English

Boosting Cybersecurity Vulnerability Scanning based on LLM-supported Static Application Security Testing

Cryptography and Security 2024-11-25 v3

Abstract

The current cybersecurity landscape is increasingly complex, with traditional Static Application Security Testing (SAST) tools struggling to capture complex and emerging vulnerabilities due to their reliance on rule-based matching. Meanwhile, Large Language Models (LLMs) have demonstrated powerful code analysis capabilities, but their static training data and privacy risks limit their effectiveness. To overcome the limitations of both approaches, we propose LSAST, a novel approach that integrates LLMs with SAST scanners to enhance vulnerability detection. LSAST leverages a locally hostable LLM, combined with a state-of-the-art knowledge retrieval system, to provide up-to-date vulnerability insights without compromising data privacy. We set a new benchmark for static vulnerability analysis, offering a robust, privacy-conscious solution that bridges the gap between traditional scanners and advanced AI-driven analysis. Our evaluation demonstrates that incorporating SAST results into LLM analysis significantly improves detection accuracy, identifying vulnerabilities missed by conventional methods.

Keywords

Cite

@article{arxiv.2409.15735,
  title  = {Boosting Cybersecurity Vulnerability Scanning based on LLM-supported Static Application Security Testing},
  author = {Mete Keltek and Rong Hu and Mohammadreza Fani Sani and Ziyue Li},
  journal= {arXiv preprint arXiv:2409.15735},
  year   = {2024}
}

Comments

Under Review of IEEE SaTML 2024

R2 v1 2026-06-28T18:54:48.287Z