🚀 UniXcoder for Code Vulnerability Detection
This model, based on Microsoft's UniXcoder, is fine - tuned for detecting vulnerabilities in C/C++ code. It uses the DetectVul/devign dataset and offers high - accuracy vulnerability detection, classifying code snippets as either safe or vulnerable.
✨ Features
- Optimized for C/C++ code vulnerability detection.
- Trained on the DetectVul/devign dataset.
- Achieves 68.34% accuracy and an F1 score of 62.14%.
- Classifies code snippets as safe (0) or vulnerable (1).
📦 Installation
No specific installation steps are provided in the original document, so this section is skipped.
💻 Usage Examples
Basic Usage
Use the following code to load the model and run inference on a sample code snippet:
from transformers import AutoTokenizer, AutoModelForSequenceClassification
import torch
tokenizer = AutoTokenizer.from_pretrained("microsoft/unixcoder-base")
model = AutoModelForSequenceClassification.from_pretrained("mahdin70/unixcoder-code-vulnerability-detector")
code_snippet = """
void process(char *input) {
char buffer[50];
strcpy(buffer, input); // Potential buffer overflow
}
"""
inputs = tokenizer(code_snippet, return_tensors="pt", truncation=True, padding="max_length", max_length=512)
with torch.no_grad():
outputs = model(**inputs)
predictions = torch.nn.functional.softmax(outputs.logits, dim=-1)
predicted_label = torch.argmax(predictions, dim=1).item()
print("Vulnerable Code" if predicted_label == 1 else "Safe Code")
📚 Documentation
Model Details
| Property |
Details |
| Developed by |
[mahdin70(Mukit Mahdin)] |
| Finetuned from |
microsoft/unixcoder-base |
| Language(s) |
English (for code comments & metadata), C/C++ |
| License |
MIT |
| Task |
Code vulnerability detection |
| Dataset Used |
DetectVul/devign |
| Architecture |
Transformer - based sequence classification |
Uses
Direct Use
This model can be used for static code analysis, security audits, and automatic vulnerability detection in software repositories. It benefits:
- Developers: To analyze their code for potential security flaws.
- Security Teams: To scan repositories for known vulnerabilities.
- Researchers: To study vulnerability detection in AI - powered systems.
Downstream Use
This model can be integrated into IDE plugins, CI/CD pipelines, or security scanners to provide real - time vulnerability detection.
Out - of - Scope Use
- The model is not meant to replace human security experts.
- It may not generalize well to languages other than C/C++.
- False positives/negatives may occur due to dataset limitations.
Bias, Risks, and Limitations
- False Positives & False Negatives: The model may flag safe code as vulnerable or miss actual vulnerabilities.
- Limited to C/C++: The model was trained on a dataset primarily composed of C and C++ code. It may not perform well on other languages.
- Dataset Bias: The training data may not cover all possible vulnerabilities.
Recommendations
💡 Usage Tip
Users should not rely solely on the model for security assessments. Instead, it should be used alongside manual code review and static analysis tools.
Training Details
Training Data
- Dataset:
DetectVul/devign
- Classes:
0 (Safe), 1 (Vulnerable)
- Size: 17483 code snippets
Training Procedure
- Optimizer: AdamW
- Loss Function: Cross - Entropy Loss
- Batch Size: 8
- Learning Rate: 2e - 5
- Epochs: 3
- Hardware Used: 2x T4 GPU
Metrics
| Metric |
Score |
| Train Loss |
0.4835 |
| Evaluation Loss |
0.6855 |
| Accuracy |
68.34% |
| F1 Score |
62.14% |
| Precision |
69.18% |
| Recall |
56.40% |
Environmental Impact
| Factor |
Value |
| GPU Used |
2x T4 GPU |
| Training Time |
~1 hour |
📄 License
This model is released under the MIT license.
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
