VulLibGen: Generating Names of Vulnerability-Affected Packages via a Large Language Model (2024.acl-long)
Copied to clipboard
Tianyu Chen, Lin Li, ZhuLiuchuan ZhuLiuchuan, Zongyang Li, Xueqing Liu, Guangtai Liang, Qianxiang Wang, Tao Xie
| Challenge: | Existing work on affected package identification is limited by large language models . a recent study shows that 84% third-party packages contain security vulnerabilities . |
| Approach: | They propose a method to use LLM to generate the affected package . they propose supervised fine-tuning, retrieval augmented generation and a local search algorithm . |
| Outcome: | The proposed method has an average precision of 0.806 for identifying vulnerable packages in four most popular ecosystems in GitHub Advisory. |
Similar Papers
Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning (2024.findings-acl)
Copied to clipboard
| Challenge: | Existing CodePre-trained models struggle to generalize due to superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities. |
| Approach: | They propose a framework that integrates multi-task learning with Large Language Models to effectively mine deep-seated vulnerability features. |
| Outcome: | The proposed framework surpasses seven state-of-the-art models in effectiveness, generalization, and robustness. |
Boosting Vulnerability Detection of LLMs via Curriculum Preference Optimization with Synthetic Reasoning Data (2025.findings-acl)
Copied to clipboard
| Challenge: | Large language models (LLMs) are capable of detecting software vulnerabilities, but lack of reasoning data hinders their ability to capture underlying vulnerability patterns. |
| Approach: | They propose a framework that excels at mining vulnerability patterns through reasoning data synthesizing and vulnerability-specific preference optimization. |
| Outcome: | The proposed framework improves on SVEN and PrimeVul datasets and improves 12.24%-22.77% accuracy. |
RealVul: Can We Detect Vulnerabilities in Web Applications with LLM? (2024.emnlp-main)
Copied to clipboard
| Challenge: | a lack of research specifically focused on vulnerabilities in the PHP language hinders the model’s ability to effectively capture the characteristics of specific vulnerabilities. |
| Approach: | They propose a framework that can isolate potential vulnerability triggers while streamlining code and eliminating unnecessary semantic information. |
| Outcome: | The proposed framework can isolate potential vulnerability triggers while streamlining the code and eliminating unnecessary semantic information. |
Benchmarking LLMs and LLM-based Agents in Practical Vulnerability Detection for Code Repositories (2025.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have shown promise in software vulnerability detection, especially on function-level benchmarks like Devign and BigVul. |
| Approach: | They propose a JIT vulnerability detection benchmark linking each function to its vulnerability-introducing and fixing commits. |
| Outcome: | The proposed JIT vulnerability detection benchmark enables comprehensive evaluation of detection capabilities. |
SafeRAG: Benchmarking Security in Retrieval-Augmented Generation of Large Language Model (2025.acl-long)
Copied to clipboard
Xun Liang, Simin Niu, Zhiyu Li, Sensen Zhang, Hanyu Wang, Feiyu Xiong, Zhaoxin Fan, Bo Tang, Jihao Zhao, Jiawei Yang, Shichao Song, Mengwei Wang
| Challenge: | Existing approaches to integrating external knowledge into large language models (LLMs) however, the incorporation of external knowledge increases the vulnerability of LLMs . |
| Approach: | They propose a benchmark to evaluate the RAG security using a dataset . they classify attack tasks into silver noise, inter-context conflict, soft ad, and white Denial-of-Service . |
| Outcome: | The proposed benchmark evaluates the security of RAG against 14 representative RAG components. |
DVAGen: Dynamic Vocabulary Augmented Generation (2025.emnlp-demos)
Copied to clipboard
| Challenge: | Existing dynamic vocabulary approaches struggle to generalize to novel or out-of-vocabulary words, limiting their flexibility in handling diverse token combinations. |
| Approach: | They propose an open-source framework for training, evaluation, and visualization of dynamic vocabulary-augmented language models. |
| Outcome: | The proposed framework validates the effectiveness of dynamic vocabulary-augmented language models on modern LLMs and shows support for batch inference significantly improving inference throughput. |
AutoDetect: Towards a Unified Framework for Automated Weakness Detection in Large Language Models (2024.findings-emnlp)
Copied to clipboard
Jiale Cheng, Yida Lu, Xiaotao Gu, Pei Ke, Xiao Liu, Yuxiao Dong, Hongning Wang, Jie Tang, Minlie Huang
| Challenge: | Large Language Models (LLMs) exhibit significant but subtle weaknesses, such as mistakes in instruction-following or coding tasks. |
| Approach: | They propose a framework to automatically expose weaknesses in Large Language Models (LLMs) they use three LLM-powered agents to perform comprehensive weakness identification . |
| Outcome: | The proposed framework shows that it is more effective than untargeted data augmentation methods like Self-Instruct to identify weaknesses in LLMs. |
Beyond Static Rules: Automated Discovery of Latent Vulnerabilities in Text-to-SQL (2026.findings-acl)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have been successful in Text-to-SQL tasks, but their deployment in real-world environments is hindered by latent reliability issues. |
| Approach: | They propose a framework to autonomously uncover latent failure patterns in LLM-based Text-to-SQL generation. |
| Outcome: | The proposed framework uncovers a substantial number of failure cases on state-of-the-art open-source LLMs. |
CLeVeR: Multi-modal Contrastive Learning for Vulnerability Code Representation (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing methods for detecting code capture the overall semantics of the code rather than its intrinsic vulnerability-specific semantics. |
| Approach: | They propose an approach that leverages contrastive learning to generate precise vulnerability code representations under the supervision of vulnerability descriptions. |
| Outcome: | The proposed approach outperforms state-of-the-art methods in vulnerability detection tasks by 11.85% and 13.61%. |
Vulnerabilities of Large Language Models to Adversarial Attacks (2024.acl-tutorials)
Copied to clipboard
| Challenge: | This tutorial focuses on the vulnerabilities of Large Language Models to adversarial attacks . the tutorial lays the foundation by explaining safety-aligned models and concepts in cybersecurity . |
| Approach: | This tutorial lays the foundation by explaining safety-aligned LLMs and concepts in cybersecurity. |
| Outcome: | The tutorial lays the foundation by explaining safety-aligned models and concepts in cybersecurity. |