English
Related papers

Related papers: A Dual-Loop Agent Framework for Automated Vulnerab…

200 papers

While recent approaches leverage large language models (LLMs) and multi-agent pipelines to automatically generate proof-of-concept (PoC) exploits from vulnerability reports, existing systems often suffer from two fundamental limitations:…

Cryptography and Security · Computer Science 2026-04-10 Phan The Duy , Khoa Ngo-Khanh , Nguyen Huu Quyen , Van-Hau Pham

Recent advances in Large Language Models (LLMs) have brought remarkable progress in code understanding and reasoning, creating new opportunities and raising new concerns for software security. Among many downstream tasks, generating…

Software Engineering · Computer Science 2025-10-14 Mengyao Zhao , Kaixuan Li , Lyuye Zhang , Wenjing Dang , Chenggong Ding , Sen Chen , Zheli Liu

Proof-of-Vulnerability (PoV) generation is a critical task in software security, serving as a cornerstone for vulnerability validation, false positive reduction, and patch verification. While directed fuzzing effectively drives path…

Software Engineering · Computer Science 2026-02-17 Haoyu Li , Xijia Che , Yanhao Wang , Xiaojing Liao , Luyi Xing

The adoption of Large Language Models (LLMs) for automated software vulnerability patching has shown promising outcomes on carefully curated evaluation sets. Nevertheless, existing datasets predominantly rely on superficial validation…

Software Engineering · Computer Science 2025-09-04 Weizhe Wang , Wei Ma , Qiang Hu , Yao Zhang , Jianfei Sun , Bin Wu , Yang Liu , Guangquan Xu , Lingxiao Jiang

Despite the critical threat posed by software security vulnerabilities, reports are often incomplete, lacking the proof-of-vulnerability (PoV) tests needed to validate fixes and prevent regressions. These tests are crucial not only for…

Software Engineering · Computer Science 2025-07-22 Vikram Nitin , Baishakhi Ray , Roshanak Zilouchian Moghaddam

Recently Large Language Models (LLMs) have been used in security-related tasks, including generating proof-of-concept (PoC) exploits. Several LLM-assisted approaches have been proposed; they typically generate PoCs from vulnerability…

Software Engineering · Computer Science 2026-05-14 Derin Gezgin , Amartya Das , Shinhae Kim , Zhengdong Huang , Nevena Stojkovic , Claire Wang

Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior…

Cryptography and Security · Computer Science 2025-11-17 Alireza Lotfi , Charalampos Katsis , Elisa Bertino

Smart contracts are a critical component of blockchain systems. Due to the large amount of digital assets carried by smart contracts, their security is of critical importance. Although numerous tools have been developed for detecting smart…

Software Engineering · Computer Science 2026-04-21 Jingwen Zhang , Yuhong Nan , Kaiwen Ning , Mingxi Ye , Wei Li , Yuming Xiao , Yuming Feng , Weizhe Zhang , Zibin Zheng

Software developers frequently receive vulnerability reports that require them to reproduce the vulnerability in a reliable manner by generating a proof-of-concept (PoC) input that triggers it. Given the source code for a software project…

Software Engineering · Computer Science 2026-04-10 Achintya Desai , Md Shafiuzzaman , Wenbo Guo , Tevfik Bultan

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and…

Autonomous large language model (LLM) based systems have recently shown promising results across a range of cybersecurity tasks. However, there is no systematic study on their effectiveness in autonomously reproducing Linux kernel…

Cryptography and Security · Computer Science 2026-02-20 Juefei Pu , Xingyu Li , Zhengchuan Liang , Jonathan Cox , Yifan Wu , Kareem Shehada , Arrdya Srivastav , Zhiyun Qian

Evaluating and improving the security capabilities of code agents requires high-quality, executable vulnerability tasks. However, existing works rely on costly, unscalable manual reproduction and suffer from outdated data distributions. To…

Cryptography and Security · Computer Science 2026-05-19 Xianzhen Luo , Jingyuan Zhang , Shiqi Zhou , Rain Huang , Chuan Xiao , Qingfu Zhu , Zhiyuan Ma , Xing Yue , Yang Yue , Wencong Zeng , Wanxiang Che

Smart contracts operate in a highly adversarial environment, where vulnerabilities can lead to substantial financial losses. Thus, smart contracts are subject to security audits. In auditing, proof-of-concept (PoC) exploits play a critical…

Cryptography and Security · Computer Science 2026-05-27 Vivi Andersson , Sofia Bobadilla , Harald Hobbelhagen , Martin Monperrus

Smart contracts are commonly audited through static analysis to explore vulnerabilities. However, static approaches typically produce heterogeneous findings rather than reproducible, executable proof-of-concept (PoC) test cases, leading to…

Software Engineering · Computer Science 2026-04-02 Longfei Chen , Ruibin Yan , Taiyu Wong , Yiyang Chen , Jialai Wang , Chao Zhang

The Proof-of-Concept (PoC) for a vulnerability is crucial in validating its existence, mitigating false positives, and illustrating the severity of the security threat it poses. However, research on PoCs significantly lags behind studies…

Software Engineering · Computer Science 2025-10-22 Wenjing Dang , Kaixuan Li , Sen Chen , Zhenwei Zhuo , Lyuye Zhang , Zheli Liu

The rapid advancement of Large Language Models (LLMs) presents new opportunities for automated software vulnerability detection, a crucial task in securing modern codebases. This paper presents a comparative study on the effectiveness of…

Software Engineering · Computer Science 2026-01-05 Md Hasan Saju , Maher Muhtadi , Akramul Azim

Developers create modern software applications (Apps) on top of third-party libraries (Libs). When library vulnerabilities are reachable through application code, the applications can be vulnerable to software supply chain attacks. Prior…

Cryptography and Security · Computer Science 2026-05-06 Shravya Kanchi , Xiaoyan Zang , Ying Zhang , Danfeng Yao , Na Meng

Machine learning and Large language models (LLMs) for vulnerability detection has received significant attention in recent years. Unfortunately, state-of-the-art techniques show that LLMs are unsuccessful in even distinguishing the…

Cryptography and Security · Computer Science 2025-08-05 Mohammed Sayagh , Mohammad Ghafari

Security vulnerabilities in software packages are a significant concern for developers and users alike. Patching these vulnerabilities in a timely manner is crucial to restoring the integrity and security of software systems. However,…

Cryptography and Security · Computer Science 2025-09-30 Deniz Simsek , Aryaz Eghbali , Michael Pradel

While recent LLM-based agents can identify many candidate bugs in source code, their reports remain static hypotheses that require manual validation, limiting the practicality of automated bug detection. We frame this challenge as a test…

Software Engineering · Computer Science 2026-04-15 Zijie Zhao , Chenyuan Yang , Weidong Wang , Yihan Yang , Ziqi Zhang , Lingming Zhang
‹ Prev 1 2 3 10 Next ›