Software security vulnerabilities allow attackers to perform malicious
activities to disrupt software operations. Recent Transformer-based language
models have significantly advanced vulnerability detection, surpassing the
capabilities of static analysis based deep learning models. However, language
models trained solely on code tokens do not capture either the explanation of
vulnerability type or the data flow structure information of code, both of
which are crucial for vulnerability detection. We propose a novel technique
that integrates a multitask sequence-to-sequence LLM with pro-gram control flow
graphs encoded as a graph neural network to achieve sequence-to-classification
vulnerability detection. We introduce MSIVD, multitask self-instructed
fine-tuning for vulnerability detection, inspired by chain-of-thought prompting
and LLM self-instruction. Our experiments demonstrate that MSIVD achieves
superior performance, outperforming the highest LLM-based vulnerability
detector baseline (LineVul), with a F1 score of 0.92 on the BigVul dataset, and
0.48 on the PreciseBugs dataset. By training LLMs and GNNs simultaneously using
a combination of code and explanatory metrics of a vulnerable program, MSIVD
represents a promising direction for advancing LLM-based vulnerability
detection that generalizes to unseen data. Based on our findings, we further
discuss the necessity for new labelled security vulnerability datasets, as
recent LLMs have seen or memorized prior datasets' held-out evaluation data.

通过将程序控制流图编码为图神经网络的多任务序列到序列 LLM 技术，结合多任务自我指导微调的自我说明和 LLM 自我指导，MSIVD 在漏洞检测方面取得了卓越的性能，达到了 0.92 的 F1 得分（BigVul 数据集）和 0.48 的 F1 得分（PreciseBugs 数据集）。

使用多任务自我教导的大型语言模型的安全漏洞检测

Security Vulnerability Detection with Multitask Self-Instructed  Fine-Tuning of Large Language Models

Large language models (LLM) are perceived to offer promising potentials for
automating security tasks, such as those found in security operation centers
(SOCs). As a first step towards evaluating this perceived potential, we
investigate the use of LLMs in software pentesting, where the main task is to
automatically identify software security vulnerabilities in source code. We
hypothesize that an LLM-based AI agent can be improved over time for a specific
security task as human operators interact with it. Such improvement can be
made, as a first step, by engineering prompts fed to the LLM based on the
responses produced, to include relevant contexts and structures so that the
model provides more accurate results. Such engineering efforts become
sustainable if the prompts that are engineered to produce better results on
current tasks, also produce better results on future unknown tasks. To examine
this hypothesis, we utilize the OWASP Benchmark Project 1.2 which contains
2,740 hand-crafted source code test cases containing various types of
vulnerabilities. We divide the test cases into training and testing data, where
we engineer the prompts based on the training data (only), and evaluate the
final system on the testing data. We compare the AI agent's performance on the
testing data against the performance of the agent without the prompt
engineering. We also compare the AI agent's results against those from
SonarQube, a widely used static code analyzer for security testing. We built
and tested multiple versions of the AI agent using different off-the-shelf LLMs
-- Google's Gemini-pro, as well as OpenAI's GPT-3.5-Turbo and GPT-4-Turbo (with
both chat completion and assistant APIs). The results show that using LLMs is a
viable approach to build an AI agent for software pentesting that can improve
through repeated use and prompt engineering.

利用大型语言模型（LLM）构建用于软件渗透测试的人工智能代理，通过反复使用和提示工程来提高模型性能。

软件渗透测试中使用大型语言模型的初步研究

A Preliminary Study on Using Large Language Models in Software  Pentesting

The software supply chain (SSC) attack has become one of the crucial issues
that are being increased rapidly with the advancement of the software
development domain. In general, SSC attacks execute during the software
development processes lead to vulnerabilities in software products targeting
downstream customers and even involved stakeholders. Machine Learning
approaches are proven in detecting and preventing software security
vulnerabilities. Besides, emerging quantum machine learning can be promising in
addressing SSC attacks. Considering the distinction between traditional and
quantum machine learning, performance could be varies based on the proportions
of the experimenting dataset. In this paper, we conduct a comparative analysis
between quantum neural networks (QNN) and conventional neural networks (NN)
with a software supply chain attack dataset known as ClaMP. Our goal is to
distinguish the performance between QNN and NN and to conduct the experiment,
we develop two different models for QNN and NN by utilizing Pennylane for
quantum and TensorFlow and Keras for traditional respectively. We evaluated the
performance of both models with different proportions of the ClaMP dataset to
identify the f1 score, recall, precision, and accuracy. We also measure the
execution time to check the efficiency of both models. The demonstration result
indicates that execution time for QNN is slower than NN with a higher
percentage of datasets. Due to recent advancements in QNN, a large level of
experiments shall be carried out to understand both models accurately in our
future research.

本文探讨了量子神经网络和传统神经网络在 ClaMP 软件供应链攻击数据集上的表现，结果表明，执行时间相对较慢的 QNN 的检测性能并不比 NN 弱。