Towards Generalizable Instruction Vulnerability Prediction via LLM-Enhanced Code Representation
This program is tentative and subject to change.
Discovering potential vulnerabilities has long been a fundamental goal in software security. Among them, bit flips, caused by hardware or environmental disturbances, are increasingly recognized as a new type of vulnerabilities that threaten program reliability at the instruction level. However, existing work is often restricted to individual programs and requires retraining when applied to unseen code, severely limiting their practicality and responsiveness. In this paper, we propose CIVP, a novel framework for context-aware instruction vulnerability prediction, generalizing to unseen programs without retraining. Specifically, to capture the rich contextual semantics of instructions, CIVP first leverages Large Language Models (LLMs) to accurately extract semantic embeddings of instructions. Then, CIVP further constructs an instruction execution graph containing complex relations of program execution, which implicates the potential path of error propagation. To improve instruction representation for vulnerability prediction, CIVP enhances GraphSAGE with multi-hop diffusion to capture inter-program structural patterns and contextual dependencies, and adopts pseudo-labeling to improve the model’s generalization for vulnerable instructions. Extensive experiments on a dataset of 26 real-world programs demonstrate that CIVP significantly outperforms the state-of-the-art approaches, achieving up to 20.5%↑ Recall and 18.5%↑ F1-score improvements. Notably, CIVP generalizes well to unseen programs, offering an efficient and scalable solution for proactive instruction-level hardening before software deployment.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Towards Generalizable Instruction Vulnerability Prediction via LLM-Enhanced Code Representation Research Papers Bao Wen Nanjing University of Aeronautics and Astronautics, Jingjing Gu Nanjing University of Aeronautics and Astronautics, Jingxuan Zhang Nanjing University of Aeronautics and Astronautics, Yang Liu Nanyang Technological University, Pengfei Yu Nanjing University of Aeronautics and Astronautics, Yanchao Zhao Nanjing University of Aeronautics and Astronautics | ||
14:10 10mTalk | Interpretable Vulnerability Detection Reports Research Papers Claudia Mamede Carnegie Mellon University, Jose Campos FEUP & LASIGE, Claire Le Goues Carnegie Mellon University, Rui Abreu Faculty of Engineering of the University of Porto, Portugal | ||
14:20 10mTalk | Security Debt in LLM Agent Applications: A Measurement Study of Vulnerabilities and Mitigation Trade-offs Research Papers Zhuoxiang Shen Fudan University, Jiarun Dai Fudan University, Yuan Zhang Fudan University, Min Yang Fudan University | ||
14:30 10mTalk | Altered Histories in Version Control System Repositories: Evidence from the Trenches Research Papers Solal Rapaport Télécom Paris, Institut Polytechnique de Paris, Laurent Pautet Télécom Paris, Institut Polytechnique de Paris, Samuel Tardieu Télécom Paris, Institut Polytechnique de Paris, Stefano Zacchiroli LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France Pre-print | ||
14:40 10mTalk | Lares: LLM-driven Code Slice Semantic Search for Patch Presence Testing Research Papers Siyuan Li University of Chinese Academy of Sciences & Institute of Information Engineering Chinese Academy of Sciences, China, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Hong Li Institute of Information Engineering at Chinese Academy of Sciences, Jingdong Guo Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chaopeng Dong Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chunpeng Yan Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Weijie Wang Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Yimo Ren Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Hongsong Zhu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
14:50 10mTalk | PoliCond: Condition-Aware Ontology-Driven LLMs for Privacy Policy Analysis Research Papers Yalin Feng Nanjing University, Yifei Lu State Key Laboratory for Novel Software Technology, Nanjing University, China, Minxue Pan Nanjing University | ||
15:00 10mTalk | Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems Research Papers Defang Bo Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jie Lu Institute of Computing Technology of the Chinese Academy of Sciences, Feng Li Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Jingting Chen Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jinchen Wang Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Chendong Yu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences | ||
15:10 10mTalk | LLM-Powered Static Binary Taint Analysis Journal-First Track Puzhuo Liu Ant Group & Tsinghua University, Chengnian Sun University of Waterloo, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Xuan Feng Independent Researcher, Chuan Qin Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Yuncheng Wang Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, UCAS Beijing, China, Zhenyang Xu University of Waterloo, Zhi Li Institute of Information Engineering, Chinese Academy of Sciences, China, Peng Di Ant Group & UNSW Sydney, Yu Jiang Tsinghua university, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
15:20 10mTalk | Stealthy Backdoor Attack for Code Models Journal-First Track Zhou Yang University of Alberta, Alberta Machine Intelligence Institute , Bowen Xu North Carolina State University, Jie M. Zhang King's College London, Hong Jin Kang University of Sydney, Jieke Shi Singapore Management University, Junda He Singapore Management University, David Lo Singapore Management University | ||