{"id":"https://openalex.org/W4413925951","doi":"https://doi.org/10.1109/tse.2025.3605442","title":"Towards Explainable Vulnerability Detection With Large Language Models","display_name":"Towards Explainable Vulnerability Detection With Large Language Models","publication_year":2025,"publication_date":"2025-09-02","ids":{"openalex":"https://openalex.org/W4413925951","doi":"https://doi.org/10.1109/tse.2025.3605442"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2025.3605442","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3605442","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086037848","display_name":"Qiheng Mao","orcid":"https://orcid.org/0000-0002-7259-1087"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Qiheng Mao","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-7259-1087","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004382658","display_name":"Zhenhao Li","orcid":"https://orcid.org/0000-0002-4909-1535"},"institutions":[{"id":"https://openalex.org/I192455969","display_name":"York University","ror":"https://ror.org/05fq50484","country_code":"CA","type":"education","lineage":["https://openalex.org/I192455969"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Zhenhao Li","raw_affiliation_strings":["York University, Toronto, ON, Canada","York University, Toronto, Canada"],"raw_orcid":"https://orcid.org/0000-0002-4909-1535","affiliations":[{"raw_affiliation_string":"York University, Toronto, ON, Canada","institution_ids":["https://openalex.org/I192455969"]},{"raw_affiliation_string":"York University, Toronto, Canada","institution_ids":["https://openalex.org/I192455969"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047688641","display_name":"Xing Hu","orcid":"https://orcid.org/0000-0003-0093-3292"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xing Hu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0003-0093-3292","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100374023","display_name":"Kui Liu","orcid":"https://orcid.org/0000-0003-0145-615X"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kui Liu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0003-0145-615X","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017255559","display_name":"Xin Xia","orcid":"https://orcid.org/0009-0000-3075-7344"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Xia","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-6302-3256","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100428993","display_name":"Jianling Sun","orcid":"https://orcid.org/0000-0001-8799-6020"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianling Sun","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0001-8799-6020","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5086037848"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":12.2386,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.98374612,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":100},"biblio":{"volume":"51","issue":"10","first_page":"2957","last_page":"2971"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9039999842643738,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9039999842643738,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8473585844039917},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5568260550498962},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.37859010696411133},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3559119701385498},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3322964310646057},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.3217964768409729},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3059518337249756}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8473585844039917},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5568260550498962},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.37859010696411133},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3559119701385498},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3322964310646057},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3217964768409729},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3059518337249756}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2025.3605442","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3605442","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W2101105183","https://openalex.org/W2600521240","https://openalex.org/W2781491433","https://openalex.org/W2885030880","https://openalex.org/W2962960733","https://openalex.org/W2998879504","https://openalex.org/W3098605233","https://openalex.org/W3177116043","https://openalex.org/W3198685994","https://openalex.org/W4225673889","https://openalex.org/W4294214983","https://openalex.org/W4311165836","https://openalex.org/W4312436517","https://openalex.org/W4312969325","https://openalex.org/W4380763529","https://openalex.org/W4387298393","https://openalex.org/W4388212670","https://openalex.org/W4388482980","https://openalex.org/W4393406994","https://openalex.org/W4394746930","https://openalex.org/W4394769550","https://openalex.org/W4400579932","https://openalex.org/W4400681271","https://openalex.org/W4404782964","https://openalex.org/W4405543707","https://openalex.org/W4411272133","https://openalex.org/W4411449706","https://openalex.org/W4411552123","https://openalex.org/W4411552541"],"related_works":["https://openalex.org/W2095999892","https://openalex.org/W2018764758","https://openalex.org/W2383689843","https://openalex.org/W1550668881","https://openalex.org/W617913288","https://openalex.org/W2062873522","https://openalex.org/W2319323865","https://openalex.org/W2951745010","https://openalex.org/W2347958299","https://openalex.org/W2963125730"],"abstract_inverted_index":{"Software":[0],"vulnerabilities":[1,42],"pose":[2],"significant":[3],"risks":[4],"to":[5,30,38,56,63,84,129,157],"the":[6,32,88,98,140,183,191],"security":[7],"and":[8,23,40,61,94,105,117,143,168,200,209],"integrity":[9],"of":[10,46,91,100,185,193],"software":[11,212],"systems.":[12],"Although":[13],"prior":[14],"studies":[15],"have":[16],"explored":[17],"vulnerability":[18,92,115,131,175,198],"detection":[19,93,166,176,199],"using":[20,120],"deep":[21],"learning":[22],"pre-trained":[24],"models,":[25],"these":[26,72],"approaches":[27],"often":[28],"fail":[29],"provide":[31],"detailed":[33,137],"explanations":[34,116],"necessary":[35],"for":[36,70,87,113,196],"developers":[37],"understand":[39],"remediate":[41],"effectively.":[43],"The":[44],"advent":[45],"large":[47],"language":[48],"models":[49],"(LLMs)":[50],"has":[51],"introduced":[52],"transformative":[53],"potential":[54],"due":[55],"their":[57,207],"advanced":[58],"generative":[59],"capabilities":[60],"ability":[62],"comprehend":[64],"complex":[65],"contexts,":[66],"offering":[67],"new":[68],"possibilities":[69],"addressing":[71],"challenges.":[73],"In":[74],"this":[75],"paper,":[76],"we":[77,147],"propose":[78],"LLMVulExp,":[79],"an":[80],"automated":[81],"framework":[82],"designed":[83],"specialize":[85],"LLMs":[86,119,159,195],"dual":[89],"tasks":[90],"explanation.":[95],"To":[96],"address":[97],"challenges":[99],"acquiring":[101],"high-quality":[102],"annotated":[103],"data":[104],"injecting":[106],"domain-specific":[107],"knowledge,":[108],"LLMVulExp":[109,128],"leverages":[110],"prompt-based":[111],"techniques":[112],"annotating":[114],"fine-tunes":[118],"instruction":[121],"tuning":[122],"with":[123],"Low-Rank":[124],"Adaptation":[125],"(LoRA),":[126],"enabling":[127],"detect":[130],"types":[132],"in":[133,211],"code":[134,154],"while":[135],"generating":[136],"explanations,":[138],"including":[139],"cause,":[141],"location,":[142],"repair":[144],"suggestions.":[145],"Additionally,":[146],"employ":[148],"a":[149],"Chain-of-Thought":[150],"(CoT)":[151],"based":[152],"key":[153],"extraction":[155],"strategy":[156],"focus":[158],"on":[160,178],"analyzing":[161],"vulnerability-prone":[162],"code,":[163],"further":[164],"enhancing":[165],"accuracy":[167],"explanatory":[169],"depth.We":[170],"conducted":[171],"experiments":[172],"across":[173],"multiple":[174],"settings":[177],"three":[179],"benchmark":[180],"datasets,":[181],"demonstrating":[182],"effectiveness":[184],"our":[186],"method.":[187],"This":[188],"study":[189],"highlights":[190],"feasibility":[192],"utilizing":[194],"real-world":[197],"explanation":[201],"tasks,":[202],"providing":[203],"critical":[204],"insights":[205],"into":[206],"adaptation":[208],"application":[210],"security.":[213]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-08T15:41:06.802602","created_date":"2025-10-10T00:00:00"}