{"id":"https://openalex.org/W4311165836","doi":"https://doi.org/10.1145/3564625.3567985","title":"Transformer-Based Language Models for Software Vulnerability Detection","display_name":"Transformer-Based Language Models for Software Vulnerability Detection","publication_year":2022,"publication_date":"2022-12-03","ids":{"openalex":"https://openalex.org/W4311165836","doi":"https://doi.org/10.1145/3564625.3567985"},"language":"en","primary_location":{"id":"doi:10.1145/3564625.3567985","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3564625.3567985","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 38th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004372801","display_name":"Chandra Thapa","orcid":"https://orcid.org/0000-0002-3855-3378"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Chandra Thapa","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067534316","display_name":"Seung Ick Jang","orcid":"https://orcid.org/0000-0002-0544-7982"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Seung Ick Jang","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042828824","display_name":"Muhammad Ejaz Ahmed","orcid":"https://orcid.org/0000-0001-8033-0998"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Muhammad Ejaz Ahmed","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084022157","display_name":"Seyit Camtepe","orcid":"https://orcid.org/0000-0001-6353-8359"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Seyit Camtepe","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045977578","display_name":"Josef Pieprzyk","orcid":"https://orcid.org/0000-0002-1917-6466"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I4210087266","display_name":"Institute of Computer Science","ror":"https://ror.org/003fvp964","country_code":"PL","type":"facility","lineage":["https://openalex.org/I4210087266","https://openalex.org/I99542240"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I99542240","display_name":"Polish Academy of Sciences","ror":"https://ror.org/01dr6c206","country_code":"PL","type":"government","lineage":["https://openalex.org/I99542240"]}],"countries":["AU","PL"],"is_corresponding":false,"raw_author_name":"Josef Pieprzyk","raw_affiliation_strings":["CSIRO's Data61, Australia and Institute of Computer Science, Polish Academy of Sciences, Poland"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia and Institute of Computer Science, Polish Academy of Sciences, Poland","institution_ids":["https://openalex.org/I99542240","https://openalex.org/I1292875679","https://openalex.org/I42894916","https://openalex.org/I4210087266"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5004372801"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":30.5377,"has_fulltext":false,"cited_by_count":101,"citation_normalized_percentile":{"value":0.99740924,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"481","last_page":"496"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.847225546836853},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.5328090190887451},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4934503138065338},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.43924224376678467},{"id":"https://openalex.org/keywords/closeness","display_name":"Closeness","score":0.42721840739250183},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4258568286895752},{"id":"https://openalex.org/keywords/domain-specific-language","display_name":"Domain-specific language","score":0.41809120774269104},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.41560816764831543},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.37679779529571533},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.32466432452201843},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.32128506898880005},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.3203541338443756}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.847225546836853},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.5328090190887451},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4934503138065338},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.43924224376678467},{"id":"https://openalex.org/C2779545769","wikidata":"https://www.wikidata.org/wiki/Q5135364","display_name":"Closeness","level":2,"score":0.42721840739250183},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4258568286895752},{"id":"https://openalex.org/C135257023","wikidata":"https://www.wikidata.org/wiki/Q691358","display_name":"Domain-specific language","level":2,"score":0.41809120774269104},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.41560816764831543},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37679779529571533},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.32466432452201843},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.32128506898880005},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3203541338443756},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3564625.3567985","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3564625.3567985","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 38th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W1566289585","https://openalex.org/W1992114977","https://openalex.org/W2064675550","https://openalex.org/W2559935471","https://openalex.org/W2634106992","https://openalex.org/W2781491433","https://openalex.org/W2950635152","https://openalex.org/W2962960733","https://openalex.org/W2965861627","https://openalex.org/W2976184969","https://openalex.org/W2998879504","https://openalex.org/W3009129408","https://openalex.org/W3091803291","https://openalex.org/W3101228802","https://openalex.org/W3104849875","https://openalex.org/W3118485687","https://openalex.org/W3124351704","https://openalex.org/W3127736190","https://openalex.org/W3187025053"],"related_works":["https://openalex.org/W1995054232","https://openalex.org/W2156910174","https://openalex.org/W1556709767","https://openalex.org/W1557920161","https://openalex.org/W2011510925","https://openalex.org/W1993023208","https://openalex.org/W4291020658","https://openalex.org/W2593813644","https://openalex.org/W1562218326","https://openalex.org/W4388214479"],"abstract_inverted_index":{"The":[0],"large":[1],"transformer-based":[2,50],"language":[3,10,51,125,132,159],"models":[4,22,52,62,126,133,160,187],"demonstrate":[5,119],"excellent":[6],"performance":[7,122,136],"in":[8,23,53,127],"natural":[9,34],"processing.":[11],"By":[12],"considering":[13],"the":[14,17,31,105,120,124,142,158,166,180,193],"transferability":[15],"of":[16,33,92,96,123,168],"knowledge":[18],"gained":[19],"by":[20],"these":[21,61,131,186],"one":[24],"domain":[25],"to":[26,36,47,104,165,183],"other":[27],"related":[28],"domains,":[29],"and":[30,57,84,113,151,173,188],"closeness":[32],"languages":[35],"high-level":[37],"programming":[38],"languages,":[39],"such":[40,138],"as":[41,139],"C/C++,":[42],"this":[43,68,176],"work":[44],"studies":[45],"how":[46,58],"leverage":[48],"(large)":[49],"detecting":[54],"software":[55,93],"vulnerabilities":[56,102],"good":[59,121],"are":[60],"for":[63,195],"vulnerability":[64,94,128],"detection":[65],"tasks.":[66],"In":[67],"regard,":[69],"firstly,":[70],"we":[71,87],"present":[72,189],"a":[73],"systematic":[74],"(cohesive)":[75],"framework":[76],"that":[77],"details":[78],"source":[79,98],"code":[80],"translation,":[81],"model":[82],"preparation,":[83],"inference.":[85],"Then,":[86],"perform":[88],"an":[89],"empirical":[90,117],"analysis":[91],"datasets":[95],"C/C++":[97],"codes":[99],"having":[100],"multiple":[101],"corresponding":[103],"library":[106],"function":[107],"call,":[108],"pointer":[109],"usage,":[110,112],"array":[111],"arithmetic":[114],"expression.":[115],"Our":[116],"results":[118],"detection.":[129],"Moreover,":[130],"have":[134],"better":[135],"metrics,":[137],"F1-score,":[140],"than":[141],"contemporary":[143],"models,":[144],"namely":[145],"bidirectional":[146,152],"long":[147],"short":[148],"term":[149],"memory":[150],"gated":[153],"recurrent":[154],"unit.":[155],"Experimenting":[156],"with":[157],"is":[161],"always":[162],"challenging":[163],"due":[164],"requirement":[167],"computing":[169],"resources,":[170],"platforms,":[171],"libraries,":[172],"dependencies.":[174],"Thus,":[175],"paper":[177],"also":[178],"analyses":[179],"popular":[181],"platforms":[182,194],"efficiently":[184],"fine-tune":[185],"recommendations":[190],"while":[191],"choosing":[192],"our":[196],"framework.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":39},{"year":2024,"cited_by_count":38},{"year":2023,"cited_by_count":18},{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2025-10-10T00:00:00"}