Few-VulD: A Few-shot learning framework for software vulnerability detection☆ ☆

The rapid development of artificial intelligence (AI) has led to the introduction of numerous software vulnerability detection methods based on deep learning algorithms. However, a significant challenge is their dependency on large volumes of code samples for effective training. This requirement poses a considerable hurdle, particularly when adapting to diverse software application scenarios and various vulnerability types, where gathering sufficient and relevant training data for different classification tasks is often arduous. To address the challenge, this paper introduces Few-VulD, a novel framework for software vulnerability detection based on few-shot learning. This framework is designed to be efficiently trained with a minimal number of samples from a variety of existing classification tasks. Its key advantage lies in its ability to rapidly adapt to new vulnerability detection tasks, such as identifying new types of vulnerabilities, with only a small set of learning samples. This capability is particularly beneficial in scenarios where available vulnerability samples are limited. We compare Few-VulD with five state-of-the-art methods on the SySeVR and Big-Vul datasets. On the SySeVR dataset, Few-VulD outperforms all other methods, achieving a recall rate of 87.9% and showing an improvement of 11.7% to 57.8%. On the Big-Vul dataset, Few-VulD outperforms three of the methods, including one that utilizes a pretrained large language model (LLM), with recall improvements ranging from 8.5% to 40.1%. The other two methods employ pretrained LLMs from Microsoft CodeXGLUE (Lu et al., 2021). Few-VulD reaches 78.7% and 95.5% of their recall rates without the need for extensive data pretraining. The performance proves the effectiveness of Few-VulD in vulnerability detection tasks with limited samples.