English

LLM-based Vulnerable Code Augmentation: Generate or Refactor?

Cryptography and Security 2026-02-11 v2 Artificial Intelligence

Abstract

Vulnerability code-bases often suffer from severe imbalance, limiting the effectiveness of Deep Learning-based vulnerability classifiers. Data Augmentation could help solve this by mitigating the scarcity of under-represented vulnerability types. In this context, we investigate LLM-based augmentation for vulnerable functions, comparing controlled generation of new vulnerable samples with semantics-preserving refactoring of existing ones. Using Qwen2.5-Coder to produce augmented data and CodeBERT as a classifier on the SVEN dataset, we find that our approaches are indeed effective in enriching vulnerable code-bases through a simple process and with reasonable quality, and that a hybrid strategy best boosts vulnerability classifiers' performance. Code repository is available here : https://github.com/DynaSoumhaneOuchebara/LLM-based-code-augmentation-Generate-or-Refactor-

Keywords

Cite

@article{arxiv.2512.08493,
  title  = {LLM-based Vulnerable Code Augmentation: Generate or Refactor?},
  author = {Dyna Soumhane Ouchebara and Stéphane Dupont},
  journal= {arXiv preprint arXiv:2512.08493},
  year   = {2026}
}

Comments

15 pages, Accepted by ESAAN 2026, version with added appendix

R2 v1 2026-07-01T08:16:44.845Z