DexBERT: Effective, Task-Agnostic and Fine-Grained Representation Learning of Android Bytecode

The automation of an increasingly large number of software engineering tasks is becoming possible thanks to Machine Learning (ML). One foundational building block in the application of ML to software artifacts is the representation of these artifacts (e.g., source code or executable code) into a form that is suitable for learning. Traditionally, researchers and practitioners have relied on manually selected features, based on expert knowledge, for the task at hand. Such knowledge is sometimes imprecise and generally incomplete. To overcome this limitation, many studies have leveraged representation learning, delegating to ML itself the job of automatically devising suitable representations and selections of the most relevant features. Yet, in the context of Android problems, existing models are either limited to coarse-grained whole-app level (e.g., apk2vec) or conducted for one specific downstream task (e.g., smali2vec). Thus, the produced representation may turn out to be unsuitable for fine-grained tasks or cannot generalize beyond the task that they have been trained on. Our work is part of a new line of research that investigates effective, task-agnostic, and fine-grained universal representations of bytecode to mitigate both of these two limitations. Such representations aim to capture information relevant to various low-level downstream tasks (e.g., at the class-level). We are inspired by the field of Natural Language Processing, where the problem of universal representation was addressed by building Universal Language Models, such as BERT, whose goal is to capture abstract semantic information about sentences, in a way that is reusable for a variety of tasks. We propose DexBERT, a BERT-like Language Model dedicated to representing chunks of DEX bytecode, the main binary format used in Android applications. We empirically assess whether DexBERT is able to model the DEX language and evaluate the suitability of our model in three distinct class-level software engineering tasks: Malicious Code Localization, Defect Prediction, and Component Type Classification. We also experiment with strategies to deal with the problem of catering to apps having vastly different sizes, and we demonstrate one example of using our technique to investigate what information is relevant to a given task.

P RE-TRAINED models yielding general-purpose embed- dings have been a recent highlight in AI advances, notably in the research and practice of Natural Language Processing (e.g., with BERT [1]).Building on these ideas, the programming language and software engineering communities have attempted similar ideas of learning vector representations for code (e.g., CODE2VEC [2]) and other programming artifacts (e.g., bug reports [3]).Unfortunately, these pre-trained models for code embedding often do not generalize beyond the task they have been trained on [4].
In the Android research landscape, many techniques have been proposed to address app classification problems [5]- [12], most of which, however, can only handle coarse-grained tasks (i.e., at the whole-app level).Although there are a few works [13], [14] targeting some fine-grained tasks at the class level, their learned representations have also not been shown to generalize to other class-level tasks.
Therefore, despite the good performance exhibited by existing approaches, there is still a research gap to be filled with the investigation of simultaneously fine-grained and taskagnostic representation learning for Android applications.Indeed, advances in this direction will help researchers and practitioners who are conducting class-level tasks, such as malicious code localization or app defect prediction, to achieve state-of-the-art performance while reducing costs due to manual feature engineering or repetitive pre-training computations for multiple representation models.
Building a fine-grained task-agnostic model is, however, challenging since it essentially requires to capture knowledge relevant to a variety of tasks altogether and at the low granularity of the representation.A few studies have investigated and built task-agnostic models in the field of software engineering.CodeBERT [15] and apk2vec [16] are key representatives of these models.On the one hand, while CodeBERT brings significant improvements, it cannot be directly used for representing Android apps for two main reasons: lack of source code in apps and limit of input elements.Even though it is technically feasible to apply it to the assembly language Smali, the performance is unsatisfactory, as evidenced by our experiments in Section VI-C.On the other hand, apk2vec successfully constructs the behavior profiles of apps and achieves significant accuracy improvements while maintaining comparable efficiency.However, despite apk2vec's success in app representation, its granularity, and graph-based design still have limitations [17]- [21].Notably, apk2vec is designed to handle only app-level tasks, while our proposed approach is targeted at fine-grained tasks at the class-level.
Towards addressing limitations of existing representation techniques (i.e., lack of a universal model for Android bytecode at low granularity), we propose in this paper DexBERT, a fine-grained and task-agnostic representation model for the bytecode in Android app packages.The result of DexBERT can be applied across various class-level downstream tasks (e.g., malicious code localization, defect prediction, etc.).Our approach first extracts features from Smali instructions (i.e., an assembly language for the Dalvik bytecode used by Android's Dalvik virtual machine.).It then combines embeddings of code fragments to build a model that can address various class-level problems.Our pre-trained model can capture the essential features and knowledge by first learning an accurate general model of Android apps' bytecode.The proposed aggregation methods allow DexBERT to handle fine-grained class-level tasks, making DexBERT capable of operating on lower granularity of Android artifacts than other state-of-theart representation models.
To evaluate the effectiveness of DexBERT, we first conduct a preliminary experiment to observe the feasibility of building a general model of Android app code.This experiment mainly focuses on pre-training BERT on Smali instructions to ensure that the generated embeddings contain meaningful features for various tasks.We observed clearly converging loss curves on all the pre-training tasks, with the pre-trained model achieving 95.30% and 99.35% accuracy on the masked language model and next sentence prediction tasks, respectively.Such performances demonstrate that our model indeed learned meaningful features and can be generalized to a variety of different tasks.
We further perform a comprehensive empirical evaluation to measure the overall performance of DexBERT on three classlevel downstream tasks: Android malicious code localization, Android defect detection, and Component Type Classification.Android malicious code localization is a task whose goal is to identify the malicious parts of Android apps.Android defect detection locates defective code to help developers improve the security and robustness of Android apps.Component Type Classification is a multi-class classification problem that has a distinct character compared to the two tasks mentioned above.This classification problem is introduced to provide a more comprehensive evaluation of DexBERT's universality.Our experimental results show that DexBERT can localize malicious code and detect defects with significant improvement over current state-of-the-art approaches (74.93 and 6.33 percentage points improvement for malicious code localization and defect prediction, respectively) in terms of accuracy.DexBERT also significantly outperform other BERT-like baselines on the task of Component Type Classification by a roughly 20 percentage point increase in terms of F1 Score.
The contributions of our study are as follows: • We propose a novel BERT-based pre-trained representation learning model for Android bytecode representation, named DexBERT.It can be used directly on various class-level (i.e., finer-grained than existing app-level approaches) downstream analysis tasks by freezing parameters of the pre-trained representation model when tuning the prediction model for a specific downstream task.
• We propose aggregation techniques that overcome the limitations with the size of the input of BERT.• We conduct a comprehensive evaluation that shows that DexBERT achieves promising performance on multiple pre-training tasks and class-level Android downstream tasks.• To ease replication, we share the dataset and source code to the community at the following address: https://github.com/Trustworthy-Software/DexBERT.

