Saved in:
Bibliographic Details
Main Authors: Shu, Honglin, Fu, Michael, Yu, Junji, Wang, Dong, Tantithamthavorn, Chakkrit, Chen, Junjie, Kamei, Yasutaka
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.07503
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914380354945024
author Shu, Honglin
Fu, Michael
Yu, Junji
Wang, Dong
Tantithamthavorn, Chakkrit
Chen, Junjie
Kamei, Yasutaka
author_facet Shu, Honglin
Fu, Michael
Yu, Junji
Wang, Dong
Tantithamthavorn, Chakkrit
Chen, Junjie
Kamei, Yasutaka
contents Various deep learning-based approaches utilizing pre-trained language models (PLMs) have been proposed for automated vulnerability detection. With recent advancements in large language models (LLMs), several studies have begun exploring their application to vulnerability detection tasks. However, existing studies primarily focus on specific programming languages (e.g., C/C++) and function-level detection, leaving the strengths and weaknesses of PLMs and LLMs in multilingual and multi-granularity scenarios largely unexplored. To bridge this gap, we conduct a comprehensive fine-grained empirical study evaluating the effectiveness of state-of-the-art PLMs and LLMs for multilingual vulnerability detection. Using over 30,000 real-world vulnerability-fixing patches across seven programming languages, we systematically assess model performance at both the function-level and line-level. Our key findings indicate that GPT-4o, enhanced through instruction tuning and few-shot prompting, significantly outperforms all other evaluated models, including CodeT5P. Furthermore, the LLM-based approach demonstrates superior capability in detecting unique multilingual vulnerabilities, particularly excelling in identifying the most dangerous and high-severity vulnerabilities. These results underscore the promising potential of adopting LLMs for multilingual vulnerability detection at function-level and line-level, revealing their complementary strengths and substantial improvements over PLM approaches. This empirical evaluation of PLMs and LLMs for multilingual vulnerability detection highlights LLMs' value in addressing real-world software security challenges.
format Preprint
id arxiv_https___arxiv_org_abs_2506_07503
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Evaluating Large Language Models for Multilingual Vulnerability Detection at Dual Granularities
Shu, Honglin
Fu, Michael
Yu, Junji
Wang, Dong
Tantithamthavorn, Chakkrit
Chen, Junjie
Kamei, Yasutaka
Software Engineering
Various deep learning-based approaches utilizing pre-trained language models (PLMs) have been proposed for automated vulnerability detection. With recent advancements in large language models (LLMs), several studies have begun exploring their application to vulnerability detection tasks. However, existing studies primarily focus on specific programming languages (e.g., C/C++) and function-level detection, leaving the strengths and weaknesses of PLMs and LLMs in multilingual and multi-granularity scenarios largely unexplored. To bridge this gap, we conduct a comprehensive fine-grained empirical study evaluating the effectiveness of state-of-the-art PLMs and LLMs for multilingual vulnerability detection. Using over 30,000 real-world vulnerability-fixing patches across seven programming languages, we systematically assess model performance at both the function-level and line-level. Our key findings indicate that GPT-4o, enhanced through instruction tuning and few-shot prompting, significantly outperforms all other evaluated models, including CodeT5P. Furthermore, the LLM-based approach demonstrates superior capability in detecting unique multilingual vulnerabilities, particularly excelling in identifying the most dangerous and high-severity vulnerabilities. These results underscore the promising potential of adopting LLMs for multilingual vulnerability detection at function-level and line-level, revealing their complementary strengths and substantial improvements over PLM approaches. This empirical evaluation of PLMs and LLMs for multilingual vulnerability detection highlights LLMs' value in addressing real-world software security challenges.
title Evaluating Large Language Models for Multilingual Vulnerability Detection at Dual Granularities
topic Software Engineering
url https://arxiv.org/abs/2506.07503