Conference:
Workshop on Whole-Lifecycle Security for Smart Systems: Methods and Tools (LIFESEC2025) at the 11th International Conference on Smart Computing (SMARTCOMP2025) , 16. June 2025, Cork, Ireland
Authors:
Apostolidis G, Kalouptsoglou I, Siavvas M, Kehagias D, Tzovaras D.
Abstract:
In modern software systems, early and accurate vulnerability detection is crucial. Traditional Static Analysis Tools (SATs) highlight potential security issues, providing fine-grained information including lines of code and vulnerability categories; however, they are hindered by a large number of false alarms.
On the other hand, Artificial Intelligence (AI)-based Vulnerability Prediction (VP) has emerged as a promising alternative for vulnerability identification in software products. Nevertheless, current VP methods face important limitations, such as the granularity level of the predictions, since VP is commonly conducted at the file or function level. In this study, we examine whether the utilization of AI-based vulnerability prediction as a filtering mechanism for static analysis alerts could reduce the number of false alarms, leading to more practical Static Application Security Testing (SAST). The results of the analysis show that this approach improves the practicality of static analysis, reducing false positives, with the impact on the detection accuracy being small.
