{"id":"https://openalex.org/W7155044702","doi":"https://doi.org/10.48550/arxiv.2604.17948","title":"RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs","display_name":"RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs","publication_year":2026,"publication_date":"2026-04-20","ids":{"openalex":"https://openalex.org/W7155044702","doi":"https://doi.org/10.48550/arxiv.2604.17948"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.17948","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.17948","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.17948","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5134147579","display_name":"Parteek Jamwal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jamwal, Parteek","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134125878","display_name":"Minghao Shao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shao, Minghao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061701229","display_name":"Boyuan Chen","orcid":"https://orcid.org/0000-0001-9103-5820"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Boyuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134098237","display_name":"Achyuta Muthuvelan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Muthuvelan, Achyuta","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134096195","display_name":"Asini Subanya","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Subanya, Asini","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134112352","display_name":"Boubacar Ballo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ballo, Boubacar","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134138930","display_name":"Kashish Satija","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Satija, Kashish","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134153123","display_name":"Mariam Shafey","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shafey, Mariam","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134129084","display_name":"Mohamed Mahmoud","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mahmoud, Mohamed","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134210264","display_name":"Moncif Dahaji Bouffi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bouffi, Moncif Dahaji","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055278214","display_name":"Pasindu Wickramasinghe","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wickramasinghe, Pasindu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134196422","display_name":"Siyona Goel","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Goel, Siyona","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119513794","display_name":"Yaakulya Sabbani","orcid":"https://orcid.org/0009-0001-3689-3109"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sabbani, Yaakulya","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127984234","display_name":"Hakim Hacid","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hacid, Hakim","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019448525","display_name":"Mthandazo Ndhlovu","orcid":"https://orcid.org/0000-0003-0474-9548"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ndhlovu, Mthandazo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088268250","display_name":"Eleanna Kafeza","orcid":"https://orcid.org/0000-0001-9565-2375"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kafeza, Eleanna","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033142771","display_name":"Sanjay Rawat","orcid":"https://orcid.org/0000-0003-0875-7924"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rawat, Sanjay","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134142884","display_name":"Muhammad Shafique","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shafique, Muhammad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":18,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.5580000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.5580000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.12720000743865967,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.061900001019239426,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.765999972820282},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5443000197410583},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.513700008392334},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.4984000027179718},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4336000084877014},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.3910999894142151}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.765999972820282},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7150999903678894},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5443000197410583},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.513700008392334},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.4984000027179718},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48410001397132874},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4336000084877014},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3910999894142151},{"id":"https://openalex.org/C146849305","wikidata":"https://www.wikidata.org/wiki/Q370766","display_name":"Ground truth","level":2,"score":0.36890000104904175},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.3402000069618225},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.335099995136261},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.325300008058548},{"id":"https://openalex.org/C84945661","wikidata":"https://www.wikidata.org/wiki/Q7366567","display_name":"Root cause","level":2,"score":0.31540000438690186},{"id":"https://openalex.org/C2777267654","wikidata":"https://www.wikidata.org/wiki/Q3519023","display_name":"Test (biology)","level":2,"score":0.29820001125335693},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.2969000041484833},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2721000015735626},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.25690001249313354}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.17948","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.17948","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.17948","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.17948","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.8286488056182861,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4],"demonstrated":[5],"remarkable":[6],"capabilities":[7],"across":[8,126],"various":[9],"cybersecurity":[10],"tasks,":[11],"including":[12,90],"vulnerability":[13,23,51,79,170],"classification,":[14],"detection,":[15],"and":[16,26,43,95,103,106,135],"patching.":[17],"However,":[18],"their":[19],"potential":[20],"in":[21],"automated":[22,169],"report":[24,112],"documentation":[25],"analysis":[27,52],"remains":[28],"underexplored.":[29],"We":[30,138],"present":[31],"RAVEN":[32,58,117,140],"(Retrieval":[33],"Augmented":[34,45],"Vulnerability":[35],"Exploration":[36],"Network),":[37],"a":[38,81,107,119],"framework":[39,71],"leveraging":[40],"LLM":[41,122],"agents":[42],"Retrieval":[44],"Generation":[46],"(RAG)":[47],"to":[48],"synthesize":[49],"comprehensive":[50],"reports.":[53],"Given":[54],"vulnerable":[55,143],"source":[56],"code,":[57],"generates":[59],"reports":[60,94,125],"following":[61],"the":[62,151,163],"Google":[63,91],"Project":[64,92],"Zero":[65,93],"Root":[66],"Cause":[67],"Analysis":[68],"template.":[69],"The":[70],"uses":[72],"four":[73],"modules:":[74],"an":[75,98,156],"Explorer":[76],"agent":[77,100,109],"for":[78,101,110,168],"identification,":[80],"RAG":[82],"engine":[83],"retrieving":[84],"relevant":[85],"knowledge":[86],"from":[87,150],"curated":[88],"databases":[89],"CWE":[96,148],"entries,":[97],"Analyst":[99],"impact":[102],"exploitation":[104],"assessment,":[105],"Reporter":[108],"structured":[111],"generation.":[113],"To":[114],"ensure":[115],"quality,":[116,134],"includes":[118],"task":[120],"specific":[121],"Judge":[123],"evaluating":[124],"structural":[127],"integrity,":[128],"ground":[129],"truth":[130],"alignment,":[131],"code":[132,144],"reasoning":[133],"remediation":[136],"quality.":[137],"evaluate":[139],"on":[141],"105":[142],"samples":[145],"covering":[146],"15":[147],"types":[149],"NIST-SARD":[152],"dataset.":[153],"Results":[154],"show":[155],"average":[157],"quality":[158],"score":[159],"of":[160,165],"54.21%,":[161],"supporting":[162],"effectiveness":[164],"our":[166],"approach":[167],"documentation.":[171]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-22T00:00:00"}