A. Representational Model
Our approach, DexBERT, aims at building a task-agnostic universal representation model for Android apps at low granularity.Universal representation models are trained on large corpora to automatically capture general features that are relevant to various downstream tasks without training a model from scratch for each task.For example, BERT [1] has revolutionized the representation problem of Natural Language Processing (NLP).One advantage of BERT-like models is the strong separation between the generic representation and any specific task.To build a language model, BERT pretraining relies on two fundamental tasks, Masked Language Model (MLM) and Next Sentence Prediction (NSP), without manual labels.MLM forces BERT to capture relationships between words, and NSP forces BERT to capture relationships between sentences.With such a mechanism, BERT can generate meaningful embeddings of the input sentences.Universal models can also be useful in the field of software engineering, where many tasks that take software artifacts as input are investigated.CodeBERT [15] is one of the successful universal models that is used by a number of studies [22]- [25] in various software engineering domains with promising performance.
As the purpose of our approach, DexBERT, is to represent the bytecode in Android apps with concise representations, such as embedding vectors; we leverage and adapt the idea and architecture of BERT [1] as well.While BERT, coming from NLP, works with words and sequences of words (i.e., sentences or paragraphs), we disassemble Android apps into Smali code 1 .We then regard the Smali code as a flow of tokens that can be fed to a BERT-like model.

B. Downstream Tasks
Once a BERT-like model is pre-trained, it is able to output a representation of its input.This representation can then be used as an input to other models that can be trained (fine-tuning in BERT terminology) for a specific downstream task.We evaluate our approach on three class-level Androidspecific tasks: malicious code localization, defect prediction, and Component Type Classification Precise malicious code localization not only helps to assess the trustworthiness of existing app-level malware detection methods but also enables important applications such as studying malware behavior and engineering malware signatures.Malicious code localization becomes particularly useful in the case of repackaged malware, as the major portion of apps' code remains benign, with only a small portion relevant to the attack [13].Software defects are errors or bugs built into the software due to programmers' mistakes, such as memory overflows and run-time exceptions [26], during the software design or development process.These defects can raise serious reliability and security concerns.Automatically finding such defects is thus an important and active domain of research [14].

BERT Tasks
As an additional measure to assess DexBERT's wideranging applicability, we introduced Component Type Classification, a third task at the class level.This task, which involves multi-class classification, serves as a contrast to the preceding two tasks that focused on security-related binary classification, and aims to provide a thorough evaluation of DexBERT's universality in different contexts.
In the Android context, these three tasks require sub-app level representations (i.e., class-level) instead of whole-app level representations (e.g., apk2vec [16]) since the tasks pinpoint a specific location in an app.Note that whole-app level representations transform an app into an embedding vector rather than transforming each element (e.g., class) of an app.Our approach can take a subset of bytecode in an app, and thus it can represent classes as embedding vectors.Theoretically, other class-level tasks beyond the three we identified are expected to benefit from DexBERT as well, as long as the corresponding datasets are well-labeled and publicly available.

C. Motivation
As the population of Android apps is rapidly growing larger and the number of relevant issues (e.g., productivity and security problems) is increasing quickly, it is necessary to efficiently address the issues of the Android ecosystem; for example, one solution to multiple problems.However, most state-of-the-art approaches focus on building a model for a particular issue, such as Malware Detection (e.g., Drebin [27] and DexRay [28]) or Malicious Code Localization (e.g., MKL-Droid [13] and Droidetec [11]), or Software Defect Prediction (e.g., smali2vec [14] and SLDeep [29]).
Instead of devising a single individual solution for each of those issues, there is value in investigating the possibility of having one single universal model that is able to capture and represent the relevant features and properties of application's code, which could be leveraged for a variety of tasks.Some existing representation models generalize to a variety of problems, but target either a low granularity with source code (e.g., CodeBERT [15]) or entire Android applications (e.g., apk2vec [16]).CodeBERT requires native source code (i.e., written in programming languages), which is often not available for Android apps.While decompilation of Java code is an option, it is, however not always complete and is often significantly different from real source code.Moreover, the design of CodeBERT does not overcome the limitation with the number of input elements (512 for BERT) for Android apps (i.e., apps often contain more than millions of tokens).In addition, most existing Android representation approaches target the whole-app level (e.g., apk2vec [16]), which makes it difficult to explore fine-grained details of the problems.
Therefore, it would be a significant step forward if a representation model can take bytecode of apps and support various tasks at fine-grained levels.The approach we propose, DexBERT, does not require source code and is validated to cater to class-level tasks.Meanwhile, we design an aggregation method to overcome the limitation of the 512 input elements in BERT-like models.For DexBERT users, they don't need to pre-train again and only need to use the provided model to generate features for their own APKs.Then, they can do any class-level tasks they want.Therefore, its reusability can avoid training individual models for different tasks and save a large amount of time and effort.

III. APPROACH
In this section, we first present the overview of DexBERT workflow in Section III-A.Then, we illustrate details of DexBERT in Section III-B, and we describe the applications of representations learned by DexBERT on downstream tasks in Section III-C.

A. Overview
DexBERT focuses on extracting features from Android application Dalvik bytecode and targets fine-grained Android tasks (i.e., at class-level).Our approach is clearly different from apk2vec [16], which is a static analysis based multiview graph embedding framework for app-level Android tasks, and CodeBERT, which is a bimodal pre-trained model for programming language (PL) and natural language (NL) tasks.Specifically, DexBERT takes disassembled Smali code from Dalvik bytecode as input and learns to extract corresponding representations (e.g., the embedding of a class).Smali is a text representation of Dalvik bytecode, in the same way, that assembly code is a text representation of compiled code.Because DexBERT supports various class-level tasks (while the original BERT is limited to relatively small inputs), there is a need to combine, or aggregate the representations of several sequences of instructions, or chunks, into one single representation that covers the chosen input.
As shown in Figure 1, representation (or embedding) of the Smali Bytecode is learned by BERT during the pretraining phase.This learned embedding can then be applied to class-level Android downstream tasks.Specifically, we can easily extract the Bytecode of an Android application.

