SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models

Van Nguyen; Surya Nepal; Xingliang Yuan; Tingmin Wu; Carsten Rudolph

doi:10.1145/3708821.3736208

SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models

Van Nguyen, Surya Nepal, Xingliang Yuan, Tingmin Wu, Carsten Rudolph

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

Abstract

Software vulnerabilities (SVs) have emerged as a prevalent and crucial concern for safety-critical systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for software vulnerability detection (SVD). While AI-based methods have shown promising performance in SVD, their effectiveness on real-world, complex, and diverse source code datasets remains limited in practice. To tackle this challenge, in this paper, we propose a novel framework that enhances the capability of large language models to learn and utilize semantic and syntactic relationships from source code data for SVD. As a result, our proposed SAFE approach can enable the acquisition of fundamental knowledge from source code data while adeptly utilizing crucial relationships, i.e., semantic and syntactic associations, to improve the effectiveness of solving the SVD problem. The rigorous and extensive experimental results on three real-world challenging datasets (i.e., Devign, ReVeal, and D2A) demonstrate the superiority of our approach over eight effective and state-of-the-art baselines. In summary, on average, our SAFE approach achieves higher performances from 4.79% to 11.57% for F1-measure and from 16.93% to 26.24% for Recall compared to the baseline methods across all the datasets used.

Original language	English
Title of host publication	Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security
Editors	Dinh Tien Tuan Anh, Tong Van Van
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	392-406
Number of pages	15
ISBN (Electronic)	9798400714108
DOIs	https://doi.org/10.1145/3708821.3736208
Publication status	Published - 2025
Event	ACM ASIA Conference on Computer and Communications Security 2025 - Hanoi, Vietnam Duration: 25 Aug 2025 → 29 Aug 2025 Conference number: 20th https://dl.acm.org/doi/proceedings/10.1145/3708821 (Proceedings) https://asiaccs2025.hust.edu.vn/ (Website)

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
Publisher	Association for Computing Machinery (ACM)
ISSN (Print)	1543-7221

Conference

Conference	ACM ASIA Conference on Computer and Communications Security 2025
Abbreviated title	ASIA CCS 2025
Country/Territory	Vietnam
City	Hanoi
Period	25/08/25 → 29/08/25
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3708821 (Proceedings) https://asiaccs2025.hust.edu.vn/ (Website)

Keywords

Deep learning
Knowledge distillation
Large language models
Software vulnerability detection

Access to Document

10.1145/3708821.3736208Licence: CC BY

730550602-oaFinal published version, 1.43 MBLicence: CC BY

Cite this

Nguyen, V., Nepal, S., Yuan, X., Wu, T., & Rudolph, C. (2025). SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models. In D. Tien Tuan Anh, & T. Van Van (Eds.), Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security (pp. 392-406). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery (ACM). https://doi.org/10.1145/3708821.3736208

Nguyen, Van ; Nepal, Surya ; Yuan, Xingliang et al. / SAFE : A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models. Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security. editor / Dinh Tien Tuan Anh ; Tong Van Van. New York NY USA : Association for Computing Machinery (ACM), 2025. pp. 392-406 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{77d02e6b590e4a1095211649865a43b6,

title = "SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models",

abstract = "Software vulnerabilities (SVs) have emerged as a prevalent and crucial concern for safety-critical systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for software vulnerability detection (SVD). While AI-based methods have shown promising performance in SVD, their effectiveness on real-world, complex, and diverse source code datasets remains limited in practice. To tackle this challenge, in this paper, we propose a novel framework that enhances the capability of large language models to learn and utilize semantic and syntactic relationships from source code data for SVD. As a result, our proposed SAFE approach can enable the acquisition of fundamental knowledge from source code data while adeptly utilizing crucial relationships, i.e., semantic and syntactic associations, to improve the effectiveness of solving the SVD problem. The rigorous and extensive experimental results on three real-world challenging datasets (i.e., Devign, ReVeal, and D2A) demonstrate the superiority of our approach over eight effective and state-of-the-art baselines. In summary, on average, our SAFE approach achieves higher performances from 4.79\% to 11.57\% for F1-measure and from 16.93\% to 26.24\% for Recall compared to the baseline methods across all the datasets used.",

keywords = "Deep learning, Knowledge distillation, Large language models, Software vulnerability detection",

author = "Van Nguyen and Surya Nepal and Xingliang Yuan and Tingmin Wu and Carsten Rudolph",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; ACM ASIA Conference on Computer and Communications Security 2025, ASIA CCS 2025 ; Conference date: 25-08-2025 Through 29-08-2025",

year = "2025",

doi = "10.1145/3708821.3736208",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

pages = "392--406",

editor = "\{Tien Tuan Anh\}, Dinh and \{Van Van\}, Tong",

booktitle = "Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security",

address = "United States of America",

url = "https://dl.acm.org/doi/proceedings/10.1145/3708821, https://asiaccs2025.hust.edu.vn/",

