{"id":"https://openalex.org/W4415746261","doi":"https://doi.org/10.1109/icsme64153.2025.00015","title":"LLM-SZZ: Novel Vulnerability-Inducing Commit Identification Driven by Large Language Model and CVE Description","display_name":"LLM-SZZ: Novel Vulnerability-Inducing Commit Identification Driven by Large Language Model and CVE Description","publication_year":2025,"publication_date":"2025-09-07","ids":{"openalex":"https://openalex.org/W4415746261","doi":"https://doi.org/10.1109/icsme64153.2025.00015"},"language":null,"primary_location":{"id":"doi:10.1109/icsme64153.2025.00015","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00015","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015752254","display_name":"Siqi Fan","orcid":"https://orcid.org/0000-0002-6496-8761"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Siqi Fan","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100352330","display_name":"Xin Liu","orcid":"https://orcid.org/0000-0003-3685-4852"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Liu","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051864409","display_name":"Yingli Zhang","orcid":"https://orcid.org/0009-0002-0984-3170"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yingli Zhang","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003198271","display_name":"Yu\u2010an Tan","orcid":"https://orcid.org/0000-0001-6404-8853"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Tan","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Luxing Yin","orcid":null},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Luxing Yin","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032213685","display_name":"Zhaorun Chen","orcid":"https://orcid.org/0000-0002-2668-6587"},"institutions":[{"id":"https://openalex.org/I40347166","display_name":"University of Chicago","ror":"https://ror.org/024mw5h28","country_code":"US","type":"education","lineage":["https://openalex.org/I40347166"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhaorun Chen","raw_affiliation_strings":["University of Chicago,Department of Computer Science,Chicago,United States"],"affiliations":[{"raw_affiliation_string":"University of Chicago,Department of Computer Science,Chicago,United States","institution_ids":["https://openalex.org/I40347166"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100448202","display_name":"Song Li","orcid":"https://orcid.org/0000-0002-6427-3986"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Song Li","raw_affiliation_strings":["Zhejiang University,The State Key Laboratory of Blockchain and Data Security,Hangzhou,China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University,The State Key Laboratory of Blockchain and Data Security,Hangzhou,China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lei Qiao","orcid":null},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Qiao","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5114549552","display_name":"Rui Zhou","orcid":"https://orcid.org/0000-0002-9968-6190"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rui Zhou","raw_affiliation_strings":["School of Information Science and Engineering, Lanzhou University,Lanzhou,China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, Lanzhou University,Lanzhou,China","institution_ids":["https://openalex.org/I76214153"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5015752254"],"corresponding_institution_ids":["https://openalex.org/I76214153"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.44498661,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"48","last_page":"60"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.41620001196861267,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.41620001196861267,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.1761000007390976,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.09269999712705612,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.7967000007629395},{"id":"https://openalex.org/keywords/tracing","display_name":"Tracing","score":0.638700008392334},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.608299970626831},{"id":"https://openalex.org/keywords/root-cause","display_name":"Root cause","score":0.5205000042915344},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5185999870300293},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.5170000195503235},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.5090000033378601},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4699999988079071},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.46540001034736633}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8701000213623047},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.7967000007629395},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.638700008392334},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.608299970626831},{"id":"https://openalex.org/C84945661","wikidata":"https://www.wikidata.org/wiki/Q7366567","display_name":"Root cause","level":2,"score":0.5205000042915344},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5185999870300293},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.5170000195503235},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.5090000033378601},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4699999988079071},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.46540001034736633},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4487000107765198},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3991999924182892},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.3982999920845032},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3774000108242035},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3677999973297119},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.36059999465942383},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35690000653266907},{"id":"https://openalex.org/C101317890","wikidata":"https://www.wikidata.org/wiki/Q940053","display_name":"Software