Titulo Estágio
Leveraging Large Language Models for Software Vulnerability Detection
Local do Estágio
CISUC-SSE
Enquadramento
Nowadays software systems are used across various domains, from critical infrastructure to everyday consumer applications. Software vulnerabilities, flaws or weaknesses in code that can be exploited by malicious actors, pose significant risks, leading to potential data breaches, financial losses, and damage to an organization’s reputation. Traditional methods for vulnerability detection primarily include static analysis and dynamic analysis. Despite the existence of various techniques, results are still far from optimal. Static analysis tools often produce a high number of false positives, overwhelming developers and security analysts with potential issues, many of which may not be actual vulnerabilities. Dynamic analysis tools, while more accurate in some respects, are limited by their dependency on comprehensive test cases and scenarios, which can be difficult to generate for complex software systems. Moreover, both techniques struggle with the evolving nature of software vulnerabilities, as new types of vulnerabilities emerge and existing ones evolve.
Large Language Models (LLMs) have demonstrated remarkable capabilities in understanding and generating human-like text. These models are trained on vast amounts of textual data, enabling them to comprehend context, syntax, semantics, and even subtle nuances in text. Given that source code is, at its core, textual data with a well-defined syntax and semantics, LLMs present a promising avenue for improving vulnerability detection. This thesis will focus on exploring the use of LLMs for identifying vulnerabilities in the source code.
Objetivo
The learning objectives of this master internship are:
1) Security, vulnerabilities: study the subject of software security and vulnerabilities;
2) Secure Software Development: understand concepts related to secure software development especially focused on OWASP best practices, thus improving coding skills to create more dependable solutions;
3) Natural Language Processing and Large-Language Models: study AI/ML concepts, focusing on LLMs, and how such techniques can be used to support the development of more secure systems;
4) Research Design: understand how to design and execute an experimental process to address complex and open research issues
Plano de Trabalhos - Semestre 1
[09/09/2024 a 20/10/2024] Literature review
Study the concepts to be used in the internship, namely security, vulnerabilities, ML, LLMs
[21/10/2024 a 05/11/2024] Analysis and selection of target techniques
Identification, analysis, and selection of which target datasets, security practices, machine learning techniques and LLMs will be studied
[06/11/2024 a 03/12/2024] Definition of the experimental process
Design and plan the experimental process that will be used to conduct the study
[04/12/2024 a 15/01/2025] Write the dissertation plan
Plano de Trabalhos - Semestre 2
[06/02/2025 a 6/03/2025] Set up the experimental testbed
Set up the testbed required to conduct the experiments
[7/03/2025 a 17/04/2025] Conduct the experimental campaign
Use the testbed to conduct the experimental process
[18/04/2025 a 08/05/2025] Analyze, explore, and process the results
Process, explore and analyze the results obtained from the experimental process on the use of LLMs to identify vulnerabilities in the code across various source code datasets. Compare with existing results from the literature
[09/05/2025 a 05/06/2025] Write a scientific paper
[06/06/2025 a 08/07/2025] Write the thesis
Condições
Depending on the evolution of the internship a studentship may be available to support the development of the work in the second semester. The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group.
Observações
Co-supervised by Professor Marco Vieira
Orientador
João R. Campos
jrcampos@dei.uc.pt 📩