Large language models based vulnerability detection: How does it enhance performance?

Detecting vulnerabilities in C/C + + source code has become a critical challenge in information security, especially as the growing number and severity of new vulnerabilities increasingly impact organizations. In this context, Large Language Models (LLMs) have emerged as a promising approach; however, building a model capable of effectively predicting and classifying various types of vulnerabilities from diverse datasets remains a complex problem, demanding innovative and comprehensive solutions. Our research proposes a breakthrough approach by developing the FG-CVD ensemble learning model, an advanced architecture that combines code embedding techniques and Knowledge Argument to enhance feature representation and the ability to learn complex relationships within source code. These improvements are specifically designed on the foundation of code embedding and the Transformer architecture of LLMs to boost the detection and classification of sophisticated vulnerability patterns. To evaluate the model's effectiveness, we conducted extensive experiments on four representative datasets: Reveal, BigVul, RealVul, and FFMQ + QEmu. The experimental results demonstrated FG-CVD's superior performance with an average accuracy of 85%, a prediction precision of 43%, a recall of 65%, and an F1-score of 47%. Notably, the model exhibited flexible adaptability to datasets with different structures and efficiently addressed data imbalance between labels. Moreover, through rigorous cross-dataset testing, the model showcased strong generalization capabilities and high stability, underscoring not only the academic value of the approach but also its practical potential, outperforming traditional approaches across a range of metrics and experimental scenarios.