AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (1.3 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Research Article | Open Access

VPLocator: Vulnerability Patch Localization Model Based on LLM

Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China
Zhongguancun Laboratory, Beijing 100094, China
Faculty of Data Science, Shiga University, Hikone 522-0069, Japan
Show Author Information
An erratum to this article is available online at:

Abstract

The reuse of third-party open source software (OSS) has become increasingly common, leading to the inadvertent introduction of external vulnerabilities and subsequent security issues. While security patches play a crucial role in software security, the lack of vulnerability patch datasets poses a challenge. In this paper, we introduce VPLocator, an automated approach matching vulnerabilities with commit patches based on large language model (LLM). VPLocator utilizes BERT to extract deep semantic interactive relation between vulnerability description and commit message, and integrates these features with manually selected and extracted features. By training a prediction model based on a multilayer perceptron (MLP), primary VPLocator achieves an average recall rate of 98.2%. Furthermore, advanced VPLocator employs ChatGPT to analyze difference between the code before and after commit modification. By incorporating semantic features from the descriptive understanding text analyzed by ChatGPT, VPLocator enhances precision from 47.7% to 78.7%.

References

【1】
【1】
 
 
Tsinghua Science and Technology
Pages 809-822

{{item.num}}

Comments on this article

Go to comment

< Back to all reports

Review Status: {{reviewData.commendedNum}} Commended , {{reviewData.revisionRequiredNum}} Revision Required , {{reviewData.notCommendedNum}} Not Commended Under Peer Review

Review Comment

Close
Close
Cite this article:
Zhang Z, Zhuge J, Zhou X. VPLocator: Vulnerability Patch Localization Model Based on LLM. Tsinghua Science and Technology, 2026, 31(2): 809-822. https://doi.org/10.26599/TST.2024.9010198
Part of a topical collection:

2128

Views

151

Downloads

3

Crossref

3

Web of Science

0

Scopus

0

CSCD

Received: 01 July 2024
Revised: 08 October 2024
Accepted: 19 October 2024
Published: 21 October 2025
© The author(s) 2026.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).