ProRLearn: Boosting Prompt Tuning-based Vulnerability Detection by Reinforcement Learning

preprint OA: closed
Full text JSON View at publisher
Full text 13,742 characters · extracted from preprint-html · click to expand
ProRLearn: Boosting Prompt Tuning-based Vulnerability Detection by Reinforcement Learning | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article ProRLearn: Boosting Prompt Tuning-based Vulnerability Detection by Reinforcement Learning Zilong Ren, Xiaolin Ju, Xiang Chen, Hao Shen This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-3856133/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 20 Apr, 2024 Read the published version in Automated Software Engineering → Version 1 posted 7 You are reading this latest preprint version Abstract Software vulnerability detection is a critical step in ensuring system security and data protection. Recent research has demonstrated the effectiveness of deep learning in automated vulnerability detection. However, it is difficult for deep learning models to understand the semantics and domain-specific knowledge of source code. In this study, we introduce a new vulnerability detection framework ProRLearn, which leverages two main techniques (i.e., prompt tuning and reinforcement learning). Since existing fine-tuning of pre-trained language models (PLMs) struggles to leverage domain knowledge fully, we introduce a new automatic prompt-tuning technique. Precisely, prompt tuning mimics the pre-training process of PLMs by rephrasing task input and adding prompts, using the PLM’s output as the prediction output. The introduction of the reinforcement learning reward mechanism aims to guide the behavior of vulnerability detection through a reward and pun- ishment model, enabling it to learn effective strategies for obtaining maximum long-term rewards in specific environments. The introduction of reinforcement learning aims to encourage the model to learn how to maximize rewards or minimize penalties, thus enhancing performance. Experiments on two datasets (FFMPeg+Qemu and Reveal) indicate that ProRLearn achieves an F1 score improvement of 3.58%- 28.6% over state-of-the-art baselines. The combination of prompt tuning and reinforcement learning can offer a potential opportunity to improve performance in vulnerability detection. This means that it can effectively improve the performance level of the system in responding to constantly changing network environments and new threats. This interdisciplinary approach contributes to a better understanding of the interplay between natural language processing and reinforcement learning, opening up new opportunities and challenges for future research and applications. Vulnerability Detection Prompt Tuning Pre-trained Language Model Reinforcement Learning Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 20 Apr, 2024 Read the published version in Automated Software Engineering → Version 1 posted Editorial decision: Revision requested 29 Jan, 2024 Reviews received at journal 21 Jan, 2024 Reviewers agreed at journal 20 Jan, 2024 Reviewers invited by journal 20 Jan, 2024 Editor assigned by journal 12 Jan, 2024 Submission checks completed at journal 12 Jan, 2024 First submitted to journal 12 Jan, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-3856133","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":267065226,"identity":"88684c5c-4e29-4fbe-99cb-ddd8bc84c00c","order_by":0,"name":"Zilong Ren","email":"","orcid":"","institution":"Nantong University","correspondingAuthor":false,"prefix":"","firstName":"Zilong","middleName":"","lastName":"Ren","suffix":""},{"id":267065228,"identity":"df800347-f5a4-44ad-a7c2-76ce2b1d21a1","order_by":1,"name":"Xiaolin Ju","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAr0lEQVRIiWNgGAWjYBAC9gYg8aACwpEgSgsjSEvCGYhqErQktpGkZUYCm0TivDt1BgeYD97mYbDLI0YLs0HitmcSBgfYkq15GJKLidHC+CBx22GgFh4zaR6GA4kNRGgBKpsD0sL/jTgtgmBbGsC2sBGnRZrnYbNBwrHDkjMPsxlbzjFIJqyFjz35mMSHmsP8fMebH954U2FHWAs0ZoCAGUQYEFY/CkbBKBgFo4AIAABlkjfWJV3voQAAAABJRU5ErkJggg==","orcid":"","institution":"Nantong University","correspondingAuthor":true,"prefix":"","firstName":"Xiaolin","middleName":"","lastName":"Ju","suffix":""},{"id":267065229,"identity":"124b69cf-26e2-4590-b235-91fa17d8dbf5","order_by":2,"name":"Xiang Chen","email":"","orcid":"","institution":"Nantong University","correspondingAuthor":false,"prefix":"","firstName":"Xiang","middleName":"","lastName":"Chen","suffix":""},{"id":267065231,"identity":"b60381f1-6a85-45b4-b10f-af71ffdef633","order_by":3,"name":"Hao Shen","email":"","orcid":"","institution":"Nantong University","correspondingAuthor":false,"prefix":"","firstName":"Hao","middleName":"","lastName":"Shen","suffix":""}],"badges":[],"createdAt":"2024-01-12 07:48:23","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-3856133/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-3856133/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1007/s10515-024-00438-9","type":"published","date":"2024-04-20T22:36:11+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":55690327,"identity":"5dcb5c30-fe37-427d-929a-494c7c4a4128","added_by":"auto","created_at":"2024-05-01 22:36:17","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":498780,"visible":true,"origin":"","legend":"","description":"","filename":"2024ASEProRLearn.pdf","url":"https://assets-eu.researchsquare.com/files/rs-3856133/v1_covered_c8b4937a-2853-49b4-9bff-10c73368aeba.