Zhuravchak, Anastasiia та Piskozub, Andrian та Skorynovych, Bohdan та Lakh, Yuriy та Zhuravchak, Danyil та Hlushchenko, Pavlo та Venherskyi, Petro та Beliaiev, Igor та Vorokhob, Maksym та Kolbasynskyi, Ivan (2025) Design and development of a large language model-based tool for vulnerability detection Eastern-European Journal of Enterprise Technologies, 134 (2). с. 75-83. ISSN 1729-3774
![[thumbnail of A_Zhuravchak_et_all_EEJET_2_2_134_2025.pdf]](https://elibrary.kubg.edu.ua/style/images/fileicons/text.png) |
Текст
A_Zhuravchak_et_all_EEJET_2_2_134_2025.pdf Download (1MB) |
Анотація
The subject of this study is a tool for automating vulnerability detection using large language models, developed to reduce the time spent on conventional penetration testing. In addition, a detailed analysis has been conducted comparing the effectiveness of the automated approach with that of conventional manual security testing. The tool utilizes application programming interface access to LLMs, enabling the analysis of large volumes of data, the identification of complex relationships between system components, and the provision of interactive support to specialists during the testing process. By conducting experiments under actual conditions, the tool demonstrated the ability to integrate with popular penetration test tools and deal with real cyber threats, particularly in scenarios involving active attacks on networks and web applications. By automating routine tasks, such as configuration checks, analysis of tool outputs, and generating recommendations, the tool significantly reduces the workload on specialists. On average, the tool shortened the testing time by 54.4 % compared to a manual approach. Recall reached 94.7 % in network analysis scenarios but dropped to 66.7 % in web application testing, while the automated approach’s precision ranged from 80 % to 90 %. The study results confirmed that the application of large language models in the penetration testing process significantly reduces the time required to complete tasks and improves the accuracy of vulnerability detection. The tool could be used both independently and in combination with other automation tools, making it a versatile solution for organizations of various sizes. Thus, the proposed solution is a substantial contribution to the development of modern cybersecurity technologies and demonstrates the prospects of integrating artificial intelligence into automation processes
| Тип елементу : | Стаття |
|---|---|
| Ключові слова: | large language models; vulnerability detection automation; artificial intelligence; multi-vector testing |
| Типологія: | Статті у базах даних > Scopus > У виданнях Q3 Scopus |
| Підрозділи: | Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка |
| Користувач, що депонує: | Павло Миколайович Складанний |
| Дата внесення: | 05 Трав 2025 08:03 |
| Останні зміни: | 05 Трав 2025 08:03 |
| URI: | https://elibrary.kubg.edu.ua/id/eprint/51757 |
Actions (login required)
 |
Перегляд елементу |