IRIS

Existing software vulnerability detection methods based on deep-learning and large language models are effective in the identification of vulnerable source code snippets. Their effectiveness, however, decreases when applied to localize the vulnerability-related statements, i.e., those statements in code snippets that lead to the vulnerabilities. In this paper, we document an exploratory comparison of different mechanisms that can be applied to enhance such existing vulnerability detection methods with domain knowledge information. To this aim, a transformer-based vulnerability detection method has been enhanced with several mechanisms and an experiment has been conducted on a real-life dataset. Results show that the domain knowledge information used is more relevant than the used enhancement mechanism.

Enhancing Vulnerability Detection with Domain Knowledge: A Comparison of Different Mechanisms / Marchetto, Alessandro; Lekeufack Foulefack, Rosmael Zidane. - 15383:(2025), pp. 95-113. (Intervento presentato al convegno 36th IFIP WG 6.1 International Conference on Testing Software and Systems (ICTSS 2024) tenutosi a London nel October 30 - November 1, 2024) [10.1007/978-3-031-80889-0_7].

Enhancing Vulnerability Detection with Domain Knowledge: A Comparison of Different Mechanisms

Alessandro Marchetto
;Rosmael Zidane Lekeufack Foulefack
2025-01-01

Abstract

Existing software vulnerability detection methods based on deep-learning and large language models are effective in the identification of vulnerable source code snippets. Their effectiveness, however, decreases when applied to localize the vulnerability-related statements, i.e., those statements in code snippets that lead to the vulnerabilities. In this paper, we document an exploratory comparison of different mechanisms that can be applied to enhance such existing vulnerability detection methods with domain knowledge information. To this aim, a transformer-based vulnerability detection method has been enhanced with several mechanisms and an experiment has been conducted on a real-life dataset. Results show that the domain knowledge information used is more relevant than the used enhancement mechanism.
2025
Testing Software and Systems. ICTSS 2024. Lecture Notes in Computer Science
Cham (SW)
Springer Cham
9783031808883
2-s2.0-85218450964
Marchetto, Alessandro; Lekeufack Foulefack, Rosmael Zidane
Enhancing Vulnerability Detection with Domain Knowledge: A Comparison of Different Mechanisms / Marchetto, Alessandro; Lekeufack Foulefack, Rosmael Zidane. - 15383:(2025), pp. 95-113. (Intervento presentato al convegno 36th IFIP WG 6.1 International Conference on Testing Software and Systems (ICTSS 2024) tenutosi a London nel October 30 - November 1, 2024) [10.1007/978-3-031-80889-0_7].
File in questo prodotto:
File Dimensione Formato  
1.pdf

Solo gestori archivio

Descrizione: PDF paper
Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 3 MB
Formato Adobe PDF
  Visualizza/Apri
3 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/449210
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact