Revisiting Vulnerability Patch Localization: An Empirical Study and LLM-Based Solution
- URL: http://arxiv.org/abs/2509.15777v2
- Date: Sun, 28 Sep 2025 10:59:10 GMT
- Title: Revisiting Vulnerability Patch Localization: An Empirical Study and LLM-Based Solution
- Authors: Haoran Xu, Chen Zhi, Junxiao Han, Xinkui Zhao, Jianwei Yin, Shuiguang Deng,
- Abstract summary: Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity.<n>Traditional detection methods face significant scalability challenges when processing large volumes of commit histories.<n>We propose a novel two-stage framework that combines version-driven candidate filtering with large language model-based multi-round dialogue voting.
- Score: 44.388332647211776
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when processing large volumes of commit histories, while being prone to human errors and omissions. Existing automated approaches, including heuristic-based methods and pre-trained model solutions, suffer from limited accuracy, poor generalization capabilities, and inherent methodological constraints that hinder their practical deployment. To address these fundamental challenges, this paper conducts a comprehensive empirical study of existing vulnerability patch detection methods, revealing four key insights that guide the design of effective solutions: the critical impact of search space reduction, the superiority of pre-trained semantic understanding over architectural complexity, the temporal limitations of web crawling approaches, and the advantages of knowledge-driven methods. Based on these insights, we propose a novel two-stage framework that combines version-driven candidate filtering with large language model-based multi-round dialogue voting to achieve accurate and efficient vulnerability patch identification. Extensive experiments on a dataset containing 750 real vulnerabilities demonstrate that our method outperforms current approaches.
Related papers
- Deep Learning Models for Robust Facial Liveness Detection [56.08694048252482]
This study introduces a robust solution through novel deep learning models addressing the deficiencies in contemporary anti-spoofing techniques.<n>By innovatively integrating texture analysis and reflective properties associated with genuine human traits, our models distinguish authentic presence from replicas with remarkable precision.
arXiv Detail & Related papers (2025-08-12T17:19:20Z) - Advancing Embodied Agent Security: From Safety Benchmarks to Input Moderation [52.83870601473094]
Embodied agents exhibit immense potential across a multitude of domains.<n>Existing research predominantly concentrates on the security of general large language models.<n>This paper introduces a novel input moderation framework, meticulously designed to safeguard embodied agents.
arXiv Detail & Related papers (2025-04-22T08:34:35Z) - Vulnerability Detection: From Formal Verification to Large Language Models and Hybrid Approaches: A Comprehensive Overview [3.135279672650891]
This paper focuses on state-of-the-art software testing and verification.<n>It focuses on three key approaches: classical formal methods, LLM-based analysis, and emerging hybrid techniques.<n>We analyze whether integrating formal rigor with LLM-driven insights can enhance the effectiveness and scalability of software verification.
arXiv Detail & Related papers (2025-03-13T18:22:22Z) - Deep Learning Aided Software Vulnerability Detection: A Survey [3.4396557936415686]
The pervasive nature of software vulnerabilities has emerged as a primary factor for the surge in cyberattacks.<n>Deep learning (DL) methods excel at automatically learning and identifying complex patterns in code.<n>This survey analyzes 34 relevant studies from high-impact journals and conferences between 2017 and 2024.
arXiv Detail & Related papers (2025-03-06T01:35:16Z) - LLMs in Software Security: A Survey of Vulnerability Detection Techniques and Insights [12.424610893030353]
Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection.<n>This paper provides a detailed survey of LLMs in vulnerability detection.<n>We address challenges such as cross-language vulnerability detection, multimodal data integration, and repository-level analysis.
arXiv Detail & Related papers (2025-02-10T21:33:38Z) - SoK: Towards Effective Automated Vulnerability Repair [11.028015952491991]
The increasing prevalence of software vulnerabilities necessitates automated vulnerability repair (AVR) techniques.<n>This Systematization of Knowledge (SoK) provides a comprehensive overview of the landscape, encompassing both synthetic and real-world vulnerabilities.
arXiv Detail & Related papers (2025-01-31T00:35:55Z) - Leveraging Mixture of Experts for Improved Speech Deepfake Detection [53.69740463004446]
Speech deepfakes pose a significant threat to personal security and content authenticity.
We introduce a novel approach for enhancing speech deepfake detection performance using a Mixture of Experts architecture.
arXiv Detail & Related papers (2024-09-24T13:24:03Z) - Dynamic Vulnerability Criticality Calculator for Industrial Control Systems [0.0]
This paper introduces an innovative approach by proposing a dynamic vulnerability criticality calculator.
Our methodology encompasses the analysis of environmental topology and the effectiveness of deployed security mechanisms.
Our approach integrates these factors into a comprehensive Fuzzy Cognitive Map model, incorporating attack paths to holistically assess the overall vulnerability score.
arXiv Detail & Related papers (2024-03-20T09:48:47Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs.
Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.