{"id":"https://openalex.org/W4415107999","doi":"https://doi.org/10.48550/arxiv.2506.13090","title":"Detecting Hard-Coded Credentials in Software Repositories via LLMs","display_name":"Detecting Hard-Coded Credentials in Software Repositories via LLMs","publication_year":2025,"publication_date":"2025-06-16","ids":{"openalex":"https://openalex.org/W4415107999","doi":"https://doi.org/10.48550/arxiv.2506.13090"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2506.13090","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2506.13090","pdf_url":"https://arxiv.org/pdf/2506.13090","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2506.13090","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013547418","display_name":"Chidera Biringa","orcid":"https://orcid.org/0000-0001-5904-2764"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Biringa, Chidera","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5039228531","display_name":"G\u00f6khan Kul","orcid":"https://orcid.org/0000-0001-6467-1979"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kul, Gokhan","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5013547418"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9642000198364258,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9642000198364258,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7821999788284302},{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.6908000111579895},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6032000184059143},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5277000069618225},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5182999968528748},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.47350001335144043},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.427700012922287},{"id":"https://openalex.org/keywords/natural-language","display_name":"Natural language","score":0.4138999879360199},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3855000138282776},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.3831999897956848}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8197000026702881},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7821999788284302},{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.6908000111579895},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6032000184059143},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5277000069618225},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5217999815940857},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5182999968528748},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4966999888420105},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.47350001335144043},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.427700012922287},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.4138999879360199},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3855000138282776},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.3831999897956848},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.3578000068664551},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.3492000102996826},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.34599998593330383},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.33719998598098755},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.33500000834465027},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.328900009393692},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.32249999046325684},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.31029999256134033},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.29760000109672546},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.29510000348091125},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.2919999957084656},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2867000102996826},{"id":"https://openalex.org/C2779439875","wikidata":"https://www.wikidata.org/wiki/Q1078276","display_name":"Natural language understanding","level":3,"score":0.28540000319480896},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.28450000286102295},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2840000092983246},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.2825999855995178},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.28060001134872437},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.27410000562667847},{"id":"https://openalex.org/C178005623","wikidata":"https://www.wikidata.org/wiki/Q308859","display_name":"Anonymity","level":2,"score":0.2727000117301941},{"id":"https://openalex.org/C2777462759","wikidata":"https://www.wikidata.org/wiki/Q18395344","display_name":"Word embedding","level":3,"score":0.26759999990463257},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.26080000400543213}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2506.13090","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2506.13090","pdf_url":"https://arxiv.org/pdf/2506.13090","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2506.13090","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2506.13090","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2506.13090","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2506.13090","pdf_url":"https://arxiv.org/pdf/2506.13090","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Software":[0],"developers":[1],"frequently":[2],"hard-code":[3],"credentials":[4,37,63,78],"such":[5,50,100],"as":[6,51,101],"passwords,":[7],"generic":[8,13],"secrets,":[9],"private":[10],"keys,":[11],"and":[12,81,149,184],"tokens":[14],"in":[15,85,124,135,171,196],"software":[16],"repositories,":[17],"even":[18],"though":[19],"it":[20],"is":[21],"strictly":[22],"advised":[23],"against":[24],"due":[25],"to":[26,30,46,60,67,75,118,145,154,159,188],"the":[27,31,34,111,166,175,190],"severe":[28],"threat":[29],"security":[32],"of":[33,192],"software.":[35],"These":[36],"create":[38],"attack":[39],"surfaces":[40],"exploitable":[41],"by":[42,109,169],"a":[43,128,155],"potential":[44],"adversary":[45],"conduct":[47],"malicious":[48],"exploits":[49],"backdoor":[52],"attacks.":[53],"Recent":[54],"detection":[55],"efforts":[56],"utilize":[57],"embedding":[58,152],"models":[59,73],"vectorize":[61],"textual":[62],"before":[64],"passing":[65],"them":[66],"classifiers":[68],"for":[69,116],"predictions.":[70,89],"However,":[71],"these":[72,147],"struggle":[74],"discriminate":[76],"between":[77,122],"with":[79],"contextual":[80,120],"complex":[82],"sequences":[83],"resulting":[84],"high":[86],"false":[87],"positive":[88],"Context-dependent":[90],"Pre-trained":[91,103],"Language":[92,97],"Models":[93,98],"(PLMs)":[94],"or":[95],"Large":[96],"(LLMs)":[99],"Generative":[102],"Transformers":[104],"(GPT)":[105],"tackled":[106],"this":[107,197],"drawback":[108],"leveraging":[110],"transformer":[112],"neural":[113],"architecture":[114],"capacity":[115],"self-attention":[117],"capture":[119],"dependencies":[121],"words":[123],"input":[125],"sequences.":[126],"As":[127],"result,":[129],"GPT":[130],"has":[131],"achieved":[132],"wide":[133],"success":[134],"several":[136],"natural":[137],"language":[138],"understanding":[139],"endeavors.":[140],"Hence,":[141],"we":[142],"assess":[143],"LLMs":[144],"represent":[146],"observations":[148],"feed":[150],"extracted":[151],"vectors":[153],"deep":[156],"learning":[157],"classifier":[158],"detect":[160],"hard-coded":[161],"credentials.":[162],"Our":[163],"model":[164],"outperforms":[165],"current":[167],"state-of-the-art":[168],"13%":[170],"F1":[172],"measure":[173],"on":[174],"benchmark":[176],"dataset.":[177],"We":[178],"have":[179],"made":[180],"all":[181,193],"source":[182],"code":[183],"data":[185],"publicly":[186],"available":[187],"facilitate":[189],"reproduction":[191],"results":[194],"presented":[195],"paper.":[198]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-13T00:00:00"}