LLM-based Vulnerable Code Augmentation: Generate or Refactor?
By: Dyna Soumhane Ouchebara, Stéphane Dupont
Vulnerability code-bases often suffer from severe imbalance, limiting the effectiveness of Deep Learning-based vulnerability classifiers. Data Augmentation could help solve this by mitigating the scarcity of under-represented CWEs. In this context, we investigate LLM-based augmentation for vulnerable functions, comparing controlled generation of new vulnerable samples with semantics-preserving refactoring of existing ones. Using Qwen2.5-Coder to produce augmented data and CodeBERT as a vulnerability classifier on the SVEN dataset, we find that our approaches are indeed effective in enriching vulnerable code-bases through a simple process and with reasonable quality, and that a hybrid strategy best boosts vulnerability classifiers' performance.
Similar Papers
A Study on Mixup-Inspired Augmentation Methods for Software Vulnerability Detection
Software Engineering
Helps computers find computer program mistakes.
Synthetic Code Surgery: Repairing Bugs and Vulnerabilities with LLMs and Synthetic Data
Software Engineering
Fixes computer code errors automatically.
LLM-CSEC: Empirical Evaluation of Security in C/C++ Code Generated by Large Language Models
Artificial Intelligence
Finds security problems in computer code made by AI.