B. DexBERT
We introduce the pipeline of DexBERT in Section III-B1.The mechanism of DexBERT pre-training is presented in Section III-B2.In Section III-B3, we introduce the Auto-Encoder, which is designed to reduce the dimensionality of the learned representation while keeping the key information.
1) DexBERT: As an assembly language, the Smali code disassembled from Dalvik bytecode is a sequence of instructions.Similar to the original BERT, we pre-train our model on multiple pre-training tasks to force DexBERT to capture general-purpose representations that can be used in various downstream tasks.
Specifically, as shown in the left box in Figure 2, regarding each Smali instruction in each class as a text snippet we are able to create instruction pairs (similar to sentence pairs in original BERT) as input sequences.In each pair, two instructions are separated by a reserved token [SEP], and several randomly selected tokens (or "words") are masked.For the masked language model, one of the two pre-training tasks of the original BERT, the goal is to correctly predict the tokens that are masked.The second original BERT pre-training task, Next Sentence Prediction, is turned here into Next Instruction Prediction, leveraging the pairs of instructions.In essence, this task's goal is to predict, given a pair of instructions, whether or not the second instruction follows the first one.
2) Pre-training: Pre-training plays a vital role in helping DexBERT learn to generate meaningful embeddings.To ensure that the learned embeddings have general-purpose, the pre-training is supposed to be performed on multiple tasks simultaneously.As described, we adopt and adapt the two pretraining tasks of the original BERT: ① masked language model (i.e., masked words prediction) and ② next sentence prediction as the main pre-training tasks.
In each pre-training iteration, the input sequence of instructions is fed into the BERT model, which generates a corresponding sequence embedding (as shown in the left box in Figure 2).The sequence embedding is then taken as input for the pre-training tasks.Each task is a simple neural network with a single fully connected layer.As shown in the right box in Figure 2, a loss value is then calculated by comparing the output of each task head to the automatically created groundtruth (i.e., randomly masked tokens or binary label indicating whether the second statement indeed follows the first one or not).The model weights of connections between neurons are adjusted to minimize the total loss value (i.e., the sum of all loss values for pre-training tasks) based on the backpropagation algorithm [30].Note that the pre-training tasks are only designed to help the BERT model learn meaningful features of input sequences and have little practical use in the real world.
3) Auto-Encoder: Even though the two aforementioned pre-training tasks could work well on Smali instructions, the dimensionality (i.e., 512 × 768, which is defined as the multiplication of token number in each input sequence N and the dimension of the learned embedding vector H) of the generated representation for each sequence is quite large.Since there are usually hundreds or thousands of statements in a Smali class that need to be embedded, the dimensionality of the learned embeddings should be reduced before deployment to downstream tasks while preserving their key information.In common practice for BERT-like models, the first state vector (of size 768) of the learned embedding is often used for this purpose.In our case, we add a third pre-training task, an Auto-Encoder, whose goal is to find a smaller, more efficient representation.
A smaller representation is necessary primarily because APKs consist of a significantly larger number of tokens compared to typical textual documents and code files.We provide a comparative analysis on token sequence length across three different data formats -textual documents (Paired CMU Book Summary [31]), code files (Devign [32]), and APKs (DexRay [28]), the number of BERT tokens in each dataset, denoted as [Mean]±[Deviation].Specifically, the Paired CMU Book Summary has 1148.62±933.97tokens, the Devign dataset contains 615.46±41 917.54 tokens, while the DexRay dataset contains a considerable 929.39K±11.50Mtokens.This substantial quantity difference in tokens for APKs necessitates the effort to achieve as compact an embedding as possible for a given token sequence of Smali instructions.
AutoEncoder [33] is an artificial neural network that can The encoder in our approach consists of two fully connected layers with 512 and 128 neurons, respectively.Symmetrically, the decoder consists of two fully connected layers with 128 and 512 neurons, respectively.The sequence embedding (with the size of 512 × 768) learned from BERT is both the input of the Encoder and the output target of the Decoder in the pretraining process.After comparative experiments, we opted for a hidden embedding with size 128 as the final representation of the original instruction sequence.We provide an analysis of different embedding sizes in Section VI-A.Compared with the raw BERT embedding, the dimension of the final sequence embedding is 3072 times smaller, from 512 × 768 to 128.Consequently, in Figure 2, the size of Vector 1, which is the embedding of Instruction Sequence 1 yielded by the Encoder, is 128.

C. Class-level Prediction Model
In order to validate the effectiveness of learned DexBERT representation, we apply it to three class-level Android analysis tasks.To perform these class-level tasks, we need an efficient representation for each class, and we thus need a method to aggregate the embeddings of the instruction sequences of each class into one single embedding.We introduce this method in Section III-C1.We then present the details of the prediction model in Section III-C2.
1) Aggregation of Instruction Embedding: The representations learned from DexBERT are for instruction sequences.Usually, each Smali class consists of many methods, each of which contains a certain, often large, number of statements.The number of sequence vectors in each class is indeterminate, while the shape of the input to the class-level prediction model (neural network) is supposed to be fixed.Specifically, within each class, there are many sequence embedding vectors with a size of 128, which are expected to be combined into one single vector.Thus, embedding aggregation is required to obtain the final class-level representation.
We primarily have three reasons to solve the long instruction sequence problem by splitting a Smali class into snippets and aggregate the learned snippet embedding into one class embedding.First, Smali instructions are individual commands performing specific operations in the Android runtime environment.Although they often appear in sequences, each Smali instruction operates largely independently, not necessarily bearing the kind of interdependence seen in words within natural language sentences.Second, the class representation, which aggregates the instruction embeddings, retains a sense of the overall structure and function of the class while being context-aware.Last, while there might be some loss of context when splitting long sequences, we believe the trade-off between computational efficiency and a minor potential loss of context is justified.To give a quantified measure of this trade-off, let's consider the GPU memory required.Doubling the input length limit for a BERT model would necessitate four times the initial GPU memory, a demand that most standard devices cannot meet, particularly for even longer sequences.However, the high memory cost can be avoided without significant performance loss if we perform an average of 2.69 splits on long sequences in the adopted datasets, as shown in our experiments.
While it would be possible to leverage another step of representation learning to devise a strategy to aggregate several representations, we instead opt for less computationally expensive approaches.In order to adapt to the variability of vector numbers in different Smali classes, as shown in Figure 3, we propose to aggregate these sequence embedding vectors of size 128 into one single vector of size 128 by performing simple element-wise average, element-wise addition, or random selection.Another method we investigate is a general approach to vector reshaping in computer vision: concatenation & bilinear resizing.Specifically, we first concatenate the embedding vectors into a long vector and resize it with the bilinear interpolation algorithm [34].We investigate these four methods in Section V-E and show that these simple methods are effective.
2) Prediction Model: As shown in the right box in Figure 3, after embedding aggregation, we finally obtain one embedding vector for each Smali class.The last step is to apply the learned embedding to downstream tasks.Typically, this can be done by feeding the embeddings to another independent neural network that can be trained to a specific task.In the original BERT, they only add one additional layer following the pre-trained model for each downstream task.
In our approach, we design a simple model architecture with only three fully connected layers of neural network as the task-specific model and freeze the parameters of the pretrained DexBERT model when tuning for specific tasks.The computational cost in training downstream tasks is significantly decreased by only tuning parameters of the task-specific model.Specifically, the parameter number of the task-specific model is 10.4K, which is almost negligible compared with 459.35M of the pre-trained DexBERT model.
The input of the task-specific model is the aggregated vector of class embedding, as shown in Figure 3.The task-specific model for malicious code localization predicts whether what a given class contains is malicious or not.Similarly, for defect detection, the task-specific model predicts if a given class contains defective code.For component type classification, the task-specific model predicts to which component type the given class belongs.The details of each task-specific setup are presented in Section IV-C.

