The article discusses the limitations of current vulnerability detection methods in Android applications, like the high number of false positives and limited analysis scope. It suggests that machine learning approaches are constrained by data requirements and feature engineering challenges. The article explores the efficacy of Large Language Models (LLMs) in detecting vulnerabilities. The study focuses on using LLMs to build an AI-driven workflow that assists developers in identifying and rectifying vulnerabilities. The results show that LLMs correctly identified insecure apps 91.67% of the time in the Ghera benchmark. The article concludes by suggesting that LLMs can be used to build robust and actionable vulnerability detection systems.

 

Publication date: 4 Jan 2024
Project Page: Not provided
Paper: https://arxiv.org/pdf/2401.01269