maintenance","level":4,"score":0.3508000075817108},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.3490000069141388},{"id":"https://openalex.org/C171078966","wikidata":"https://www.wikidata.org/wiki/Q111029","display_name":"Root (linguistics)","level":2,"score":0.3384999930858612},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.33230000734329224},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3287999927997589},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.31929999589920044},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3086000084877014},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3084000051021576},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.30169999599456787},{"id":"https://openalex.org/C130963320","wikidata":"https://www.wikidata.org/wiki/Q1401207","display_name":"Root cause analysis","level":2,"score":0.29499998688697815},{"id":"https://openalex.org/C198352243","wikidata":"https://www.wikidata.org/wiki/Q37105","display_name":"Line (geometry)","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.2703000009059906},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.26019999384880066},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.2547999918460846},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.25220000743865967},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.2502000033855438}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icsme64153.2025.00015","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00015","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2093897789","https://openalex.org/W2102212651","https://openalex.org/W2126166995","https://openalex.org/W2157353183","https://openalex.org/W2530824252","https://openalex.org/W2796283679","https://openalex.org/W2980706498","https://openalex.org/W3004570974","https://openalex.org/W3162251560","https://openalex.org/W3162494388","https://openalex.org/W4284709537","https://openalex.org/W4385245566","https://openalex.org/W4385571596","https://openalex.org/W4388483064","https://openalex.org/W4389161785","https://openalex.org/W4391136507","https://openalex.org/W4393191843","https://openalex.org/W4396242417","https://openalex.org/W4400959040"],"related_works":[],"abstract_inverted_index":{"The":[0,106],"SZZ":[1,180],"method":[2,198],"and":[3,47,98,143,173],"its":[4],"variants":[5,39],"are":[6,124],"widely":[7],"employed":[8],"to":[9,17,31,83,162],"identify":[10],"vulnerability-affected":[11],"ranges":[12],"by":[13],"analyzing":[14],"vulnerability-fixing":[15,150],"commits":[16,123],"trace":[18],"back":[19],"vulnerability-inducing":[20,122],"commits.":[21],"However,":[22,92],"these":[23,93,132],"methods":[24,53],"generally":[25],"suffer":[26],"from":[27,58,140,149],"low":[28],"precision":[29,210],"due":[30],"several":[32],"key":[33],"factors:":[34],"1)":[35],"Current":[36],"static":[37],"method-based":[38],"often":[40,74],"incorrectly":[41],"consider":[42],"too":[43],"many":[44],"irrelevant":[45],"lines":[46,168],"files":[48],"in":[49,113,126,209,213],"a":[50,205,218],"commit.":[51],"While":[52],"that":[54,194],"extract":[55],"file":[56],"references":[57],"vulnerability":[59,188],"discussions":[60,69],"can":[61],"help":[62],"narrow":[63],"down":[64],"relevant":[65],"files,":[66],"obtaining":[67],"bug":[68],"for":[70,87,102,117],"every":[71],"CVE":[72],"is":[73],"difficult.":[75],"2)":[76],"Learning-based":[77],"approaches":[78],"focus":[79],"exclusively":[80],"on":[81,108],"code":[82],"capture":[84,163],"semantic":[85,138],"relationships":[86],"identifying":[88],"root":[89,166],"cause":[90,167],"lines.":[91],"models":[94,157],"utilize":[95],"limited":[96],"information":[97,139],"demonstrate":[99],"insufficient":[100],"capacity":[101],"effective":[103],"capture.":[104],"3)":[105],"reliance":[107],"line":[109],"mapping":[110],"algorithms":[111],"results":[112,192],"inadequate":[114],"tracing":[115,176],"capabilities":[116,177],"complex":[118],"vulnerabilities,":[119],"especially":[120],"when":[121],"obscured":[125],"earlier":[127],"software":[128],"versions.":[129],"To":[130],"address":[131],"issues,":[133],"this":[134,159],"paper":[135],"innovatively":[136],"incorporates":[137],"descriptive":[141],"text":[142],"the":[144,164,175,179,187],"nature":[145],"of":[146,169,178,186],"CVEs":[147],"derived":[148],"commit":[151],"diffs.":[152],"By":[153],"leveraging":[154],"large":[155],"language":[156],"(LLMs),":[158],"approach":[160],"aims":[161],"true":[165],"vulnerabilities":[170],"more":[171],"accurately":[172],"enhance":[174],"method,":[181],"thereby":[182],"achieving":[183,203],"precise":[184],"localization":[185],"impact":[189],"range.":[190],"Experimental":[191],"indicate":[193],"our":[195],"proposed":[196],"LLM-SZZ":[197],"outperforms":[199],"existing":[200],"state-of-the-art":[201],"approaches,":[202],"over":[204],"18":[206],"%":[207],"increase":[208],"across":[211],"datasets":[212],"various":[214],"programming":[215],"languages,":[216],"demonstrating":[217],"significant":[219],"performance":[220],"advantage.":[221]},"counts_by_year":[],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-31T00:00:00"}