IV. STUDY DESIGN
In this section, we first overview the research questions to investigate in Section IV-A.Then, details about dataset and empirical setup are presented in Section IV-B and Section IV-C.We provide evaluation results and answer the research questions in Section V.

A. Research Questions
In this paper, we consider the following six main research questions:

B. Dataset
In this work, we rely on four different datasets that we present in this section.
1) Dataset for Pre-training: With DexBERT, we target a general-purpose representation for various Android analysis tasks.To obtain a representative sampling of the diverse landscape of android apps, we opted to leverage the dataset of a recent work in Android malware detection.One thousand apps-malware or benign-are randomly selected from the dataset used to evaluate DexRay [28], a work that collected more than 158 000 apps from the AndroZoo dataset [35].
Class de-duplication was performed in order to include as much diversity as possible without letting the total number of instructions explode.After removing duplicate classes, our selection of APKs results in over 35 million Smali instructions, from which we obtained 556 million tokens.This is comparable to the scale of BooksCorpus [36], one of the pretraining datasets used in the original BERT, which consists of 800 million tokens.
Despite the pre-training dataset of DexBERT being smaller than the original BERT, its sufficiency is supported by two factors.Firstly, Smali, being an assembly language, possesses a simpler structure and a significantly smaller set of tokens compared to natural languages and high-level programming languages, implying that a smaller dataset is enough to capture its essential features.Secondly, the efficiency of the dataset is evaluated based on DexBERT's performance in downstream tasks which use APKs from distinct sources than the pretraining dataset.The superior performance of DexBERT over baseline models in these tasks confirms the adequacy of the pre-training dataset.
Based on the Smali instructions in the dataset, we generated a WordPiece [37] vocabulary of 10 000 tokens for DexBERT, which is only one-third the size of the original BERT vocabulary.The WordPiece model employs a subword tokenization method to manage extensive vocabularies and handle rare and unknown words.It breaks down words into smaller units, effectively addressing out-of-vocabulary words.
2) Dataset for Malicious Code Localization: RQ2 deals with Malicious Code Localization, i.e., finding what part(s) of a given malware contains malicious code.At least two existing works have tackled this challenging problem for Android Malware and thus have acquired a suitable dataset with ground-truth labels.In Mystique [38], Meng et al. constructed a dataset of 10 000 auto-generated malware, with malicious/benign labels for each class.However, almost all of the code in these generated APKs is either malicious or from commonly used libraries (such as android.support),and thus may not be representative of existing apps, nor of the diversity of Android apps.More recently, in MKLDroid [13], Narayanan et al. randomly selected 3000 apps from the Mystique dataset and piggybacked the malicious parts into existing, real-world benign apps from Google Play, resulting in a dataset they named MYST.Although still a little far from the real-world scenario, the repackaged malware in the MYST dataset contains both malicious and benign classes, which can support a class-level malicious code localization task.We thus decide to rely on the MYST dataset to conduct our experiments related to RQ2.Note that, to the best of our knowledge, no fully labeled dataset of real-world malware exists for the task of malicious code localization for Android.Note also that in our work, we choose MKLDroid as a baseline work, enabling us to directly compare DexBERT against MKLDroid.
Despite the challenges in acquiring labeled real-world malware, we remained determined to evaluate DexBERT's performance in real-world scenarios.Ultimately, we succeeded in constructing a dataset that, albeit not extensive, contains labeled real-world malicious classes, thus broadening our evaluation scope.Specifically, we found 46 apps in the Difuzer [39] dataset, where the locations of a specific malicious behavior, namely the logic bomb, have been manually labeled.This allows us to obtain labels of malicious classes and thereby assess DexBERT's ability to localize malicious code in realworld applications.In addition, the authors of Difuzer provided more apps from their subsequent work, and we were able to successfully download and process 88 apks in total.
Given that each APK in the Difuzer dataset only has one class labeled as containing a logic bomb, and the malicious or benign nature of other classes is unknown, we are only able to utilize 88 malicious classes from these 88 real-world APKs for our extended evaluation.To facilitate a more comprehensive evaluation process, we constructed a dataset with additional APKs.The training set comprises three sources: 50 Difuzer APKs with logic bombs, 50 benign APKs from the DexRay dataset [28], and 100 APKs from MYST dataset to augment the dataset size.Please note that we selectively choose a portion of the benign classes at random to prevent a significant data imbalance, as the initial number of benign classes is much larger than that of malicious classes.As a result, we acquired 1929 benign classes and 425 malicious classes, including 50 from Difuzer APKs, for fine-tuning the classifier.The evaluation set, aimed at testing DexBERT on real-world APKs, consists solely of the remaining 38 APKs with logic bombs from Difuzer and 50 benign APKs from DexRay.We ended up with 95 benign classes (almost two per benign apks) and 38 malicious classes containing logic bombs.Please be aware that all the aforementioned designs aim to make the constructed data suitable for deep learning model training, while ensuring that there is no overlap between the training and evaluation sets.
