• 学校首页
  • 办公信息
  • 邮箱
  • 网站后台
  • English

学术报告《Leveraging Large Language Models for Software Security》

发布日期:2026/07/10 点击量:

报告人:张婷

报告地点:淦昌苑D座320

报告时间:2026-07-15 10:00


Title: From Detection to Prevention: Advancing LLM-Based Software Vulnerability Management through Reasoning, Repair, and Secure Generation


Speaker Bio: Ting Zhang is a Lecturer (Assistant Professor) at Monash University, Australia, with research interests in software engineering and cybersecurity. Her work focuses on leveraging large language models to improve software security across the vulnerability lifecycle, from detection and repair to secure code generation. She has published at top venues including ICSE, FSE, ASE, ACL, ICML, TSE and TOSEM, with over 1,200 citations. Prior to joining Monash, she received her PhD from Singapore Management University.


Talk Summary: Software vulnerabilities continue to grow faster than developers can fix them. Large language models (LLMs) offer a promising path toward automating key stages of the vulnerability management lifecycle, but significant challenges remain in reasoning quality, repair correctness, and secure generation. This talk presents a unified research narrative spanning three recent works that address these challenges progressively. First, R2Vul introduces reinforcement learning (RL) from AI feedback with structured reasoning distillation to train small yet effective models for vulnerability detection, demonstrating that contrastive reasoning, distinguishing valid from flawed explanations, yields models that outperform commercial LLMs at a fraction of the cost. Second, SeCuRepair tackles automated vulnerability repair through an RL framework with semantic-aware rewards and curriculum learning, overcoming the syntactic overfitting problem that plagues supervised approaches and enabling reliable multi-hunk patch generation. Third, Stream of Revision rethinks the problem from the ground up by embedding self-correction directly into the code generation process, introducing special action tokens that allow LLMs to detect, localize, and patch vulnerabilities on the fly during a single forward pass, shifting the paradigm from post-hoc repair to real-time prevention. Together, these works trace a path from reactive vulnerability handling to proactive secure code generation, pointing toward a future where AI-assisted development is secure by design.



邀请人:李思远

审核人:郭山清


联系我们

地址:山东省青岛市即墨区滨海路72号山东大学青岛校区淦昌苑D座邮编:266237

邮箱:cst@sdu.edu.cn电话:(86)-532-58638601传真:(86)-532-58638633

版权所有 Copyright © 山东大学网络空间安全学院