Design and development of a large language model-based tool for vulnerability detection

Zhuravchak, Anastasiia and Piskozub, Andrian and Skorynovych, Bohdan and Lakh, Yuriy and Zhuravchak, Danyil and Hlushchenko, Pavlo and Venherskyi, Petro and Beliaiev, Igor and Vorokhob, Maksym and Kolbasynskyi, Ivan (2025) Design and development of a large language model-based tool for vulnerability detection Eastern-European Journal of Enterprise Technologies, 134 (2). pp. 75-83. ISSN 1729-3774

[thumbnail of A_Zhuravchak_et_all_EEJET_2_2_134_2025.pdf]

Text
A_Zhuravchak_et_all_EEJET_2_2_134_2025.pdf
Download (1MB)

Official URL: https://journals.uran.ua/eejet/article/view/325251...

Abstract

The subject of this study is a tool for automating vulnerability detection using large language models, developed to reduce the time spent on conventional penetration testing. In addition, a detailed analysis has been conducted comparing the effectiveness of the automated approach with that of conventional manual security testing. The tool utilizes application programming interface access to LLMs, enabling the analysis of large volumes of data, the identification of complex relationships between system components, and the provision of interactive support to specialists during the testing process. By conducting experiments under actual conditions, the tool demonstrated the ability to integrate with popular penetration test tools and deal with real cyber threats, particularly in scenarios involving active attacks on networks and web applications. By automating routine tasks, such as configuration checks, analysis of tool outputs, and generating recommendations, the tool significantly reduces the workload on specialists. On average, the tool shortened the testing time by 54.4 % compared to a manual approach. Recall reached 94.7 % in network analysis scenarios but dropped to 66.7 % in web application testing, while the automated approach’s precision ranged from 80 % to 90 %. The study results confirmed that the application of large language models in the penetration testing process significantly reduces the time required to complete tasks and improves the accuracy of vulnerability detection. The tool could be used both independently and in combination with other automation tools, making it a versatile solution for organizations of various sizes. Thus, the proposed solution is a substantial contribution to the development of modern cybersecurity technologies and demonstrates the prospects of integrating artificial intelligence into automation processes

Item Type:	Article
Uncontrolled Keywords:	large language models; vulnerability detection automation; artificial intelligence; multi-vector testing
Subjects:	Статті у базах даних > Scopus > У виданнях Q3 Scopus
Divisions:	Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Depositing User:	Павло Миколайович Складанний
Date Deposited:	05 May 2025 08:03
Last Modified:	05 May 2025 08:03
URI:	https://elibrary.kubg.edu.ua/id/eprint/51757

Actions (login required)

View Item