English

Leveraging Self-Paced Learning for Software Vulnerability Detection

Software Engineering 2025-11-13 v1

Abstract

Software vulnerabilities are major risks to software systems. Recently, researchers have proposed many deep learning approaches to detect software vulnerabilities. However, their accuracy is limited in practice. One of the main causes is low-quality training data (i.e., source code). To this end, we propose a new approach: SPLVD (Self-Paced Learning for Software Vulnerability Detection). SPLVD dynamically selects source code for model training based on the stage of training, which simulates the human learning process progressing from easy to hard. SPLVD has a data selector that is specifically designed for the vulnerability detection task, which enables it to prioritize the learning of easy source code. Before each training epoch, SPLVD uses the data selector to recalculate the difficulty of the source code, select new training source code, and update the data selector. When evaluating SPLVD, we first use three benchmark datasets with over 239K source code in which 25K are vulnerable for standard evaluations. Experimental results demonstrate that SPLVD achieves the highest F1 of 89.2%, 68.7%, and 43.5%, respectively, outperforming the state-of-the-art approaches. Then we collect projects from OpenHarmony, a new ecosystem that has not been learned by general LLMs, to evaluate SPLVD further. SPLVD achieves the highest precision of 90.9%, demonstrating its practical effectiveness.

Keywords

Cite

@article{arxiv.2511.09212,
  title  = {Leveraging Self-Paced Learning for Software Vulnerability Detection},
  author = {Zeru Cheng and Yanjing Yang and He Zhang and Lanxin Yang and Jinghao Hu and Jinwei Xu and Bohan Liu and Haifeng Shen},
  journal= {arXiv preprint arXiv:2511.09212},
  year   = {2025}
}
R2 v1 2026-07-01T07:33:46.178Z