Expert-in-the-Loop Systems with Cross-Domain and In-Domain Few-Shot Learning for Software Vulnerability Detection

TL;DR

This paper investigates the use of Large Language Models with expert-in-the-loop strategies for software vulnerability detection, demonstrating that few-shot prompting improves accuracy and efficiency across cross-domain and in-domain scenarios.

Contribution

It introduces a novel framework combining few-shot prompting and confidence-based routing in LLMs for vulnerability detection, enhancing generalization and operational efficiency.

Findings

Few-shot prompting significantly improves classification accuracy.

Confidence-based routing directs human experts to uncertain cases.

LLMs can generalize across vulnerability categories with minimal examples.

Abstract

As cyber threats become more sophisticated, rapid and accurate vulnerability detection is essential for maintaining secure systems. This study explores the use of Large Language Models (LLMs) in software vulnerability assessment by simulating the identification of Python code with known Common Weakness Enumerations (CWEs), comparing zero-shot, few-shot cross-domain, and few-shot in-domain prompting strategies. Our results indicate that while zero-shot prompting performs poorly, few-shot prompting significantly enhances classification performance, particularly when integrated with confidence-based routing strategies that improve efficiency by directing human experts to cases where model uncertainty is high, optimizing the balance between automation and expert oversight. We find that LLMs can effectively generalize across vulnerability categories with minimal examples, suggesting their potential as scalable, adaptable cybersecurity tools in simulated environments. However, challenges such as model reliability, interpretability, and adversarial robustness remain critical areas for future research. By integrating AI-driven approaches with expert-in-the-loop (EITL) decision-making, this work highlights a pathway toward more efficient and responsive cybersecurity workflows. Our findings provide a foundation for deploying AI-assisted vulnerability detection systems in both real and simulated environments that enhance operational resilience while reducing the burden on human analysts.