🤖 AI Summary
This study investigates whether large language models (LLMs) possess genuine security reasoning capabilities for system software vulnerability detection or merely rely on pattern matching via data contamination. To this end, we introduce CWE-Trace, a framework built upon 834 manually curated Linux kernel vulnerability-fix pairs, employing strict temporal splits and function-level contamination analysis. We further propose two novel metrics—Directional Failure Index (DFI) and Hierarchical Distance and Direction (HDD)—to assess model behavior. Our experiments reveal that LoRA fine-tuning adjusts only output thresholds without altering decision logic, 84% of contaminated samples exhibit no meaningful memorization signal, and the best-performing model achieves merely 52.1% vulnerability detection accuracy with a CWE Top-1 accuracy below 1.3%. These findings provide the first empirical evidence of the “calibration without comprehension” phenomenon, demonstrating that current LLMs lack reliable security reasoning ability.
📝 Abstract
Whether LLMs scoring well on vulnerability benchmarks genuinely reason about security or merely pattern-match on contaminated data remains unresolved. We present CWE-Trace, a framework for LLM vulnerability detection built from 834 manually curated Linux kernel samples spanning 74 CWEs. The framework enforces a strict temporal split (pre-2025 historical set / post-cutoff leakage-free set), preserves context-aware vulnerable--patched pairs, and introduces two diagnostic metrics: the Directional Failure Index (DFI) and Hierarchical Distance and Direction (HDD). We evaluate eight vanilla LLMs and 15 LoRA fine-tuned variants across non-targeted detection, targeted detection, and CWE classification. Our analysis yields two key results. First, data contamination provides no measurable advantage. Function-level analysis shows that 84% of nominally contaminated samples carry no usable memorization signal: vulnerable functions are absent or cross-mapped across datasets, and ~31% of contaminated samples carry CWE misclassification. Second, backbone directional priors dominate fine-tuning. Models exhibit stable, systematic failure modes (DFI ranging from -85.5 to +94.8 pp) that persist from historical to post-cutoff data and resist correction. Fine-tuning shifts the output threshold without changing the decision policy. This is calibration without comprehension: output distributions adapt to training data while the underlying security reasoning remains absent. The weakest backbone at binary detection (DeepSeek-R1) gains the most in coarse CWE classification, revealing that detection and understanding are decoupled capabilities. The best detection score reaches only 52.1% (+2.1 pp above chance); exact CWE ranking remains below 1.3% Top-1 accuracy, confirming that current LLMs lack reliable security reasoning for systems software, regardless of fine-tuning strategy.