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"ProRLearn: Boosting Prompt Tuning-based Vulnerability Detection by Reinforcement Learning","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"automated-software-engineering","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ause","sideBox":"Learn more about [Automated Software Engineering](http://link.springer.com/journal/10515)","snPcode":"10515","submissionUrl":"https://submission.nature.com/new-submission/10515/3","title":"Automated Software Engineering","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Vulnerability Detection, Prompt Tuning, Pre-trained Language Model, Reinforcement Learning","lastPublishedDoi":"10.21203/rs.3.rs-3856133/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-3856133/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Software vulnerability detection is a critical step in ensuring system security and data protection. Recent research has demonstrated the effectiveness of deep learning in automated vulnerability detection. However, it is difficult for deep learning models to understand the semantics and domain-specific knowledge of source code. In this study, we introduce a new vulnerability detection framework ProRLearn, which leverages two main techniques (i.e., prompt tuning and reinforcement learning). Since existing fine-tuning of pre-trained language models (PLMs) struggles to leverage domain knowledge fully, we introduce a new automatic prompt-tuning technique. Precisely, prompt tuning mimics the pre-training process of PLMs by rephrasing task input and adding prompts, using the PLM’s output as the prediction output. The introduction of the reinforcement learning reward mechanism aims to guide the behavior of vulnerability detection through a reward and pun- ishment model, enabling it to learn effective strategies for obtaining maximum long-term rewards in specific environments. The introduction of reinforcement learning aims to encourage the model to learn how to maximize rewards or minimize penalties, thus enhancing performance. Experiments on two datasets (FFMPeg+Qemu and Reveal) indicate that ProRLearn achieves an F1 score improvement of 3.58%- 28.6% over state-of-the-art baselines. The combination of prompt tuning and reinforcement learning can offer a potential opportunity to improve performance in vulnerability detection. This means that it can effectively improve the performance level of the system in responding to constantly changing network environments and new threats. This interdisciplinary approach contributes to a better understanding of the interplay between natural language processing and reinforcement learning, opening up new opportunities and challenges for future research and applications.","manuscriptTitle":"ProRLearn: Boosting Prompt Tuning-based Vulnerability Detection by Reinforcement Learning","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-01-15 05:59:29","doi":"10.21203/rs.3.rs-3856133/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2024-01-29T09:39:00+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-01-21T11:51:49+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"5a6596c0-b644-4140-b6ce-fcbeb42b5861","date":"2024-01-20T11:30:38+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-01-20T11:23:52+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-01-12T12:53:55+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-01-12T12:53:54+00:00","index":"","fulltext":""},{"type":"submitted","content":"Automated Software Engineering","date":"2024-01-12T07:44:54+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"automated-software-engineering","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ause","sideBox":"Learn more about [Automated Software Engineering](http://link.springer.com/journal/10515)","snPcode":"10515","submissionUrl":"https://submission.nature.com/new-submission/10515/3","title":"Automated Software Engineering","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"64f4a9e8-9329-4b87-9ede-1947344b6873","owner":[],"postedDate":"January 15th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2024-05-01T22:36:11+00:00","versionOfRecord":{"articleIdentity":"rs-3856133","link":"https://doi.org/10.1007/s10515-024-00438-9","journal":{"identity":"automated-software-engineering","isVorOnly":false,"title":"Automated Software Engineering"},"publishedOn":"2024-04-20 22:36:11","publishedOnDateReadable":"April 20th, 2024"},"versionCreatedAt":"2024-01-15 05:59:29","video":"","vorDoi":"10.1007/s10515-024-00438-9","vorDoiUrl":"https://doi.org/10.1007/s10515-024-00438-9","workflowStages":[]},"version":"v1","identity":"rs-3856133","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-3856133","identity":"rs-3856133","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00