{"id":"https://openalex.org/W4416707238","doi":"https://doi.org/10.1109/access.2025.3637505","title":"SecLLM: Enhancing Security Smell Detection in IaC With Large Language Models","display_name":"SecLLM: Enhancing Security Smell Detection in IaC With Large Language Models","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4416707238","doi":"https://doi.org/10.1109/access.2025.3637505"},"language":null,"primary_location":{"id":"doi:10.1109/access.2025.3637505","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3637505","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3637505","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008318851","display_name":"Gabriele De Vito","orcid":"https://orcid.org/0000-0002-1153-1566"},"institutions":[{"id":"https://openalex.org/I131729948","display_name":"University of Salerno","ror":"https://ror.org/0192m2k53","country_code":"IT","type":"education","lineage":["https://openalex.org/I131729948"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Gabriele De Vito","raw_affiliation_strings":["Department of Computer Science, University of Salerno, Fisciano, Italy","Software Engineering (SeSa) Lab, University of Salerno, Salerno, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Salerno, Fisciano, Italy","institution_ids":["https://openalex.org/I131729948"]},{"raw_affiliation_string":"Software Engineering (SeSa) Lab, University of Salerno, Salerno, Italy","institution_ids":["https://openalex.org/I131729948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033738898","display_name":"Fabio Palomba","orcid":"https://orcid.org/0000-0001-9337-5116"},"institutions":[{"id":"https://openalex.org/I131729948","display_name":"University of Salerno","ror":"https://ror.org/0192m2k53","country_code":"IT","type":"education","lineage":["https://openalex.org/I131729948"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio Palomba","raw_affiliation_strings":["Department of Computer Science, University of Salerno, Fisciano, Italy","Software Engineering (SeSa) Lab, University of Salerno, Salerno, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Salerno, Fisciano, Italy","institution_ids":["https://openalex.org/I131729948"]},{"raw_affiliation_string":"Software Engineering (SeSa) Lab, University of Salerno, Salerno, Italy","institution_ids":["https://openalex.org/I131729948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053084752","display_name":"Filomena Ferrucci","orcid":"https://orcid.org/0000-0002-0975-8972"},"institutions":[{"id":"https://openalex.org/I131729948","display_name":"University of Salerno","ror":"https://ror.org/0192m2k53","country_code":"IT","type":"education","lineage":["https://openalex.org/I131729948"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Filomena Ferrucci","raw_affiliation_strings":["Department of Computer Science, University of Salerno, Fisciano, Italy","Software Engineering (SeSa) Lab, University of Salerno, Salerno, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Salerno, Fisciano, Italy","institution_ids":["https://openalex.org/I131729948"]},{"raw_affiliation_string":"Software Engineering (SeSa) Lab, University of Salerno, Salerno, Italy","institution_ids":["https://openalex.org/I131729948"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5008318851"],"corresponding_institution_ids":["https://openalex.org/I131729948"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.1917377,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"204480","last_page":"204498"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.14270000159740448,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.14270000159740448,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.13279999792575836,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.12099999934434891,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/provisioning","display_name":"Provisioning","score":0.6284000277519226},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.576200008392334},{"id":"https://openalex.org/keywords/natural-language-understanding","display_name":"Natural language understanding","score":0.5095999836921692},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.47380000352859497},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.44190001487731934},{"id":"https://openalex.org/keywords/natural-language","display_name":"Natural language","score":0.41600000858306885},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.3481999933719635}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8592000007629395},{"id":"https://openalex.org/C172191483","wikidata":"https://www.wikidata.org/wiki/Q1071806","display_name":"Provisioning","level":2,"score":0.6284000277519226},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.576200008392334},{"id":"https://openalex.org/C2779439875","wikidata":"https://www.wikidata.org/wiki/Q1078276","display_name":"Natural language understanding","level":3,"score":0.5095999836921692},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.47380000352859497},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.44190001487731934},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.41600000858306885},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3930000066757202},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37059998512268066},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3499999940395355},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.3481999933719635},{"id":"https://openalex.org/C2780876879","wikidata":"https://www.wikidata.org/wiki/Q3054749","display_name":"Meaning (existential)","level":2,"score":0.3447999954223633},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3393999934196472},{"id":"https://openalex.org/C183322885","wikidata":"https://www.wikidata.org/wiki/Q17007702","display_name":"Context model","level":3,"score":0.33649998903274536},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.2971999943256378},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.29429998993873596},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.29269999265670776},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.28209999203681946},{"id":"https://openalex.org/C129792486","wikidata":"https://www.wikidata.org/wiki/Q1050419","display_name":"Language identification","level":3,"score":0.27970001101493835},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.25529998540878296},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.25360000133514404}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/access.2025.3637505","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3637505","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3637505","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3637505","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G29840918","display_name":null,"funder_award_id":"PE0000013-FAIR","funder_id":"https://openalex.org/F4320331528","funder_display_name":"Ministero dell'Universit\u00e0 e della Ricerca"}],"funders":[{"id":"https://openalex.org/F4320331528","display_name":"Ministero dell'Universit\u00e0 e della Ricerca","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W2150290224","https://openalex.org/W2164777277","https://openalex.org/W2621143560","https://openalex.org/W2907854211","https://openalex.org/W2955656327","https://openalex.org/W2993710525","https://openalex.org/W3030599819","https://openalex.org/W3041762618","https://openalex.org/W3090625769","https://openalex.org/W3123074563","https://openalex.org/W3151142258","https://openalex.org/W3160638507","https://openalex.org/W4283705032","https://openalex.org/W4283763666","https://openalex.org/W4312578982","https://openalex.org/W4313563645","https://openalex.org/W4313563702","https://openalex.org/W4323655724","https://openalex.org/W4365801718","https://openalex.org/W4380568688","https://openalex.org/W4384009698","https://openalex.org/W4385302156","https://openalex.org/W4394744221","https://openalex.org/W4400582494","https://openalex.org/W4401395578","https://openalex.org/W4402456068","https://openalex.org/W4402860127","https://openalex.org/W4404782027","https://openalex.org/W4404791712","https://openalex.org/W4415797451"],"related_works":[],"abstract_inverted_index":{"The":[0,103,152],"emergence":[1],"and":[2,32,51,95,110,147,173,211,222],"expansion":[3],"of":[4,34,65,74,116,123,169,176,182],"Infrastructure-as-Code":[5],"(IaC)":[6],"paradigms":[7],"have":[8],"transformed":[9],"cloud":[10],"provisioning":[11],"methodologies,":[12],"while":[13,112,185],"simultaneously":[14,113,186],"introducing":[15],"complex":[16],"security":[17,75,126,162],"smells.":[18,151],"Traditional":[19],"detectors":[20],"are":[21],"unable":[22],"to":[23,45,70,91,201],"handle":[24],"the":[25,30,63,72,117,124,135,149,197],"semantic":[26,79],"challenges":[27],"(i.e.,":[28],"understanding":[29,90],"meaning":[31],"context":[33],"code":[35],"beyond":[36],"its":[37],"syntax)":[38],"introduced":[39],"by":[40],"contemporary":[41],"IaC":[42,108],"ecosystems":[43],"due":[44],"their":[46,143],"reliance":[47],"on":[48],"heuristic":[49],"rules":[50],"syntactic":[52],"patterns.":[53],"This":[54],"work":[55],"introduces":[56],"SecLLM,":[57],"an":[58],"innovative":[59],"framework":[60,104],"that":[61,138,156,214],"leverages":[62],"capabilities":[64],"Large":[66],"Language":[67],"Models":[68],"(LLMs)":[69],"reconceptualize":[71],"detection":[73,183,224],"smells":[76],"through":[77,98,203],"contextual":[78],"analysis.":[80],"Our":[81],"approach":[82],"avoids":[83],"conventional":[84],"intermediate":[85],"representations,":[86],"exploiting":[87],"natural":[88],"language":[89],"examine":[92],"Ansible,":[93],"Puppet,":[94],"Chef":[96],"configurations":[97],"adaptive":[99],"prompt":[100],"engineering":[101],"methodologies.":[102],"architecture":[105],"supports":[106],"multiple":[107],"infrastructures":[109],"LLMs":[111,202],"enabling":[114],"optimization":[115],"underlying":[118],"LLM":[119],"responses":[120],"for":[121],"each":[122],"nine":[125],"smell":[127,163],"analyzed.":[128],"Furthermore,":[129],"SecLLM":[130,157],"provides":[131],"detailed":[132],"feedback":[133],"regarding":[134],"analyzed":[136],"scripts":[137],"can":[139],"help":[140],"practitioners":[141],"define":[142],"infrastructure\u2019s":[144],"risk":[145],"profile":[146],"resolve":[148],"identified":[150],"empirical":[153],"validation":[154],"demonstrates":[155],"outperforms":[158],"GLITCH,":[159],"a":[160],"state-of-the-art":[161],"identification":[164],"tool,":[165],"achieving":[166],"precision":[167],"improvements":[168],"12-21":[170],"percentage":[171,178],"points":[172,179],"F1-score":[174],"gains":[175],"17-32":[177],"in":[180],"terms":[181],"accuracy":[184],"maintaining":[187],"low":[188],"operational":[189],"costs":[190],"($0.003-$0.015":[191],"per":[192],"script).":[193],"Additionally,":[194],"we":[195],"address":[196],"non-deterministic":[198],"behavior":[199],"inherent":[200],"three":[204],"mitigation":[205],"strategies":[206],"(confidence-based":[207],"filtering,":[208],"ensemble":[209],"voting,":[210],"response":[212],"caching)":[213],"achieve":[215],"perfect":[216],"reproducibility":[217],"(Fleiss\u2019":[218],"k":[219],"=":[220],"1.00)":[221],"preserve":[223],"accuracy.":[225]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-11-27T00:00:00"}