection with cross-modal adversarial reprogramming","authors":"Zhenzhou Tian , Rui Qiu , Yudong Teng , Jiaze Sun , Yanping Chen , Lingwei Chen","doi":"10.1016/j.jss.2025.112365","DOIUrl":null,"url":null,"abstract":"<div><div>While deep learning has advanced the automatic detection of software vulnerabilities, current DL-based methods still face two major obstacles: the scarcity of vulnerable code samples and the high computational cost of training models from scratch, which, however, have been largely overlooked. This paper introduces <span>Capture</span>, a novel <u>C</u>ross-modal <u>A</u>dversarial re<u>P</u>rogramming approach <u>T</u>owards cost-efficient v<u>U</u>lne<u>R</u>ability d<u>E</u>tection, which reduces the need for well-labeled large vulnerable datasets and minimizes training time. Specifically, <span>Capture</span> first performs lexical parsing and linearization on the AST of the source code to extract structure- and type-aware token sequences. These sequences are transformed into a perturbation image by retrieving and reshaping each token’s embedding from a learnable universal perturbation dictionary. This enables a pre-trained model originally designed for image classification to be repurposed to support code vulnerability detection, with a dynamic label remapping scheme applied at the end that reassigns the model’s output to the binary vulnerability detection result. Our experiments demonstrate that <span>Capture</span> achieves detection accuracy comparable to state-of-the-art methods, while enhancing training efficiency due to its minimal quantity of parameters to update during the model training. Notably, <span>Capture</span> excels in scenarios with limited vulnerable samples, delivering superior detection accuracy and F1 scores compared to baseline methods.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112365"},"PeriodicalIF":3.7000,"publicationDate":"2025-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0164121225000330","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
While deep learning has advanced the automatic detection of software vulnerabilities, current DL-based methods still face two major obstacles: the scarcity of vulnerable code samples and the high computational cost of training models from scratch, which, however, have been largely overlooked. This paper introduces Capture, a novel Cross-modal Adversarial reProgramming approach Towards cost-efficient vUlneRability dEtection, which reduces the need for well-labeled large vulnerable datasets and minimizes training time. Specifically, Capture first performs lexical parsing and linearization on the AST of the source code to extract structure- and type-aware token sequences. These sequences are transformed into a perturbation image by retrieving and reshaping each token’s embedding from a learnable universal perturbation dictionary. This enables a pre-trained model originally designed for image classification to be repurposed to support code vulnerability detection, with a dynamic label remapping scheme applied at the end that reassigns the model’s output to the binary vulnerability detection result. Our experiments demonstrate that Capture achieves detection accuracy comparable to state-of-the-art methods, while enhancing training efficiency due to its minimal quantity of parameters to update during the model training. Notably, Capture excels in scenarios with limited vulnerable samples, delivering superior detection accuracy and F1 scores compared to baseline methods.
期刊介绍:
The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to:
•Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution
•Agile, model-driven, service-oriented, open source and global software development
•Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems
•Human factors and management concerns of software development
•Data management and big data issues of software systems
•Metrics and evaluation, data mining of software development resources
•Business and economic aspects of software development processes
The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
