Hugging Face's logo

mahdin70
/
GraphCodeBERT-VulnCWE

Feature Extraction
Transformers
Safetensors
multi_task_graphcodebert
custom_code
Model card Files Community
mahdin70 commited on
Commit
b5971df
·
verified ·
1 Parent(s): 4f6b2e0

Update README.md

Browse files
Files changed (1) hide show
  1. README.md +81 -3
README.md CHANGED
@@ -1,3 +1,81 @@
1
- ---
2
- license: mit
3
- ---
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: mit
3
+ datasets:
4
+ - mahdin70/cwe_enriched_balanced_bigvul_primevul
5
+ metrics:
6
+ - accuracy
7
+ - precision
8
+ - f1
9
+ - recall
10
+ base_model:
11
+ - microsoft/graphcodebert-base
12
+ library_name: transformers
13
+ ---
14
+
15
+ # GraphCodeBERT-VulnCWE - Fine-Tuned GraphCodeBERT for Vulnerability and CWE Classification
16
+
17
+ ## Model Overview
18
+ This model is a fine-tuned version of **microsoft/graphcodebert-base** on a curated and enriched dataset for vulnerability detection and CWE classification. It is capable of predicting whether a given code snippet is vulnerable and, if vulnerable, identifying the specific CWE ID associated with it.
19
+
20
+ ## Dataset
21
+ The model was fine-tuned using the dataset [mahdin70/cwe_enriched_balanced_bigvul_primevul](https://huggingface.co/datasets/mahdin70/cwe_enriched_balanced_bigvul_primevul). The dataset contains both vulnerable and non-vulnerable code samples and is enriched with CWE metadata.
22
+
23
+ ### CWE IDs Covered:
24
+ 1. **CWE-119**: Improper Restriction of Operations within the Bounds of a Memory Buffer
25
+ 2. **CWE-20**: Improper Input Validation
26
+ 3. **CWE-125**: Out-of-bounds Read
27
+ 4. **CWE-399**: Resource Management Errors
28
+ 5. **CWE-200**: Information Exposure
29
+ 6. **CWE-787**: Out-of-bounds Write
30
+ 7. **CWE-264**: Permissions, Privileges, and Access Controls
31
+ 8. **CWE-416**: Use After Free
32
+ 9. **CWE-476**: NULL Pointer Dereference
33
+ 10. **CWE-190**: Integer Overflow or Wraparound
34
+ 11. **CWE-189**: Numeric Errors
35
+ 12. **CWE-362**: Concurrent Execution using Shared Resource with Improper Synchronization
36
+
37
+ ---
38
+
39
+ ## Model Training
40
+ The model was trained for **3 epochs** with the following configuration:
41
+ - **Learning Rate**: 2e-5
42
+ - **Weight Decay**: 0.01
43
+ - **Batch Size**: 8
44
+ - **Optimizer**: AdamW
45
+ - **Scheduler**: Linear
46
+
47
+ ### Training Loss and Validation Metrics Per Epoch:
48
+ | Epoch | Training Loss | Validation Loss | Vul Accuracy | Vul Precision | Vul Recall | Vul F1 | CWE Accuracy |
49
+ |-------|---------------|-----------------|--------------|---------------|------------|--------|--------------|
50
+ | 1 | 1.2824 | 1.4160 | 0.7914 | 0.8990 | 0.5200 | 0.6589 | 0.3551 |
51
+ | 2 | 1.1292 | 1.2632 | 0.8007 | 0.8037 | 0.6426 | 0.7142 | 0.4433 |
52
+ | 3 | 0.8598 | 1.2436 | 0.7945 | 0.7669 | 0.6747 | 0.7179 | 0.4605 |
53
+
54
+ #### Training Summary:
55
+ - **Total Training Steps**: 5916
56
+ - **Training Loss**: 1.2380
57
+ - **Training Time**: 4785.0 seconds (~80 minutes)
58
+ - **Training Speed**: 9.89 samples per second
59
+ - **Steps Per Second**: 1.236
60
+
61
+
62
+ ## How to Use the Model
63
+ ```python
64
+ from transformers import AutoModel, AutoTokenizer
65
+
66
+ model = AutoModel.from_pretrained("mahdin70/GraphCodeBERT-VulnCWE", trust_remote_code=True)
67
+ tokenizer = AutoTokenizer.from_pretrained("microsoft/graphcodebert-base")
68
+
69
+ code_snippet = "int main() { int arr[10]; arr[11] = 5; return 0; }"
70
+ inputs = tokenizer(code_snippet, return_tensors="pt")
71
+ outputs = model(**inputs)
72
+
73
+ vul_logits = outputs["vul_logits"]
74
+ cwe_logits = outputs["cwe_logits"]
75
+
76
+ vul_pred = vul_logits.argmax(dim=1).item()
77
+ cwe_pred = cwe_logits.argmax(dim=1).item()
78
+
79
+ print(f"Vulnerability: {'Vulnerable' if vul_pred == 1 else 'Non-vulnerable'}")
80
+ print(f"CWE ID: {cwe_pred if vul_pred == 1 else 'N/A'}")
81
+ ```