English
Related papers

Related papers: Towards Effective Complementary Security Analysis …

200 papers
Comparison of Static Application Security Testing Tools and Large Language Models for Repo-level Vulnerability Detection

Software vulnerabilities pose significant security challenges and potential risks to society, necessitating extensive efforts in automated vulnerability detection. There are two popular lines of work to address automated vulnerability…

Software Engineering · Computer Science 2024-07-24 Xin Zhou , Duc-Manh Tran , Thanh Le-Cong , Ting Zhang , Ivana Clairine Irsan , Joshua Sumarlin , Bach Le , David Lo
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering

Static Application Security Testing (SAST) tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives (FPs), imposing a substantial manual triage burden on developers. Recent…

Software Engineering · Computer Science 2026-02-02 Yunpeng Xiong , Ting Zhang
Boosting Cybersecurity Vulnerability Scanning based on LLM-supported Static Application Security Testing

The current cybersecurity landscape is increasingly complex, with traditional Static Application Security Testing (SAST) tools struggling to capture complex and emerging vulnerabilities due to their reliance on rule-based matching.…

Cryptography and Security · Computer Science 2024-11-25 Mete Keltek , Rong Hu , Mohammadreza Fani Sani , Ziyue Li
LLM-Driven SAST-Genius: A Hybrid Static Analysis Framework for Comprehensive and Actionable Security

This report examines the synergy between Large Language Models (LLMs) and Static Application Security Testing (SAST) to improve vulnerability discovery. Traditional SAST tools, while effective for proactive security, are limited by high…

Cryptography and Security · Computer Science 2025-11-06 Vaibhav Agrawal , Kiarash Ahi
Harnessing Large Language Models for Software Vulnerability Detection: A Comprehensive Benchmarking Study

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi
Reducing False Positives in Static Bug Detection with LLMs: An Empirical Study in Industry

Static analysis tools (SATs) are widely adopted in both academia and industry for improving software quality, yet their practical use is often hindered by high false positive rates, especially in large-scale enterprise systems. These false…

Software Engineering · Computer Science 2026-01-28 Xueying Du , Jiayi Feng , Yi Zou , Wei Xu , Jie Ma , Wei Zhang , Sisi Liu , Xin Peng , Yiling Lou
Understanding the Effectiveness of Large Language Models in Detecting Security Vulnerabilities

While automated vulnerability detection techniques have made promising progress in detecting security vulnerabilities, their scalability and applicability remain challenging. The remarkable performance of Large Language Models (LLMs), such…

Cryptography and Security · Computer Science 2024-10-24 Avishree Khare , Saikat Dutta , Ziyang Li , Alaia Solko-Breslin , Rajeev Alur , Mayur Naik
Utilizing Precise and Complete Code Context to Guide LLM in Automatic False Positive Mitigation

Static Application Security Testing (SAST) tools are critical to software quality, identifying potential code issues early in development. However, they often produce false positive warnings that require manual review, slowing down…

Software Engineering · Computer Science 2025-06-03 Jinbao Chen , Hongjing Xiang , Zuohong Zhao , Luhao Li , Yu Zhang , Boyao Ding , Qingwei Li , Songyuan Xiong
LLM vs. SAST: A Technical Analysis on Detecting Coding Bugs of GPT4-Advanced Data Analysis

With the rapid advancements in Natural Language Processing (NLP), large language models (LLMs) like GPT-4 have gained significant traction in diverse applications, including security vulnerability scanning. This paper investigates the…

Cryptography and Security · Computer Science 2025-06-19 Madjid G. Tehrani , Eldar Sultanow , William J. Buchanan , Mahkame Houmani , Christel H. Djaha Fodja
An Automated Attack Investigation Approach Leveraging Threat-Knowledge-Augmented Large Language Models

Advanced Persistent Threats (APTs) are prolonged, stealthy intrusions by skilled adversaries that compromise high-value systems to steal data or disrupt operations. Reconstructing complete attack chains from massive, heterogeneous logs is…

