TL;DR
VulTriage introduces a triple-path context augmentation framework that significantly improves LLM-based vulnerability detection by integrating structural, knowledge-based, and semantic information.
Contribution
The paper presents VulTriage, a novel framework that enhances LLM input with multiple context paths, leading to state-of-the-art vulnerability detection performance.
Findings
VulTriage outperforms existing baselines on PrimeVul dataset.
Each context path contributes significantly to detection accuracy.
The approach generalizes well to Kotlin and low-resource settings.
Abstract
Automated vulnerability detection is a fundamental task in software security, yet existing learning-based methods still struggle to capture the structural dependencies, domain-specific vulnerability knowledge, and complex program semantics required for accurate detection. Recent Large Language Models (LLMs) have shown strong code understanding ability, but directly prompting them with raw source code often leads to missed vulnerabilities or false alarms, especially when vulnerable and benign functions differ only in subtle semantic details. To address this, we propose VulTriage, a triple-path context augmentation framework for LLM-based vulnerability detection. VulTriage enhances the LLM input through three complementary paths: a Control Path that extracts and verbalizes AST, CFG, and DFG information to expose control and data dependencies; a Knowledge Path that retrieves relevant…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
