Software vulnerabilities leading to various detriments such as crashes, data loss, and security breaches, significantly hinder the quality, affecting the market adoption of software applications and systems. Although traditional methods such as automated software testing, fault localization, and repair have been intensively studied, static analysis tools are most commonly used and have an inherent false positives rate, posing a solid challenge to developer productivity. Large Language Models (LLMs) offer a promising solution to these persistent issues. Among these, FalconLLM has shown substantial potential in identifying intricate patterns and complex vulnerabilities, hence crucial in software vulnerability detection. In this paper, for the first time, FalconLLM is being fine-tuned for cybersecurity applications, thus introducing SecureFalcon, an innovative model architecture built upon FalconLLM. SecureFalcon is trained to differentiate between vulnerable and non-vulnerable C code samples. We build a new training dataset, FormAI, constructed thanks to Generative Artificial Intelligence (AI) and formal verification to evaluate its performance. SecureFalcon achieved an impressive 94% accuracy rate in detecting software vulnerabilities, emphasizing its significant potential to redefine software vulnerability detection methods in cybersecurity.

翻译：软件漏洞导致崩溃、数据丢失和安全漏洞等多种危害，严重制约了软件质量，影响了软件应用和系统的市场接受度。尽管自动软件测试、故障定位和修复等传统方法已被深入研究，但静态分析工具最为常用，且存在固有的误报率问题，这给开发人员的工作效率带来了严峻挑战。大型语言模型（LLMs）为解决这些长期存在的问题提供了有前景的方案。其中，FalconLLM在识别复杂模式和漏洞方面展现出巨大潜力，因此在软件漏洞检测中至关重要。本文首次将FalconLLM微调应用于网络安全领域，从而引入SecureFalcon——一种基于FalconLLM构建的创新模型架构。SecureFalcon经过训练，能够区分易受攻击和不易受攻击的C代码样本。我们构建了一个新的训练数据集FormAI，该数据集借助生成式人工智能（AI）和形式化验证来评估其性能。SecureFalcon在软件漏洞检测中实现了高达94%的准确率，凸显了其在网络安全领域重新定义软件漏洞检测方法的巨大潜力。