Cryptography and Security · Computer Science 2025-09-03 Rujie Dai , Peizhuo Lv , Yujiang Gui , Qiujian Lv , Yuanyuan Qiao , Yan Wang , Degang Sun , Weiqing Huang , Yingjiu Li , XiaoFeng Wang
LLMs in Software Security: A Survey of Vulnerability Detection Techniques and Insights

Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection, addressing critical challenges in the security domain. Traditional methods, such as static and dynamic analysis, often falter due to…

Cryptography and Security · Computer Science 2025-02-19 Ze Sheng , Zhicheng Chen , Shuning Gu , Heqing Huang , Guofei Gu , Jeff Huang
Can LLM Prompting Serve as a Proxy for Static Analysis in Vulnerability Detection

Despite their remarkable success, large language models (LLMs) have shown limited ability on safety-critical code tasks such as vulnerability detection. Typically, static analysis (SA) tools, like CodeQL, CodeGuru Security, etc., are used…

Cryptography and Security · Computer Science 2025-09-15 Ira Ceka , Feitong Qiao , Anik Dey , Aastha Valecha , Gail Kaiser , Baishakhi Ray
Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six…

Software Engineering · Computer Science 2025-08-07 Damian Gnieciak , Tomasz Szandala
An Insight into Security Code Review with LLMs: Capabilities, Obstacles, and Influential Factors

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai
Safety-Aware Fine-Tuning of Large Language Models

Fine-tuning Large Language Models (LLMs) has emerged as a common practice for tailoring models to individual needs and preferences. The choice of datasets for fine-tuning can be diverse, introducing safety concerns regarding the potential…

Computation and Language · Computer Science 2024-10-15 Hyeong Kyu Choi , Xuefeng Du , Yixuan Li
ZeroFalse: Improving Precision in Static Analysis with LLMs

Static Application Security Testing (SAST) tools are integral to modern software development, yet their adoption is undermined by excessive false positives that weaken developer trust and demand costly manual triage. We present ZeroFalse, a…

Software Engineering · Computer Science 2025-10-06 Mohsen Iranmanesh , Sina Moradi Sabet , Sina Marefat , Ali Javidi Ghasr , Allison Wilson , Iman Sharafaldin , Mohammad A. Tayebi
A Preliminary Study on Using Large Language Models in Software Pentesting

Large language models (LLM) are perceived to offer promising potentials for automating security tasks, such as those found in security operation centers (SOCs). As a first step towards evaluating this perceived potential, we investigate the…

Cryptography and Security · Computer Science 2024-02-01 Kumar Shashwat , Francis Hahn , Xinming Ou , Dmitry Goldgof , Lawrence Hall , Jay Ligatti , S. Raj Rajgopalan , Armin Ziaie Tabari
Explaining Software Vulnerabilities with Large Language Models

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

Software Engineering · Computer Science 2025-11-07 Oshando Johnson , Alexandra Fomina , Ranjith Krishnamurthy , Vaibhav Chaudhari , Rohith Kumar Shanmuganathan , Eric Bodden
Can LLMs Patch Security Issues?

Large Language Models (LLMs) have shown impressive proficiency in code generation. Unfortunately, these models share a weakness with their human counterparts: producing code that inadvertently has security vulnerabilities. These…

Cryptography and Security · Computer Science 2024-10-17 Kamel Alrashedy , Abdullah Aljasser , Pradyumna Tambwekar , Matthew Gombolay
Feasibility Study for Supporting Static Malware Analysis Using LLM

Large language models (LLMs) are becoming more advanced and widespread and have shown their applicability to various domains, including cybersecurity. Static malware analysis is one of the most important tasks in cybersecurity; however, it…

Cryptography and Security · Computer Science 2024-11-25 Shota Fujii , Rei Yamagishi
‹ Prev 1 2 3 10 Next ›