3) Dataset for App Defect Detection: As another important class-level Android analysis task, app defect detection is the subject of RQ3.Dong et al. proposed smali2vec as a deep neural network based approach to detect application defects and released a dataset containing more than 92K Smali class files collected from ten Android app projects in over fifty versions.For the convenience of labeling, they collected these APKs from GitHub based on three project selection criteria: 1) the number of versions is greater than 20; 2) the package size is greater than 500 KB; and 3) a large number of commits and of contributors.The defective Smali files are located and labeled with Checkmarx [40], a widely used commercial static source code analysis tool.Finally, each Smali class in the dataset has a label indicating whether it is defective or not.We choose smali2vec as our dataset for app defect detection to enable comparison with their smali2vec approach built specifically for defect detection.
4) Dataset for Component Type Classification: To further evaluate the universality of DexBERT, we introduced a third class-level task called Component Type Classification.This task, distinctly different from the previous two, is designed to provide a comprehensive assessment of DexBERT's applicability across various scenarios.In the Android framework, four primary components exist, namely Activities, Services, Broadcast Receivers, and Content Providers.These are fundamental building blocks of an Android application and are declared in an application's manifest file (AndroidManifest.xml).Therefore, we can readily obtain labels for these four types of component classes and formulate a high-quality dataset for this task.Note that this task was designed solely to demonstrate the universality of DexBERT; It is selected due to the different nature of this task from other two downstream tasks and the ease and speed with which ground truth can be obtained.We randomly selected 1000 real-world APKs from the AndroZoo repository [35], from which we extracted 3406 component classes with accurate labels.We used 75% of this data for training and the remaining 25% for testing.
C. Empirical Setup 1) Pre-training: Based on the typical BERT [1] design, we simplify the model architecture of DexBERT to a certain extent to reduce the computational cost.Indeed, while the dimension of intermediate layers in the position-wise feedforward network was originally defined as H × 4, where H is set to 768 by default, as mentioned in Section III-B3, we reduce this dimension to H × 3, i.e., from 3072 to 2304.The number of hidden layers and heads in the multi-head attention layers are set to 8 instead of 12.With these simplifications, the number of floating-point operations (FLOPs, indicating the computational complexity of the model) is reduced by 43.9%, from 44.05G to 24.72G.Meanwhile, the number of model parameters is only decreased by 7.7%, from 497.45M to 459.35M.Thus we keep as many as possible of the model parameters while reducing the computational cost, with the goal of preserving the learning ability of the model as much as possible.
The batch size is set to 72, and the learning rate is set to 1e −4 .Following the reference implementation 2 we leveraged, we select the Adam optimizer [41].We adopt the Cross-Entropy loss function 3 for both the masked words prediction task and the next sentence prediction task, and the Mean Squared Error (MSE) loss function 4 for the Auto-Encoder task.Particularly, the MSE Loss is a criterion that measures the squared L2 norm between each element in the input x and target y.Thus, the loss value of this task could also be regarded as an evaluation metric for the Auto-Encoder task.
The pre-training of DexBERT on 556 million tokens for 40 epochs took about 10 days on 2 Tesla V100 GPUs (each with 32G memory).However, it is important to note that DexBERT users do not need to pre-train the model from scratch.They can directly use the pre-trained model we provide for their own Android analysis tasks.
2) Malicious Code Localization: As discussed, malicious code localization is a difficult and under-explored problem.Therefore, there are few widely recognized approaches and benchmark datasets available.To the best of our knowledge, Narayanan et al. provided the first well-labeled dataset that comes close to real-world practical needs, to evaluate their multi-view context-aware approach MKLDroid [13] for malicious code localization.
In order to fairly compare with this baseline work, we follow the same validation strategy, i.e., 2000 APKs for fine-tuning and the remaining 1000 APKs for evaluation.We use 3-fold cross validation to ensure the reliability of the results.The prediction model consists of 3 fully connected layers, of with 128, 64, and 32 neurons, respectively.The output layer consists of two neurons that are used to predict the probabilities for a class being either malicious or benign.We leverage the best aggregation method (i.e., element-wise addition) found in RQ5.When fine-tuning for this task, we use the Cross-Entropy loss function and the Adam optimizer.With a batch size of 256, we train the prediction model for 40 epochs.For evaluation metrics, we adopt Precision, Recall, False Positive Rate (FPR), and False Negative Rate (FNR), the same as the baseline work MKLDroid for easy comparison.We further report F1-Scores as the overall metric.
3) App Defect Detection: Similar to malicious code localization, app defect detection is a relatively new challenge, only addressed by a small number of works in the literature.Particularly, Dong et al. proposed a DNN-based approach smali2vec [14] targeting Android applications and released a benchmark dataset containing more than 92K Smali class files.The classifier of smali2vec has 810,600 weight parameters across 10 layers, each of which has 300 neurons.In contrast, our model only comprises a total of 10,304 weight parameters spanning three simple layers with sizes of 128, 64, and 32.
In this work, we follow their Within-Project Defect Prediction (WPDP) strategy using 5-fold cross-validation to compare their approach with ours.They provide an AUC score for each project, and report their mean value as the final evaluation metric.In addition, we also report the weighted average score to cater to the significant size variations among projects.For this task, we adopt the same model architecture, aggregation method, loss function, and training strategy as for the malicious code localization task.

