{"id":"https://openalex.org/W7118266634","doi":"https://doi.org/10.1109/indin64977.2025.11279514","title":"Towards Few-shot LLM-based Vulnerability Reproduction and Verification for Industrial Web Applications","display_name":"Towards Few-shot LLM-based Vulnerability Reproduction and Verification for Industrial Web Applications","publication_year":2025,"publication_date":"2025-07-12","ids":{"openalex":"https://openalex.org/W7118266634","doi":"https://doi.org/10.1109/indin64977.2025.11279514"},"language":null,"primary_location":{"id":"doi:10.1109/indin64977.2025.11279514","is_oa":false,"landing_page_url":"https://doi.org/10.1109/indin64977.2025.11279514","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 23rd International Conference on Industrial Informatics (INDIN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100421202","display_name":"Gang Yang","orcid":"https://orcid.org/0000-0003-3674-1962"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Gang Yang","raw_affiliation_strings":["Information Support Force Engineering University,Wuhan,China"],"affiliations":[{"raw_affiliation_string":"Information Support Force Engineering University,Wuhan,China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108096718","display_name":"Lin Ni","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lin Ni","raw_affiliation_strings":["Information Support Force Engineering University,Wuhan,China"],"affiliations":[{"raw_affiliation_string":"Information Support Force Engineering University,Wuhan,China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122187360","display_name":"Shaofeng Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shaofeng Lin","raw_affiliation_strings":["Information Support Force Engineering University,Wuhan,China"],"affiliations":[{"raw_affiliation_string":"Information Support Force Engineering University,Wuhan,China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5122188400","display_name":"Tao Xia","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tao Xia","raw_affiliation_strings":["Information Support Force Engineering University,Wuhan,China"],"affiliations":[{"raw_affiliation_string":"Information Support Force Engineering University,Wuhan,China","institution_ids":["https://openalex.org/I37461747"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100421202"],"corresponding_institution_ids":["https://openalex.org/I37461747"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.81475059,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9387000203132629,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9387000203132629,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.02879999950528145,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.006200000178068876,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.756600022315979},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5802000164985657},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5741000175476074},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5710999965667725},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5102999806404114},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.42340001463890076},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.3833000063896179}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.756600022315979},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6599000096321106},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5802000164985657},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5741000175476074},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5710999965667725},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5102999806404114},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.42340001463890076},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.3833000063896179},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.375},{"id":"https://openalex.org/C59659247","wikidata":"https://www.wikidata.org/wiki/Q11990","display_name":"Reproduction","level":2,"score":0.34790000319480896},{"id":"https://openalex.org/C97200028","wikidata":"https://www.wikidata.org/wiki/Q1196135","display_name":"Web engineering","level":5,"score":0.3366999924182892},{"id":"https://openalex.org/C130436687","wikidata":"https://www.wikidata.org/wiki/Q7978591","display_name":"Web modeling","level":3,"score":0.33640000224113464},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.30399999022483826},{"id":"https://openalex.org/C2777617010","wikidata":"https://www.wikidata.org/wiki/Q18957","display_name":"Mainstream","level":2,"score":0.30399999022483826},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3012999892234802},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.28049999475479126},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.26170000433921814},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.2581000030040741},{"id":"https://openalex.org/C25343380","wikidata":"https://www.wikidata.org/wiki/Q277521","display_name":"Relation (database)","level":2,"score":0.25529998540878296},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.25519999861717224}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/indin64977.2025.11279514","is_oa":false,"landing_page_url":"https://doi.org/10.1109/indin64977.2025.11279514","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 23rd International Conference on Industrial Informatics (INDIN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W3210943449","https://openalex.org/W4312870949","https://openalex.org/W4389740015","https://openalex.org/W4392240262","https://openalex.org/W4399920484","https://openalex.org/W4402369871","https://openalex.org/W4402457614","https://openalex.org/W4405909415","https://openalex.org/W4409061452","https://openalex.org/W4410636403"],"related_works":[],"abstract_inverted_index":{"The":[0],"inherent":[1],"vulnerability":[2,21,39,73],"of":[3,82,89,92,135,143],"Web":[4,46,95,145],"system":[5,43],"poses":[6],"a":[7,24,28],"severe":[8],"security":[9],"threat":[10],"to":[11,59,70,114,119],"modern":[12],"industrial":[13,45,94,144],"systems.":[14],"Nevertheless,":[15],"automatically":[16,120],"obtaining":[17],"accurate":[18],"and":[19,41,75,122,140],"reproducible":[20],"intelligence":[22],"in":[23],"time-acceptable":[25],"manner":[26],"remains":[27],"challenge.":[29],"To":[30,78],"address":[31],"this":[32],"issue,":[33],"we":[34,86],"propose":[35],"VulRV,":[36],"an":[37],"end-to-end":[38],"reproduction":[40,74],"verification":[42],"for":[44],"applications.":[47,146],"VulRV":[48,66,132],"employs":[49],"large":[50],"language":[51],"models":[52],"(LLMs)":[53],"with":[54],"few-shot":[55],"Chain-of-Thought":[56],"(CoT)":[57],"prompting":[58],"generate":[60],"the":[61,80,83,112,129],"environment":[62],"configuration.":[63],"And":[64],"then":[65],"utilizes":[67],"tool-calling":[68],"method":[69,106],"establish":[71],"corresponding":[72],"validation":[76],"environment.":[77],"evaluate":[79],"effectiveness":[81],"proposed":[84],"method,":[85],"collected":[87],"reports":[88,113],"22":[90,126],"vulnerabilities":[91],"mainstream":[93],"application":[96],"spanning":[97],"four":[98],"different":[99],"categories.":[100],"Experimental":[101],"results":[102,130],"demonstrate":[103],"that":[104],"our":[105],"can":[107],"effectively":[108],"extract":[109],"information":[110],"from":[111],"construct":[115],"Docker":[116],"containers-based":[117],"environments":[118],"reproduce":[121],"validate":[123],"all":[124],"these":[125],"vulnerabilities.":[127],"Thereby":[128],"show":[131],"are":[133],"capable":[134],"supporting":[136],"subsequent":[137],"red-team":[138],"testing":[139],"risk":[141],"assessment":[142]},"counts_by_year":[],"updated_date":"2026-02-23T20:09:44.859080","created_date":"2026-01-08T00:00:00"}