LOSVER: Line-Level Modifiability Signal-Guided Vulnerability Detection and Classification
This program is tentative and subject to change.
The increasing prevalence of software vulnerabilities continues to pose serious threats to system security, underscoring the need for accurate and scalable techniques for vulnerability detection and classification. While Pre-trained Language Models (PLMs) have shown strong potential in vulnerability analysis, most existing methods provide no explicit guidance on which parts of the input code are more likely to be vulnerable. As a result, the model must infer token-level relevance without any indication of which parts are important, making it harder to learn the characteristics of vulnerable code during training. To address this limitation, we propose LOSVER (Line-level mOdifiability Signal-guided VulnERability analyzer), a novel two-stage framework that enhances PLM-based vulnerability analysis by incorporating line-level modifiability signals. In the first stage, LOSVER localizes modifiable lines. These are code segments likely to be changed in the future due to instability or complexity, which are often associated with vulnerabilities. In the second stage, the model assigns greater importance to the predicted modifiable lines, allowing the PLM to focus on potentially vulnerable regions during both training and inference. We evaluated LOSVER with two widely used benchmark datasets: Devign, for function-level vulnerability detection, and Big-Vul, for function-level vulnerability classification with Common Weakness Enumeration (CWE) ID labels. Experimental results show that LOSVER improves detection accuracy on Devign by approximately 4 percentage points and increases the weighted F1-score for CWE ID classification on Big-Vul by over 2 points, when applied on top of the UniXcoder baseline. We also conducted experiments on the PrimeVul dataset, which focuses on vulnerability–patch pairs, and observed meaningful improvements in pair-wise detection. These results demonstrate that integrating line-level modifiability signals significantly enhances the effectiveness of PLM-based software vulnerability analysis across both detection and classification tasks.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
11:00 - 12:30 | |||
11:00 10mTalk | Vulnerability-Affected Versions Identification: How Far Are We? Research Papers Xingchu Chen Institute of Information Engineering, CAS; School of Cyber Security, UCAS, Chengwei Liu Nanyang Technological University, Jialun Cao Hong Kong University of Science and Technology, Yang Xiao Chinese Academy of Sciences, Xinyue Cai Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jingyi Shi Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, tianqi sun Institute of Information Engineering, Chinese Academy of Sciences, Haiming Chen Institute of Software, Chinese Academy of Sciences, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences | ||
11:10 10mTalk | LOSVER: Line-Level Modifiability Signal-Guided Vulnerability Detection and Classification Research Papers Doha Nam Korea Advanced Institute of Science and Technology, Jongmoon Baik Korea Advanced Institute of Science and Technology | ||
11:20 10mTalk | VERCATION: Precise Vulnerable Open-source Software Version Identification based on Static Analysis and LLM Journal-First Track Yiran Cheng Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Ting Zhang Monash University, Lwin Khin Shar Singapore Management University, Shouguo Yang Zhongguancun Laboratory, Beijing, China, Chaopeng Dong Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, David Lo Singapore Management University, Shichao Lv Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiqiang Shi Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
11:30 10mTalk | Not Every Patch is an Island: LLM-Enhanced Identification of Multiple Vulnerability Patches Research Papers Yi Song School of Computer Science, Wuhan University, Dongchen Xie School of Cyber Science and Engineering, Wuhan University, Lin Xu School of Cyber Science and Engineering, Wuhan University, He Zhang School of Computer Science, Wuhan University, Chunying Zhou School of Computer Science, Wuhan University, Xiaoyuan Xie Wuhan University | ||
11:40 10mTalk | Vul-R2: A Reasoning LLM for Automated Vulnerability Repair Research Papers Xin-Cheng Wen Harbin Institute of Technology, Zirui Lin Harbin Institute of Technology, Shenzhen, Yijun Yang Tencent AI Lab, Cuiyun Gao Harbin Institute of Technology, Shenzhen, Deheng Ye Tencent AI Lab | ||
11:50 10mTalk | DeepExploitor: LLM-Enhanced Automated Exploitation of DeepLink Attack in Hybrid Apps Research Papers Zhangyue Zhang Fudan University, Lei Zhang Fudan University, Zhibo Zhang Huazhong University of Science and Technology, Yongheng Liu Fudan University, Zhemin Yang Fudan University, Yuan Zhang Fudan University, Min Yang Fudan University | ||
12:00 10mTalk | Demystifying Cookie Sharing Risks in WebView-based Mobile App-in-app Ecosystems Research Papers Miao Zhang Beijing University of Posts and Telecommunications, Shenao Wang Huazhong University of Science and Technology, Guilin Zheng Beijing University of Posts and Telecommunications, Yanjie Zhao Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology | ||
12:10 10mTalk | Hit The Bullseye On The First Shot: Improving LLMs Using Multi-Sample Self-Reward Feedback for Vulnerability Repair Research Papers Rui Jiao Xidian University, Yue Zhang Drexel University, Jinku Li Xidian University, Jianfeng Ma Xidian University | ||
12:20 10mTalk | Propagation-Based Vulnerability Impact Assessment for Software Supply Chains Research Papers Bonan Ruan National University of Singapore, Zhiwei Lin National University of Singapore, Jiahao Liu National University of Singapore, Chuqi Zhang National University of Singapore, Kaihang Ji National University of Singapore, Zhenkai Liang National University of Singapore Pre-print | ||