{"id":"https://openalex.org/W4417132504","doi":"https://doi.org/10.1109/saner-c66551.2025.00017","title":"Impact of Identifier Normalization on Vulnerability Detection Techniques","display_name":"Impact of Identifier Normalization on Vulnerability Detection Techniques","publication_year":2025,"publication_date":"2025-03-04","ids":{"openalex":"https://openalex.org/W4417132504","doi":"https://doi.org/10.1109/saner-c66551.2025.00017"},"language":null,"primary_location":{"id":"doi:10.1109/saner-c66551.2025.00017","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner-c66551.2025.00017","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020643438","display_name":"Torge Hinrichs","orcid":"https://orcid.org/0000-0001-7489-3540"},"institutions":[{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]},{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Torge Hinrichs","raw_affiliation_strings":["Hamburg University of Technology,Institute of Software Security,Hamburg,Germany"],"affiliations":[{"raw_affiliation_string":"Hamburg University of Technology,Institute of Software Security,Hamburg,Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120725210","display_name":"Tim Diercks","orcid":null},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tim Diercks","raw_affiliation_strings":["Hamburg University of Technology,Institute of Software Security,Hamburg,Germany"],"affiliations":[{"raw_affiliation_string":"Hamburg University of Technology,Institute of Software Security,Hamburg,Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012313708","display_name":"Riccardo Scandariato","orcid":"https://orcid.org/0000-0003-3591-7671"},"institutions":[{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]},{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Riccardo Scandariato","raw_affiliation_strings":["Hamburg University of Technology,Institute of Software Security,Hamburg,Germany"],"affiliations":[{"raw_affiliation_string":"Hamburg University of Technology,Institute of Software Security,Hamburg,Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5020643438"],"corresponding_institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.5322504,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"69","last_page":"76"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3102000057697296,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3102000057697296,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.295199990272522,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.14650000631809235,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/normalization","display_name":"Normalization (sociology)","score":0.7939000129699707},{"id":"https://openalex.org/keywords/adaptability","display_name":"Adaptability","score":0.6844000220298767},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5551999807357788},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.5383999943733215},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.4668999910354614},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.38749998807907104}],"concepts":[{"id":"https://openalex.org/C136886441","wikidata":"https://www.wikidata.org/wiki/Q926129","display_name":"Normalization (sociology)","level":2,"score":0.7939000129699707},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6866999864578247},{"id":"https://openalex.org/C177606310","wikidata":"https://www.wikidata.org/wiki/Q5674297","display_name":"Adaptability","level":2,"score":0.6844000220298767},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6011999845504761},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5663999915122986},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5551999807357788},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.5383999943733215},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5049999952316284},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.4668999910354614},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38749998807907104},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3517000079154968},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2879999876022339},{"id":"https://openalex.org/C162984825","wikidata":"https://www.wikidata.org/wiki/Q339072","display_name":"Database normalization","level":3,"score":0.27309998869895935},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.26899999380111694},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.25200000405311584}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/saner-c66551.2025.00017","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner-c66551.2025.00017","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1761184020","https://openalex.org/W3091588759","https://openalex.org/W3183469243","https://openalex.org/W4220908965","https://openalex.org/W4284667406","https://openalex.org/W4312436517","https://openalex.org/W4312690534","https://openalex.org/W4384345694","https://openalex.org/W4384345698","https://openalex.org/W4385516159","https://openalex.org/W4388212383","https://openalex.org/W4389159189","https://openalex.org/W4391855109","https://openalex.org/W4398785927","https://openalex.org/W4407163436","https://openalex.org/W4410537167"],"related_works":[],"abstract_inverted_index":{"This":[0],"study":[1,158],"examines":[2],"the":[3,31,39,42],"impact":[4],"of":[5,34,44,106,162],"identifier":[6],"normalization":[7],"on":[8,87,100],"software":[9],"vulnerability":[10,155],"detection":[11],"using":[12],"three":[13],"approaches:":[14],"static":[15],"application":[16],"security":[17],"testing":[18],"(SAST),":[19],"specialized":[20],"machine":[21],"learning":[22],"(ML)":[23],"models,":[24,79,168],"and":[25,54,63,72,127,133,153,170,176],"Large":[26],"Language":[27],"Models":[28],"(LLM).":[29],"Using":[30],"BigVul":[32],"dataset":[33],"vulnerabilities":[35],"in":[36,116,178],"C/C++":[37],"projects,":[38],"research":[40],"evaluates":[41],"performance":[43,96],"these":[45],"methods":[46],"under":[47],"normalized":[48,101,132],"(generalized":[49],"variables":[50],"/":[51],"functions":[52],"names)":[53],"their":[55,104,117],"original":[56],"conditions.":[57],"SAST":[58,141],"tools":[59,142,172],"such":[60,80,111],"as":[61,81,112],"Flawfinder":[62],"CppCheck":[64],"exhibit":[65],"limited":[66],"effectiveness":[67],"(F1":[68,90],"\u223c":[69,91],"scores":[70,86],"0.1)":[71],"are":[73,143],"unaffected":[74],"by":[75],"normalization.":[76],"Specialized":[77],"ML":[78,167],"LineVul,":[82],"achieve":[83],"high":[84],"F1":[85],"nonnormalized":[88],"data":[89],"0.9)":[92],"but":[93],"suffer":[94],"significant":[95],"drops":[97],"when":[98],"tested":[99],"inputs,":[102],"highlighting":[103],"lack":[105],"generalizability.":[107],"In":[108],"contrast,":[109],"LLMs":[110,147],"Llama3,":[113],"although":[114],"underperforming":[115],"pre-trained":[118],"state,":[119],"show":[120],"substantial":[121],"improvement":[122],"after":[123],"fine-tuning,":[124],"achieving":[125],"robust":[126],"consistent":[128],"results":[129],"across":[130],"both":[131],"non-normalized":[134],"datasets.":[135],"The":[136,157],"findings":[137],"suggest":[138],"that":[139,165],"while":[140],"less":[144],"effective,":[145],"fine-tuned":[146],"hold":[148],"strong":[149],"potential":[150],"for":[151],"scalable":[152],"generalized":[154],"detection.":[156],"recommends":[159],"further":[160],"exploration":[161],"hybrid":[163],"approaches":[164],"combine":[166],"LLMs,":[169],"traditional":[171],"to":[173],"enhance":[174],"accuracy":[175],"adaptability":[177],"diverse":[179],"scenarios.":[180]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-08T00:00:00"}