Toward Scalable Automated Repository-Level Datasets for Software Vulnerability Detection
This addresses the need for scalable, realistic datasets for software vulnerability detection, which is incremental by building on existing repo-level benchmarks.
The research tackled the problem of limited scalability in software vulnerability detection benchmarks by proposing an automated benchmark generator that injects realistic vulnerabilities into real-world repositories and synthesizes proof-of-vulnerability exploits, enabling precisely labeled datasets for training and evaluation.
Software vulnerabilities continue to grow in volume and remain difficult to detect in practice. Although learning-based vulnerability detection has progressed, existing benchmarks are largely function-centric and fail to capture realistic, executable, interprocedural settings. Recent repo-level security benchmarks demonstrate the importance of realistic environments, but their manual curation limits scale. This doctoral research proposes an automated benchmark generator that injects realistic vulnerabilities into real-world repositories and synthesizes reproducible proof-of-vulnerability (PoV) exploits, enabling precisely labeled datasets for training and evaluating repo-level vulnerability detection agents. We further investigate an adversarial co-evolution loop between injection and detection agents to improve robustness under realistic constraints.