}

Nguyen, V, Nepal, S, Yuan, X, Wu, T & Rudolph, C 2025, SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models. in D Tien Tuan Anh & T Van Van (eds), Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery (ACM), New York NY USA, pp. 392-406, ACM ASIA Conference on Computer and Communications Security 2025, Hanoi, Vietnam, 25/08/25. https://doi.org/10.1145/3708821.3736208

SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models. / Nguyen, Van; Nepal, Surya; Yuan, Xingliang et al.
Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security. ed. / Dinh Tien Tuan Anh; Tong Van Van. New York NY USA: Association for Computing Machinery (ACM), 2025. p. 392-406 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - SAFE

T2 - ACM ASIA Conference on Computer and Communications Security 2025

AU - Nguyen, Van

AU - Nepal, Surya

AU - Yuan, Xingliang

AU - Wu, Tingmin

AU - Rudolph, Carsten

N1 - Conference code: 20th

PY - 2025

Y1 - 2025

N2 - Software vulnerabilities (SVs) have emerged as a prevalent and crucial concern for safety-critical systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for software vulnerability detection (SVD). While AI-based methods have shown promising performance in SVD, their effectiveness on real-world, complex, and diverse source code datasets remains limited in practice. To tackle this challenge, in this paper, we propose a novel framework that enhances the capability of large language models to learn and utilize semantic and syntactic relationships from source code data for SVD. As a result, our proposed SAFE approach can enable the acquisition of fundamental knowledge from source code data while adeptly utilizing crucial relationships, i.e., semantic and syntactic associations, to improve the effectiveness of solving the SVD problem. The rigorous and extensive experimental results on three real-world challenging datasets (i.e., Devign, ReVeal, and D2A) demonstrate the superiority of our approach over eight effective and state-of-the-art baselines. In summary, on average, our SAFE approach achieves higher performances from 4.79% to 11.57% for F1-measure and from 16.93% to 26.24% for Recall compared to the baseline methods across all the datasets used.

AB - Software vulnerabilities (SVs) have emerged as a prevalent and crucial concern for safety-critical systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for software vulnerability detection (SVD). While AI-based methods have shown promising performance in SVD, their effectiveness on real-world, complex, and diverse source code datasets remains limited in practice. To tackle this challenge, in this paper, we propose a novel framework that enhances the capability of large language models to learn and utilize semantic and syntactic relationships from source code data for SVD. As a result, our proposed SAFE approach can enable the acquisition of fundamental knowledge from source code data while adeptly utilizing crucial relationships, i.e., semantic and syntactic associations, to improve the effectiveness of solving the SVD problem. The rigorous and extensive experimental results on three real-world challenging datasets (i.e., Devign, ReVeal, and D2A) demonstrate the superiority of our approach over eight effective and state-of-the-art baselines. In summary, on average, our SAFE approach achieves higher performances from 4.79% to 11.57% for F1-measure and from 16.93% to 26.24% for Recall compared to the baseline methods across all the datasets used.

KW - Deep learning

KW - Knowledge distillation

KW - Large language models

KW - Software vulnerability detection

UR - https://www.scopus.com/pages/publications/105015964420

U2 - 10.1145/3708821.3736208

DO - 10.1145/3708821.3736208

M3 - Conference Paper

AN - SCOPUS:105015964420

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 392

EP - 406

BT - Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security

A2 - Tien Tuan Anh, Dinh

A2 - Van Van, Tong

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 25 August 2025 through 29 August 2025

ER -

Nguyen V, Nepal S, Yuan X, Wu T, Rudolph C. SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models. In Tien Tuan Anh D, Van Van T, editors, Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security. New York NY USA: Association for Computing Machinery (ACM). 2025. p. 392-406. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3708821.3736208

SAFE: A Novel Approach For Software Vulnerability Detection from Enhancing The Capability of Large Language Models

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this