Words Speak Louder Than Code: Investigating Cognitive Heuristics in LLM-Based Code Vulnerability Detection
作者: Asif Shahriar, Hongyu Cai, Hadjer Benkraouda, Gang Wang, Z. Berkay Celik
分类: cs.CR, cs.AI
发布日期: 2026-06-29
💡 一句话要点
系统探讨认知启发式在LLM代码漏洞检测中的影响
🎯 匹配领域: 支柱九:具身大模型 (Embodied Foundation Models)
关键词: 大型语言模型 代码漏洞检测 认知启发式 光环效应 框架效应 锚定效应 软件安全 自动化审查
📋 核心要点
- 现有的LLM在代码漏洞检测中受到认知启发式的影响,但尚未系统研究其具体影响机制。
- 本文提出了一种控制框架,通过变化上下文来触发认知启发式,以评估其对代码漏洞检测的影响。
- 实验结果表明,所有评估的模型均受到认知启发式的影响,尤其是框架效应的易感性最高,达到33.2%。
📝 摘要(中文)
随着大型语言模型(LLMs)在自动化漏洞检测中的应用日益增加,研究表明这些模型同样受到影响人类判断的认知启发式的影响。本文首次系统性地探讨了认知启发式对LLM驱动的代码漏洞检测的影响。我们提出了一个控制框架,固定代码,仅通过变化周围上下文来触发三种认知启发式:通过作者归属引发的光环效应、通过任务目标和后果引发的框架效应,以及通过先前分析结果引发的锚定效应。我们在该框架内评估了八种LLM在三种编程语言上的表现,结果显示所有模型均受到这些启发式的影响,框架效应的平均易感性最高,达到33.2%。
🔬 方法详解
问题定义:本文旨在探讨认知启发式如何影响LLM在代码漏洞检测中的判断,现有方法未能充分考虑这一因素,导致潜在的误判和漏洞漏检。
核心思路:通过设计一个控制框架,固定代码并变化上下文,以触发光环效应、框架效应和锚定效应,从而系统评估这些启发式对模型判断的影响。
技术框架:整体框架包括固定代码的基础设置,变化上下文的实验设计,以及对八种LLM的评估模块,涵盖三种编程语言的分析。
关键创新:首次系统性地探讨了认知启发式在LLM驱动的代码漏洞检测中的影响,揭示了模型在不同认知条件下的判断变化,具有重要的理论和实践意义。
关键设计:实验中设置了多个上下文变量,采用定量和代码级分析相结合的方法,确保对模型易感性的全面评估。
📊 实验亮点
实验结果显示,所有评估的模型均受到认知启发式的影响,框架效应的平均易感性为33.2%,锚定效应为23.5%,光环效应为18.4%。此外,模型在认知条件变化时,判断结果常常从安全变为脆弱,证明了认知易感性是LLM漏洞检测中的一个可利用特性。
🎯 应用场景
该研究的潜在应用领域包括软件安全性评估、自动化代码审查和漏洞检测工具的开发。通过理解认知启发式的影响,开发者可以设计更为鲁棒的检测系统,减少误判和漏判的风险,提升软件安全性。未来,该研究可能推动更智能的安全工具和技术的应用。
📄 摘要(原文)
Researchers and practitioners increasingly apply Large Language Models (LLMs) for automated vulnerability detection. Recent work has shown that LLMs are susceptible to the same cognitive heuristics that bias human judgment. Yet, no work has investigated whether these heuristics affect a model's assessment of code vulnerabilities. In this paper, we present the first systematic exploration of cognitive heuristics in LLM-driven code vulnerability detection. We introduce a controlled framework that holds the code fixed and only varies the surrounding context to trigger three cognitive heuristics: the halo effect through author attribution, the framing effect through task objectives and consequences, and the anchoring effect through prior analysis results. Within this framework, we evaluate eight LLMs across three programming languages and perform both quantitative and code-level analyses. Our findings demonstrate that all evaluated models are susceptible to these heuristics. Cross-model average susceptibility is highest for framing at 33.2%, followed by anchoring at 23.5% and halo at 18.4%. Code-level analysis reveals that vulnerabilities that require semantic reasoning for detection are more susceptible to cognitive heuristics than those identifiable through pattern matching. Furthermore, models often change their verdict from safe to vulnerable based on the cognitive condition, without accurately identifying the actual vulnerability. To highlight the practical impact, we demonstrate a proof-of-concept black-box cognitive attack that can suppress up to 97% of previously detected vulnerabilities. These findings indicate that cognitive susceptibility is a consistent and exploitable property of LLM-based vulnerability detection.