TY  - JOUR
AU  - Jiao, Yutong
AU  - Han, Jiaxuan
AU  - Huang, Cheng
PY  - 2025
DA  - 2025/12/01
TI  - DeepVulHunter: enhancing the code vulnerability detection capability of LLMs through multi-round analysis
JO  - Journal of Intelligent Information Systems
SP  - 2237
EP  - 2264
VL  - 63
IS  - 6
AB  - As the economic losses caused by software vulnerabilities continue to escalate, automated vulnerability detection has emerged as a crucial demand in software engineering. While current Large Language Model (LLM)-based approaches demonstrate promising capabilities for vulnerability detection, they still face significant challenges including susceptibility to non-vulnerability factors like code length, severe hallucination issues, and unsatisfactory detection accuracy and balance. To overcome these limitations, we propose DeepVulHunter, a novel multi-round detection framework that utilizes Retrieval Augmented Generation (RAG) technique to provide code snippets semantically similar to the target code and their associated vulnerability information. Extensive experiments conducted across five representative models from the Llama and Deepseek series confirm that our method effectively mitigates these challenges while enhancing both accuracy and balance in vulnerability detection tasks for general large models. The best-performing Llama-405B model achieves a detection accuracy of up to 75.3%, surpassing the current state-of-the-art approach that utilizes GPT-4 with Chain-of-Thought (CoT) prompting.
SN  - 1573-7675
UR  - https://doi.org/10.1007/s10844-025-00982-0
DO  - 10.1007/s10844-025-00982-0
ID  - Jiao2025
ER  -