Saved in:
Bibliographic Details
Main Authors: Wei, Zhiyuan, Yang, Xiaoxuan, Sun, Jing, Zhang, Zijian
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.06645
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915538893012992
author Wei, Zhiyuan
Yang, Xiaoxuan
Sun, Jing
Zhang, Zijian
author_facet Wei, Zhiyuan
Yang, Xiaoxuan
Sun, Jing
Zhang, Zijian
contents The increasing complexity of modern software systems exacerbates the prevalence of security vulnerabilities, posing risks of severe breaches and substantial economic loss. Consequently, robust code vulnerability detection is essential for software security. While Large Language Models (LLMs) have demonstrated remarkable capabilities in natural language processing, their potential for automated code vulnerability detection remains underexplored. This paper presents FineSec, a novel framework that harnesses LLMs through knowledge distillation to enable efficient and precise vulnerability identification in C/C++ codebases. FineSec utilizes knowledge distillation to transfer expertise from large teacher models to compact student models, achieving high accuracy with minimal computational cost. By integrating data preparation, training, evaluation, and continuous learning into a unified, single-task workflow, FineSec offers a streamlined approach. Extensive evaluations on C/C++ codebases demonstrate its superiority over both base models and larger LLMs in identifying complex vulnerabilities and logical flaws, establishing FineSec as a practical and scalable solution for real-world software security. To facilitate reproducibility, the datasets, source code, and experimental results are made publicly available at: https://github.com/yangxiaoxuan123/FineSec_detect.
format Preprint
id arxiv_https___arxiv_org_abs_2510_06645
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Distilling Lightweight Language Models for C/C++ Vulnerabilities
Wei, Zhiyuan
Yang, Xiaoxuan
Sun, Jing
Zhang, Zijian
Cryptography and Security
Artificial Intelligence
The increasing complexity of modern software systems exacerbates the prevalence of security vulnerabilities, posing risks of severe breaches and substantial economic loss. Consequently, robust code vulnerability detection is essential for software security. While Large Language Models (LLMs) have demonstrated remarkable capabilities in natural language processing, their potential for automated code vulnerability detection remains underexplored. This paper presents FineSec, a novel framework that harnesses LLMs through knowledge distillation to enable efficient and precise vulnerability identification in C/C++ codebases. FineSec utilizes knowledge distillation to transfer expertise from large teacher models to compact student models, achieving high accuracy with minimal computational cost. By integrating data preparation, training, evaluation, and continuous learning into a unified, single-task workflow, FineSec offers a streamlined approach. Extensive evaluations on C/C++ codebases demonstrate its superiority over both base models and larger LLMs in identifying complex vulnerabilities and logical flaws, establishing FineSec as a practical and scalable solution for real-world software security. To facilitate reproducibility, the datasets, source code, and experimental results are made publicly available at: https://github.com/yangxiaoxuan123/FineSec_detect.
title Distilling Lightweight Language Models for C/C++ Vulnerabilities
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2510.06645