JZUS - Journal of Zhejiang University SCIENCE

Journal of Zhejiang University SCIENCE C 1998 Vol.-1 No.-1 P.

LLM-enhanced probabilistic modeling for effective static analysis alarms

Author(s): Xinlong PAN^1, ², Jianhua LI^1, ², Zhihong ZHOU^1, ², Gaolei LI^1, ², Xiuzhen CHEN^1, ², Jin MA^1, ², Jun WU^1, ², Quanhai ZHANG^1, ²
Affiliation(s): ¹Institute of Cyber Security and Technology, School of Computer Science, Shanghai Jiaotong University,Shanghai 200240, China; more
Corresponding email(s): mr.p332@sjtu.edu.cn
Key Words: Static analysis, Bayesian inference, large language model(LLM), Alarm ranking

Share this article to： More <<< Previous Article \|Next Article >>>

Xinlong PAN^1,², Jianhua LI^1,², Zhihong ZHOU^1,², Gaolei LI^1,², Xiuzhen CHEN^1,²,Jin MA^1,², Jun WU^1,², Quanhai ZHANG^1,². LLM-enhanced probabilistic modeling for effective static analysis alarms[J]. Frontiers of Information Technology & Electronic Engineering, 1998, -1(-1): .

@article{title="LLM-enhanced probabilistic modeling for effective static analysis alarms",
author="Xinlong PAN^1,², Jianhua LI^1,², Zhihong ZHOU^1,², Gaolei LI^1,², Xiuzhen CHEN^1,²,Jin MA^1,², Jun WU^1,², Quanhai ZHANG^1,²",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="-1",
number="-1",
pages="",
year="1998",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.2500038"
}

%0 Journal Article
%T LLM-enhanced probabilistic modeling for effective static analysis alarms
%A Xinlong PAN^1
%A²
%A Jianhua LI^1
%A²
%A Zhihong ZHOU^1
%A²
%A Gaolei LI^1
%A²
%A Xiuzhen CHEN^1
%A²
%A Jin MA^1
%A²
%A Jun WU^1
%A²
%A Quanhai ZHANG^1
%A²
%J Journal of Zhejiang University SCIENCE C
%V -1
%N -1
%P
%@ 2095-9184
%D 1998
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.2500038

TY - JOUR
T1 - LLM-enhanced probabilistic modeling for effective static analysis alarms
A1 - Xinlong PAN^{1
A1 -}²
A1 - Jianhua LI^{1
A1 -}²
A1 - Zhihong ZHOU^{1
A1 -}²
A1 - Gaolei LI^{1
A1 -}²
A1 - Xiuzhen CHEN^{1
A1 -}²
A1 - Jin MA^{1
A1 -}²
A1 - Jun WU^{1
A1 -}²
A1 - Quanhai ZHANG^{1
A1 -}²
J0 - Journal of Zhejiang University Science C
VL - -1
IS - -1
SP -
EP -
%@ 2095-9184
Y1 - 1998
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.2500038

Abstract
Chinese Summary
Academic Network
Reviewer Comment

Abstract: static analysis presents significant challenges in alarm handling, where probabilistic models and alarm prioritization are essential methods for addressing these issues. These models prioritize alarms based on user feedback, thereby alleviating the burden on users to manually inspect alarms. However, they often encounter limitations related to efficiency and issues such as false generalization. While learning-based approaches have demonstrated promise, they typically incur high training costs and are constrained by the predefined structures of existing models. Moreover, the integration of large language models (LLMs) in static analysis has yet to reach its full potential, often resulting in lower accuracy rates in vulnerability identification.To tackle these challenges, we introduce BINLLM, a novel framework that harnesses the generalization capabilities of LLMs to enhance alarm probability models through rule learning. Our approach integrates LLM-derived abstract rules into the probabilistic model, utilizing alarm paths and critical statements from static analysis. This integration enhances the model�s reasoning capabilities, improving its effectiveness in prioritizing genuine bugs while mitigating false generalizations. We evaluated BINLLM on a suite of C programs and observed 40.1% and 9.4% reduction in the number of checks required for alarm verification compared to two state-of-the-art baselines, underscoring the potential of combining LLMs with static analysis to improve alarm management.

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Similar articles

- Go to

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article