4) Component Type Classification:
The majority of the empirical settings for the Component Type Classification task are identical to those used in Malicious Code Localization, with the exception of the number of neurons in the output layer of the prediction model.In this task, the classifier contains four neurons, instead of two, to output the probabilities for the four different component types.

V. EXPERIMENTAL RESULTS
In this section, we present the evaluation results of DexBERT, and we answer our five research questions.

A. RQ1: Can DexBERT accurately model Smali bytecode?
With this first RQ, we assess whether or not DexBERT is able to learn from Smali bytecode and build an accurate model of Smali bytecode as used in Android apps.To that end, we report the loss curves of the three pre-training tasks, presented in Sections III-B2 and III-B3.These loss curves are shown in Figure 4, where the X axis represents the training iterations (i.e., batches).
Two elements allow us to confidently conclude that DexBERT indeed can learn an accurate model of Smali bytecode.First, the loss for all three pre-training tasks rapidly drops and is already very low after being fed just a small portion of our pre-training dataset, suggesting that our dataset is more than large enough for our purpose.Second, continuing the pre-training process results in even lower loss and does not generate random fluctuations, suggesting that the model learned is not contradicted by new pieces of Smali bytecode and indeed converges.
As mentioned in Section IV-C1, the MSE loss could also be regarded as an evaluation metric, and its loss value in the third curve in Figure 4 approaches zero late in the training process, indicating that the Auto-Encoder is able to reconstruct the given input vector of DexBERT embedding with minimal error.Therefore, the output vector of Encoder (i.e., Hidden Embedding in Figure 2) preserves the key information of the original DexBERT representation, which is required for the representation reconstruction by Decoder.In order to further evaluate the other two pre-training tasks, we created an evaluation set containing 2 037 400 masked tokens for the masked words prediction task and 101 870 instruction pairs for next sentence prediction task.We calculate accuracy on the evaluation set as a metric to further evaluate the performance of DexBERT on these two tasks.
Given the initial imbalanced distribution of each token and the randomness of our selection process, the distribution of masked tokens was imbalanced.Common characters, strings, or variables such as slash "/" (15.47%), comma "," (6.32%), "v0" (1.83%), "object" (1.73%), and "lcom" (1.67%) were most frequently masked.Nevertheless, less common characters (< 1.00%) still accounted for 42.69% of the masked tokens.As shown in Table I, with an accuracy of 95.30% on over two million predictions, we believe DexBERT's performance in the MLM task is robust.Regarding the NSP task, the distribution of positive and negative samples was well balanced; positive samples constituted 49.81% of the total samples, and negative samples made up the remaining 50.19%.DexBERT achieved a near-perfect accuracy of 99.35% on over 100K instruction pairs.This suggests that DexBERT was able to learn accurate features for the NSP task.The high accuracy of these two tasks demonstrates that the learned representations contain key features of the input instruction sequences leading to correct predictions.
RQ1 Answer: DexBERT can learn an accurate model of Smali bytecode.

B. RQ2: How effective is the DexBERT representation for the task of Malicious Code Localization?
In this section, we investigate the performance of DexBERT on the malicious code localization task and compare it with the MKLDroid baseline work [13] on their evaluation dataset.Following their experimental setup, we fine-tune DexBERT to output, for each class of a given app, a maliciousness score, or m-score for short.MKLDroid was evaluated with a beam search strategy, with a width of 10.In Table II, we show MKLDroid performance metrics as reported in the MKLDroid paper [13], followed by the performance metrics of DexBERT (Line DexBERT-m), also computed with a beam search of width 10.
Additionally, we perform an experiment where we evaluate DexBERT without beam search, where each class is predicted as malicious if the m-score is above a threshold of 0.5 or benign otherwise.The performance metrics for this experience are reported in the last line of Table II.In effect, when evaluated in the same conditions as MKLDroid, DexBERT significantly outperforms MKLDroid with an F1 score 0.9981 on the MYST dataset.Therefore, DexBERT does not need beam-search at all and achieves excellent performance when classifying each class independently.Furthermore, we also include smali2vec [14] as an additional baseline, which, although it achieves fairly good performance, fails to outperform our proposed DexBERT.As noted in Section IV-B2, we expanded our evaluation of DexBERT on real-world Android applications.Employing our dataset constructed from Difuzer apps, i.e., Difuzer Extension dataset, DexBERT achieved a notable F1 score of 0.9048 in identifying malicious classes within real-world APKs.Further, it achieved a commendable F1 score of 0.9560 in predicting benign classes, thereby eliminating our concerns that data imbalance might negatively impact the evaluation.
RQ2 Answer: DexBERT significantly outperforms MKLDroid on the task of malicious code localization when evaluated in the same conditions.In addition, DexBERT can achieve vastly superior results when classifying each class independently.Furthermore, DexBERT also show its potential on localizing malicious classes within real-world Android apps.

C. RQ3: How effective is the DexBERT representation for the task of Defect Detection?
In this section, we investigate the performance of DexBERT on the task of app defect detection, and we compare it against the baseline work smali2vec [14].The performance of smali2vec5 on 10 Android projects is shown in Table III, where the # of classes represents the number of Smali classes in each project.
Using our DexBERT representation, we fine-tune a model to predict the likelihood that a given class is defective.
As shown in Table III, DexBERT outperforms smali2vec on 6 out of 10 projects and achieves a weighted AUC score of 90.32%, which is a 6.33 percentage points improvement over smali2vec.
RQ3 Answer: DexBERT slightly outperforms smali2vec for the task of app defect detection.

D. RQ 4: How effective is the DexBERT representation for the task of Component Type Classification?
In this section, we explore DexBERT's performance on the Component Type Classification task, aiming to further examine its universal applicability across diverse application scenarios.We contrast DexBERT's performance against other BERT-like models, specifically BERT [1], CodeBERT [15], and DexBERT without pre-training.Similar to the settings for the Malicious Code Localization task, we fine-tune a classifier to predict a given class's component type.Given that other BERT-like baselines lack an AutoEncoder module for further reduction of embedding dimensionality, we use the first  As Table IV illustrates, DexBERT excels in predicting all four types of component classes.On average, DexBERT's performance surpasses all baselines by a significant margin, exhibiting a roughly 20 percentage point increase in terms of F1 Score.This reiterates DexBERT's effectiveness in representing Smali instructions in Android and, crucially, validates the universality of DexBERT.
RQ4 Answer: DexBERT significantly outperforms baselines for the task of component type classification which differs from first two tasks that focused on security-related properties, demonstrating its versatility across various application scenarios.

E. RQ 5: What are the impacts of different aggregation methods of instruction embeddings?
In this section, we investigate the impact of the different embedding aggregation methods (i.e., element-wise addition, random selection, averaging and concatenation & bilinear resizing, cf.Section III-C1).These techniques were initially leveraged to aggregate token embeddings in BERT [1] and other deep learning approaches [28].From our point of view, the output features from BERT and the AutoEncoder of DexBERT are essentially similar in nature.Each state vector of BERT embedding is a high-level abstract feature of the corresponding token.Similarly, each output vector of Auto-Encoder is a high-level abstract feature vector of the corresponding token sequence.Therefore, if it's plausible to aggregate token embeddings by addition or the other three techniques, it should also be plausible to aggregate sequence embeddings in a similar manner.We conduct comparative experiments based on three downstream tasks to evaluate to what extent DexBERT is sensitive to the aggregation method.As shown in Table V, on the malicious code localization task, performance metrics for all four methods are very close, with no significant differences between methods.For the other two downstream tasks, we note that the differences are more significant than for the task of malicious code localization.Despite all four aggregation methods yielding an acceptable performance, addition is the best performer, achieving the highest metric scores on both tasks.
RQ5 Answer: All four proposed aggregation methods are effective on all three downstream tasks.Elementwise addition achieves the best performance on both tasks.

