{"id":"https://openalex.org/W4412964782","doi":"https://doi.org/10.1109/sds66131.2025.00019","title":"Beyond the Hype: An Empirical Assessment of LLMs and Traditional ML for Code Vulnerability Detection","display_name":"Beyond the Hype: An Empirical Assessment of LLMs and Traditional ML for Code Vulnerability Detection","publication_year":2025,"publication_date":"2025-06-26","ids":{"openalex":"https://openalex.org/W4412964782","doi":"https://doi.org/10.1109/sds66131.2025.00019"},"language":null,"primary_location":{"id":"doi:10.1109/sds66131.2025.00019","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sds66131.2025.00019","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Swiss Conference on Data Science (SDS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021592891","display_name":"Khushnood Adil Rafique","orcid":"https://orcid.org/0000-0002-5418-5480"},"institutions":[{"id":"https://openalex.org/I153267046","display_name":"University of Kaiserslautern","ror":"https://ror.org/04zrf7b53","country_code":"DE","type":"education","lineage":["https://openalex.org/I153267046"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Khushnood Adil Rafique","raw_affiliation_strings":["University of Kaiserslautern-Landau (RPTU),Chair of Cyber-Physical Systems,Kaiserslautern,Germany"],"affiliations":[{"raw_affiliation_string":"University of Kaiserslautern-Landau (RPTU),Chair of Cyber-Physical Systems,Kaiserslautern,Germany","institution_ids":["https://openalex.org/I153267046"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Subhadeep Das","orcid":null},"institutions":[{"id":"https://openalex.org/I153267046","display_name":"University of Kaiserslautern","ror":"https://ror.org/04zrf7b53","country_code":"DE","type":"education","lineage":["https://openalex.org/I153267046"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Subhadeep Das","raw_affiliation_strings":["University of Kaiserslautern-Landau (RPTU),Chair of Cyber-Physical Systems,Kaiserslautern,Germany"],"affiliations":[{"raw_affiliation_string":"University of Kaiserslautern-Landau (RPTU),Chair of Cyber-Physical Systems,Kaiserslautern,Germany","institution_ids":["https://openalex.org/I153267046"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103027575","display_name":"Christoph Grimm","orcid":"https://orcid.org/0000-0002-5930-7563"},"institutions":[{"id":"https://openalex.org/I153267046","display_name":"University of Kaiserslautern","ror":"https://ror.org/04zrf7b53","country_code":"DE","type":"education","lineage":["https://openalex.org/I153267046"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christoph Grimm","raw_affiliation_strings":["University of Kaiserslautern-Landau (RPTU),Chair of Cyber-Physical Systems,Kaiserslautern,Germany"],"affiliations":[{"raw_affiliation_string":"University of Kaiserslautern-Landau (RPTU),Chair of Cyber-Physical Systems,Kaiserslautern,Germany","institution_ids":["https://openalex.org/I153267046"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5021592891"],"corresponding_institution_ids":["https://openalex.org/I153267046"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.28354796,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"87","last_page":"94"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6414756774902344},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.557120680809021},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5431271195411682},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5171029567718506},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33614587783813477},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.15248525142669678},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10101303458213806},{"id":"https://openalex.org/keywords/social-psychology","display_name":"Social psychology","score":0.06669566035270691}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6414756774902344},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.557120680809021},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5431271195411682},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5171029567718506},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33614587783813477},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.15248525142669678},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10101303458213806},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.06669566035270691},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sds66131.2025.00019","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sds66131.2025.00019","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Swiss Conference on Data Science (SDS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W2516809705","https://openalex.org/W2781491433","https://openalex.org/W2963935794","https://openalex.org/W2998879504","https://openalex.org/W3098605233","https://openalex.org/W3101228802","https://openalex.org/W3166095789","https://openalex.org/W4286987939","https://openalex.org/W4322718191","https://openalex.org/W4406779522"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"In":[0],"the":[1,8,27,51,116,149,157,171,190,194],"era":[2],"of":[3,10,29,62,151,160,173,197],"large":[4],"language":[5],"models":[6,39,91,162,177],"(LLMs),":[7],"detection":[9,166],"software":[11,203],"vulnerabilities":[12],"in":[13,21,139,163,184,202],"code":[14,42],"snippets":[15,43],"remains":[16],"a":[17],"critical":[18],"challenge,":[19],"particularly":[20,123],"resource-constrained":[22],"environments.":[23],"This":[24],"paper":[25],"explores":[26],"efficacy":[28],"fine-tuned":[30,64],"and":[31,34,68,79,94,104,109,126,156,199],"zero-shot":[32,90],"LLMs,":[33,182],"traditional":[35,71,120,175],"machine":[36],"learning":[37],"(ML)":[38],"for":[40],"classifying":[41],"as":[44,178],"\u201cvulnerable\u201d":[45],"or":[46],"\u201cnot":[47],"vulnerable\u201d":[48],"based":[49],"on":[50,115,193],"Software":[52],"Common":[53],"Weakness":[54],"Enumeration":[55],"(CWE)":[56],"framework.":[57],"We":[58,84],"perform":[59],"an":[60],"evaluation":[61],"three":[63,70],"LLMs:":[65],"Flan-T5-small,":[66],"Llama-3.2-1B-Instruct":[67,108],"Deepseek-llm-7B-Base\u2014alongside":[69],"ML":[72,121,176],"models:":[73],"Logistic":[74,124],"Regression,":[75],"Multinomial":[76],"Na\u00efve":[77],"Bayes,":[78],"Linear":[80,127],"Support":[81],"Vector":[82],"Classifier.":[83],"then":[85],"compare":[86],"these":[87,161],"approaches":[88],"with":[89,107,132],"-":[92],"Deepseek-R1":[93],"ChatGPT-o1.":[95],"Our":[96,168],"experiments":[97],"show":[98],"that":[99],"LLMs":[100],"achieve":[101],"competitive":[102],"validation":[103],"test":[105,117],"accuracies,":[106],"Deepseek-llm-7B-Base":[110],"both":[111],"achieving":[112],"84%":[113],"accuracy":[114],"set.":[118],"However,":[119],"models,":[122],"Regression":[125],"SVC,":[128],"demonstrate":[129],"strong":[130],"performance":[131],"78":[133],"%":[134],"accuracy,":[135],"highlighting":[136],"their":[137],"viability":[138],"scenarios":[140],"where":[141],"computational":[142],"resources":[143],"are":[144],"limited.":[145],"Furthermore,":[146],"we":[147],"address":[148],"challenges":[150],"dataset":[152],"imbalance,":[153],"resource-intensive":[154],"fine-tuning,":[155],"practical":[158,195],"applicability":[159,196],"real-world":[164],"vulnerability":[165],"pipelines.":[167],"study":[169],"emphasizes":[170],"importance":[172],"considering":[174],"viable":[179],"alternatives":[180],"to":[181,189],"especially":[183],"resourceconstrained":[185],"environments":[186],"while":[187],"contributing":[188],"ongoing":[191],"research":[192],"AI,":[198],"data":[200],"science":[201],"security.":[204]},"counts_by_year":[],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-08-05T00:00:00"}