SAVANT: Vulnerability Detection in Application Dependencies through Semantic-Guided Reachability Analysis

TL;DR

SAVANT is a novel vulnerability detection tool that uses semantic analysis and large language models to accurately identify security issues in Java application dependencies, outperforming existing tools.

Contribution

It introduces a semantic-guided reachability analysis approach combined with LLMs to improve vulnerability detection accuracy in third-party libraries.

Findings

Achieves 83.8% precision and 78.5% F1-score on real-world applications.

Outperforms state-of-the-art SCA tools in accuracy and recall.

Effectively detects vulnerabilities in complex codebases.

Abstract

The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis (SCA) tools struggle to effectively detect vulnerable API usage from these libraries due to limitations in understanding API usage semantics and computational challenges in analyzing complex codebases, leading to inaccurate vulnerability alerts that burden development teams and delay critical security fixes. To address these challenges, we proposed SAVANT by leveraging two insights: proof-of-vulnerability test cases demonstrate how vulnerabilities can be triggered in specific contexts, and Large Language Models (LLMs) can understand code semantics. SAVANT combines semantic preprocessing with LLM-powered context analysis for accurate vulnerability detection. SAVANT first segments source code into meaningful blocks while preserving semantic relationships, then leverages LLM-based reflection to analyze API usage context and determine actual vulnerability impacts. Our evaluation on 55 real-world applications shows that SAVANT achieves 83.8% precision, 73.8% recall, 69.0% accuracy, and 78.5% F1-score, outperforming state-of-the-art SCA tools.