F. RQ6: Can DexBERT work with subsets of instructions?
In the previous RQs, we demonstrated the effectiveness of DexBERT when using the entire Smali bytecode.Representing Smali bytecode with DexBERT can be computationally expensive, given the very large number of instructions an app (or even a class) can contain.With this RQ, we investigate the ability of DexBERT to work with subsets of instructions, hence reducing the number of pieces of code to represent and reducing the need for aggregation.
We postulate that API invocations are the instructions that carry the most semantics information, and thus conduct an experiment where we pre-filter the flow of Smali bytecode to keep only API calls.Based on the statistics on our pretraining dataset, API instructions constitute approximately 17.27% of the total instructions.We re-use the pre-trained model built with the complete flow of instructions (Cf.RQ 1), but we fine-tune a dedicated model with filtered instructions only.Since many classes in some projects in the dataset for defect detection do not have API calls (some concrete examples are included in appendix), which would result in empty representations, we only consider the tasks of malicious code localization and Component Type Classification here.As shown in Table VI, while the performance of DexBERT is slightly higher with all instructions, DexBERT still performs very well with API calls only.Computationally, however, working with only API calls is one order of magnitude faster.As for the total execution time, we take the evaluation of malicious code localization task as an example here.With full instructions, we require approximately 1.9 hours to generate the DexBERT features for all 911,724 classes.Conversely, with only API calls, we need only about 11 minutes to generate all feature vectors.RQ6 Answer: When compatible with the downstream task, DexBERT is also very effective and fast when considering API calls only.

VI. DISCUSSION
In this section, we begin with an ablation study examining the impact of DexBERT's embedding size on downstream tasks, and an ablation study assessing the effectiveness of the two pre-training tasks.Following that, we compare the performance of various BERT-like baselines across three different downstream tasks.Then, we share some insights about the proposed DexBERT for Android representation.Next, we discuss some potential threats to validity of the proposed approach.Finally, we discuss some future works which are worth studying next.

A. Ablation Study on DexBERT Embedding Size
As detailed in Section III-B3, Android application scenarios require a smaller embedding due to the considerably larger token quantities compared to typical textual documents and code files.To find a reasonable trade-off between model computation cost and performance, we conducted an ablation study exploring the impact of DexBERT embedding size on the three downstream tasks.The experiments contain three different sizes for the hidden embedding of the AutoEncoder (AE), specifically 256, 128, and 64.Additionally, we evaluated the performance by directly utilizing the first state vector of the raw DexBERT embedding, which has a size of 768, without applying any dimension reduction from the AutoEncoder.
Table VII reveals that in the task of Malicious Code Localization, a decrease in vector size does not lead to a significant loss in the performance, until the size is reduced to 128.Hence, we concluded that 128 is the optimal size for this task.
As for the tasks of Defect Detection and Component Type Classification, the experimental results demonstrate that a larger embedding size resulted in a considerable improvement in performance.However, a size of 128 also offered a solid trade-off for these two tasks, supporting satisfactory performance with a metric score exceeding 0.9.Please be aware that the choice to use the AUC score for defect detection was made in order to maintain consistency with the metric employed by the primary baseline for this task, namely, smali2vec [14].However, to be consistent with the other two tasks, we have also included the F1 score for this task in Table VII.

B. Ablation Study on Pre-training Tasks
To better understand the pre-training process, we conducted an ablation to confirm the necessity and effectiveness of the two pre-training designs, i.e., MLM and NSP, on the final improvement of the model.
In models like BERT and DexBERT, multi-task learning with MLM and NSP is designed to generate universal features for a variety of tasks.Removing either task diminishes the model's representational power.As demonstrated in Table IX, while MLM alone can achieve relatively good performance, the combination of both pre-training tasks significantly improves the model's performance, reinforcing their mutual importance for capturing the smali bytecode structure and semantics effectively.The results on all three downstream tasks, especially on Defect Detection (DD) and Component Type Classification (CTC) demonstrate the importance of both MLM and NSP pre-training tasks.

C. Comparative Study with other BERT-like Baselines
To better understand the necessity and effectiveness of the pre-training process on Smali code, in this section, we conduct a comparative study to assess the performance of existing BERT-like models that can be directly applied to all three Android downstream tasks without any technical barriers.Specifically, the baselines include BERT [1], CodeBERT [15], and DexBERT without pre-training.With the same reason in Section V-D, we use the first state vector (size 768) of the embedding for all comparative experiments.
The outcomes are shown in Table VIII.Interestingly, each baseline model performed remarkably well for Malicious Code Localization.This can be attributed to the fact that the dataset is artificially generated by inserting malicious code into realworld apps, resulting in a clear separation between positive and negative samples, making them easy to learn from.However, the pre-trained DexBERT model outperformed the baselines with an impressive F1 score of 0.9999, approaching perfection.
For the other two tasks, Defect Detection and Component Type Classification, where datasets were collected from realworld APKs, the pre-trained DexBERT clearly surpassed BERT and CodeBERT by approximately 20 percentage points on both tasks.Furthermore, the performance of DexBERT without pre-training exhibited low performance and instability across the three tasks, which was somewhat expected as it lacked prior knowledge before being fine-tuned on downstream tasks.Overall, the comparative results shown in Table VIII strongly demonstrate the necessity and effectiveness of the DexBERT pre-training process on Smali code.

D. Insights
In this work, we find that the popular NLP representation learning model BERT can be used for Android bytecode without much modification by regarding disassembled Smali instructions as natural language sentences.While it had already been shown that BERT-like models could be used for Source Code, our work shows it can also work directly with raw apps in the absence of original source code.
Still, there are some gaps between natural language and Smali code to mitigate.In particular, NLP problems and Android analysis problems have significantly different application scenarios.NLP problems are usually at the text snippet level, where the base unit is a (short) paragraph (e.g., sentence translation or text classification).However, in Software Engineering and Security for Android applications, there are problems both at the class level and the whole app level, i.e., ranging from a few instructions to millions of instructions.Therefore, embedding aggregation is required when applying instruction embeddings to Android analysis problems.
Besides, while this work is only evaluated on class-level tasks, it is expected to work at other levels (lower or higher).There are no significant technical barriers for lower-level tasks (i.e., method level or statement level) except for the absence of well-labeled datasets.For higher-level tasks (i.e., APK level), further embedding aggregation would be required to support whole-application tasks.

