📝 SummarXiv

Abstract

In recent years, the growing complexity and scale of source code have rendered manual software vulnerability detection increasingly impractical. To address this challenge, automated approaches leveraging machine learning and code embeddings have gained substantial attention. This study investigates the optimal combination of code embedding techniques and machine learning classifiers for vulnerability detection in Python source code. We evaluate three embedding techniques, i.e., Word2Vec, CodeBERT, and GraphCodeBERT alongside two deep learning classifiers, i.e., Bidirectional Long Short-Term Memory (BiLSTM) networks and Convolutional Neural Networks (CNN). While CNN paired with GraphCodeBERT exhibits strong performance, the BiLSTM model using Word2Vec consistently achieves superior overall results. These findings suggest that, despite the advanced architectures of recent models like CodeBERT and GraphCodeBERT, classical embeddings such as Word2Vec, when used with sequence-based models like BiLSTM, can offer a slight yet consistent performance advantage. The study underscores the critical importance of selecting appropriate combinations of embeddings and classifiers to enhance the effectiveness of automated vulnerability detection systems, particularly for Python source code.