Search papers, labs, and topics across Lattice.
This research proposes an automated benchmark generator for software vulnerability detection that injects realistic vulnerabilities into real-world repositories and synthesizes proof-of-vulnerability (PoV) exploits. By automating the creation of repository-level datasets, the approach addresses the limitations of existing function-centric benchmarks and the scalability issues of manually curated repo-level datasets. The research also explores an adversarial co-evolution loop between injection and detection agents to enhance robustness.
Automated injection of realistic vulnerabilities and synthesis of PoV exploits finally makes scalable, precisely labeled, repository-level vulnerability datasets a reality.
Software vulnerabilities continue to grow in volume and remain difficult to detect in practice. Although learning-based vulnerability detection has progressed, existing benchmarks are largely function-centric and fail to capture realistic, executable, interprocedural settings. Recent repo-level security benchmarks demonstrate the importance of realistic environments, but their manual curation limits scale. This doctoral research proposes an automated benchmark generator that injects realistic vulnerabilities into real-world repositories and synthesizes reproducible proof-of-vulnerability (PoV) exploits, enabling precisely labeled datasets for training and evaluating repo-level vulnerability detection agents. We further investigate an adversarial co-evolution loop between injection and detection agents to improve robustness under realistic constraints.