E. Threats to Validity
Our experiments and conclusions may face threats to validity.First, the MYST dataset used for malicious code localization is artificially created and, therefore may not be representative of the real-world landscape of apps.To mitigate this concern, we expanded our evaluation to include realworld apps from Difuzer [39].Moreover, the utility of our malicious code localization model in real-world scenarios could be further assessed by extending its application to a wider variety of malicious behaviours beyond logic bombs.This extension could be an avenue for future work, as it would necessitate significant manual analysis efforts.
Second, the dataset for Android app defect detection was created several years ago.Android applications are constantly evolving over time.How well DexBERT performs on today's apps requires further validation.Therefore, it may be necessary to create new datasets and conduct more comprehensive evaluations on Android app defect detection.

F. Future Work
The proposed DexBERT is validated on three class-level Android analysis tasks.An important aspect would be to extend the range of tasks DexBERT is evaluated on.We identified several tasks (such as malware detection, app clone detection, repackaging identification, etc.) that are of interest to the Research community and that could benefit from our approach.
Besides, we showed DexBERT representation may not always need the complete flow of Smali instructions.However, we investigated only one filtering criterion.Other filtering approaches could be investigated to refine potential trade-offs between computational cost and effectiveness.
Finally, the evaluation datasets for tasks such as malicious code localization and defect detection can be further enhanced by including more recent applications.Given the substantial efforts required to process and construct the new datasets, we plan to undertake this enhancement in a separate study in the future.

VII. RELATED WORK
This study lies at the intersection of the fields of Representation Learning and of Android app analysis.

A. Representation Learning
Recent successes in deep learning have attracted increased interest in applying deep learning techniques to learn representations of programming artifacts for a variety of software engineering tasks [2], [15], [42], [43].
1) Code Representation: Code representation approaches aim to represent source code as feature vectors that contain the semantics and syntactic information of the source code.In general, code representations can be mainly categorized into sequence-based, tree-based, and graph-based representations.The tasks that rely on sequence-based representations consider source code as plain text and use traditional token-based methods to capture lexical information, such as clone detection [44], vulnerability detection [45], and code review [46].Tree-based representations capture features of source code by traversing the AST of the source code.Code2Vec [2] proposes a path-attention model to aggregate the set of AST paths into a vector.TBCNN [47] learns code representations that capture structural information in the AST.Tree-LSTM [48] employs LSTM in learning the network topology of the input tree structure of AST.Graph-based representation approaches [49], [50] represent code as graphs that are associated with programs, such as control flow graph (CFG), control dependency graph (CDG), and data dependency graph (DDG).
Inspired by the recent success of transformer-based language models like BERT [1] and RoBERTa [51] in Natural Language Processing, Feng et al. [15] proposed CodeBERT, which is pre-trained both on programming languages and natural languages.Guo et al. [52] proposed GraphCodeBERT to advance CodeBERT by additionally considering data flow information in pre-training.
1) Android Malicious Code Localization: HsoMiner [81] is an approach to discover HSO (Hidden Sensitive Operation) activities (e.g., stealing user's privacy).Li et al. proposed a tool called HookRanker [82] to automatically localize the malicious packages from piggybacked Android apps based on how malware behavior code is triggered.MKLDroid [13], proposed by Narayanan et al., could be regarded as the first real malicious code localization approach.They consider multiple views of Android apps in a unified framework to detect malware.MKLDroid assigns m-scores to every class, and the classes with the highest m-scores are considered malicious.Ma et al. proposed a deep learning based method called Droidetec [11] for malware detection and malicious code localization by modeling an Android app as a natural language sequence.MKLDroid and Doidetec could achieve a reasonable recall of malicious segments (classes or methods) by sacrificing precision.Recently, Wu et al. proposed a Graph Neural Network based approach [83] for Android malware detection and malicious code localization.Despite the help of manual checks, the obtained accuracy is still far from perfect.
Among these related works above, only MKLDroid [13] provides its replication package.
2) Android App Defect Detection: A software defect is an error or a bug caused by a programmer during the software design and development process.Early approaches for software defect detection [84]- [87] were not easily adaptable for Android applications.
Initial attempts at Android defect prediction [88], [89] focused on extracting code and process metrics from mobile applications.Similarly, object-oriented metrics [26], [90] were employed to build defect prediction models.However, the feature engineering efforts in these approaches limited the verification of their methods' effectiveness to a small number of applications.Additionally, they relied on specific sets of code and process metrics, which might not be universally applicable to other APKs.To address this limitation, Dong et al. proposed smali2vec [14], which automatically extracts features of Smali instructions and inputs them into a deep learning model to identify defective classes.They also provided a benchmark dataset for the community to advance the field of Android defect detection.
Meanwhile, Just-in-Time (JIT) defect prediction [91]- [93] at the commit level has been developed, offering timely feedback for developers to detect defects early.However, class-level prediction methods remain necessary, as they help developers and testers prioritize their efforts by identifying the most defect-prone classes.Additionally, class-level prediction can be useful when a project has a low frequency of commits or uses a different version control system that makes commitlevel prediction difficult.In this work, we focus on class-level Android defect detection.

VIII. CONCLUSION
We propose a pre-trained representation learning model named DexBERT aiming at solving various fine-grained Android analysis problems.Based on Auto-Encoder, we design an aggregation method to overcome the input length limitation problem existing in the original BERT applications.Freezing parameters of the pre-trained DexBERT model, the learned representation is able to be used directly on various classlevel downstream tasks.Comprehensive experimental results demonstrate its effectiveness on malicious code localization, Android application defect detection and component type classification, compared to baseline methods.

IX. DATA AVAILABILITY
All artifacts of this study are available at: https://github.com/Trustworthy-Software/DexBERT

Fig. 3 .
Fig. 3. Illustrations of Different Embedding Aggregation Methods and Fine-tuning of Downstream Tasks.

•
RQ1: Can DexBERT accurately model Smali bytecode?• RQ2: How effective is the DexBERT representation for the task of Malicious Code Localization?• RQ3: How effective is the DexBERT representation for the task of Defect Detection?• RQ4: How effective is the DexBERT representation for the task of Component Type Classification?• RQ5: What are the impacts of different aggregation methods of instruction embeddings?• RQ6: Can DexBERT work with subsets of instructions?

Fig. 4 .
Fig. 4. Loss Curves of Three Pre-training Tasks.The X axis represents the training iteration index and Y axis represents the loss value.

TABLE I EVALUATION
OF PRE-TRAINING TASKS.THE MASKED WORDS PREDICTION TASK IS EVALUATED ON 2 037 400 TOKENS AND THE NEXT SENTENCE PREDICTION TASK IS EVALUATED ON 101 870 INSTRUCTION PAIRS.