Synergizing LLM-Driven Semantic Reasoning with Assertion-Guided Analysis for Enhanced Vulnerability Detection
This program is tentative and subject to change.
Large language models (LLMs) have recently demonstrated strong capabilities in code understanding and generation. However, existing LLM-based vulnerability detection approaches often suffer from hallucinations and a lack of formal constraint reasoning, which limits the reliability of their predictions. In contrast, traditional symbolic execution provides logically sound and highly trustworthy analysis but struggles with path explosion and insufficient semantic modeling in complex programs. To leverage the strengths of both paradigms, we propose SAVD, a vulnerability detection framework that integrates assertion-guided slicing with LLM-assisted semantic reasoning. SAVD first extracts assertion-relevant execution paths through dependence analysis to focus on semantically meaningful program segments. It then employs LLMs to generate logic constraints that describe conditions under which assertions may fail, enabling more precise reachability reasoning. Finally, a verifier-in-the-loop mechanism iteratively refines these constraints using counterexample feedback, improving both accuracy and robustness. Experiments across multiple benchmark datasets show that SAVD improves the accuracy of assertion-relevant vulnerability detection by 29.74% over baseline approaches, demonstrating its effectiveness in bridging semantic reasoning and formal verification for reliable automated vulnerability detection.
This program is tentative and subject to change.
Thu 19 MarDisplayed time zone: Athens change
11:00 - 12:30 | Session 4B - Vulnerability Detection and LocalizationEarly Research Achievement (ERA) Track / Research Track / Short Papers and Posters Track / Industrial Track | ||
11:00 11mTalk | InterGNN: Using Context for Detecting Inter-procedural Vulnerabilities Industrial Track Sebastian Sierra , Jochen Quante Bosch Research, Eric Bodden Heinz Nixdorf Institute at Paderborn University & Fraunhofer IEM | ||
11:11 11mTalk | VFLAGENT: A Chain-of-Thought-Guided Multi-Agent Collaboration Framework for Vulnerable Function Localization Research Track Minghe Bai Nanjing University of Posts and Telecommunications, Wei Chen Institute of Software at Chinese Academy of Sciences, Shuo Li Nankai University, China;Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences;, Jiaxin Zhu Institute of Software at Chinese Academy of Sciences | ||
11:22 11mTalk | VulCMS: A Vulnerability Detection System Based on Centrality Analysis and Multi-Scale Attention Research Track Wenjing Cai School of Cybersecurity, Northwestern Polytechnical University, Jianfei Wang School of Software, Northwestern Polytechnical University, Jianfei Wang School of Software, Northwestern Polytechnical University, Lipeng Gao School of Software, Northwestern Polytechnical University | ||
11:33 11mTalk | Towards Secure Oracle Usage: Understanding and Detecting Oracle Vulnerabilities in Smart Contracts Research Track Ziming Chen Peking University, Yue Li Peking University, Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Che Wang Peking University, China, Jiakun Hao Peking University, Anming Xie Peking University, Zhi Guan Peking University, Zhong Chen | ||
11:45 11mTalk | Synergizing LLM-Driven Semantic Reasoning with Assertion-Guided Analysis for Enhanced Vulnerability Detection Early Research Achievement (ERA) Track Ying Wang Xidian University, Jie Su Xidian University, Cheng Wen Xidian University, rong wang , Cong Tian Xidian University, Zhenhua Duan Xidian University, Shengchao Qin Xidian University | ||
11:56 11mTalk | Toward Reliable Detection of Malicious eBPF: Construction and Validation of a Large-Scale Bytecode Dataset Short Papers and Posters Track Yujin Kwon Duksung Women’s University, Yujeong Choi Duksung Women’s University, Dohwan Ji Hanbat National University, Jinyoung Kim Sungkyunkwan University | ||
12:07 11mTalk | Towards Online Malware Detection using Process Resource Utilization Metrics Short Papers and Posters Track Themistoklis Diamantopoulos Electrical and Computer Engineering Dept, Aristotle University of Thessaloniki, Dimosthenis Natsos Aristotle University of Thessaloniki, Andreas Symeonidis Electrical and Computer Engineering Dept., Aristotle University of Thessaloniki Pre-print | ||
12:18 11mTalk | From Data Leak to Secret Misses: The Impact of Data Leakage on Secret Detection Models Short Papers and Posters Track | ||