Large Language Models for Vulnerability Detection

About the Project

As software systems grow in complexity, the need for automated methods to detect vulnerabilities such as buffer overflows, SQL injections, and cross-site scripting becomes increasingly critical. Traditional static and dynamic analysis techniques are often labour-intensive, domain-dependent, and limited in generalisation across codebases.

Recent advancements in Large Language Models (LLMs), such as GPT-4, offer a transformative opportunity to address these limitations. By leveraging their ability to understand and generate structured text, this project aims to explore how LLMs can be trained and fine-tuned to identify, explain, and help mitigate security vulnerabilities in source code across multiple programming languages.

Objectives:

1. Model Development and Fine-tuning: Develop and fine-tune LLMs for vulnerability detection using curated datasets of vulnerable and non-vulnerable code.
2. Contextual and Multi-language Understanding: Enable LLMs to capture contextual relationships and detect vulnerabilities across diverse programming languages.
3. Evaluation and Explainability: Benchmark model performance against existing tools and develop interpretable outputs that provide developers with actionable insights.
4. Workflow Integration: Investigate how LLM-based detection can be embedded into CI/CD pipelines for real-time feedback during development.

Academic qualifications

The ideal candidate should have a first degree with at least a 2:1 classification in one of the following subjects: Computer Science, Cybersecurity, Artificial Intelligence/Machine Learning, Software Engineering, Data Science or similar subjects.

English language requirement

IELTS score must be at least 6.5 (with not less than 6.0 in each of the four components). Other, equivalent qualifications will be accepted. Full details of the University’s policy are available online.

Essential attributes:

Strong Programming Skills

• Understanding of Machine Learning
• Knowledge of Cybersecurity
• Analytical and Problem-Solving Skills
• Research Aptitude
• Data Management Skills
• Attention to Detail
• Good Communication Skills
• Self-Motivation and Initiative
• Collaboration Skills
• Adaptability and Willingness to Learn
• Critical Thinking

APPLICATION CHECKLIST

• Completed application form
• CV
• 2 academic references, using the Postgraduate Educational Reference Form (download)
• Research project outline of 2 pages (list of references excluded). The outline may provide details about
  1. Background and motivation of the project. The motivation, explaining the importance of the project, should be supported also by relevant literature. You can also discuss the applications you expect for the project results.
  2. Research questions or objectives.
  3. Methodology: types of data to be used, approach to data collection, and data analysis methods.
  4. List of references.

The outline must be created solely by the applicant. Supervisors can only offer general discussions about the project idea without providing any additional support.

• Statement no longer than 1 page describing your motivations and fit with the project.
• Evidence of proficiency in English (if appropriate)

To be considered, the application must use

• the advertised title as project title

For informal enquiries about this PhD project, please contact K.Babaagba@napier.ac.uk

Application Enquiries: https://www.napier.ac.uk/research-and-innovation/doctoral-college/application-guidance

Application link: https://evision.napier.ac.uk/si/sits.urd/run/siw_sso.go?ElOlarlItFiG37xnH5PRRBvv3d563wLdwX4JfhYskMa3bJWTuc

References

1. Xin Zhou, Sicong Cao, Xiaobing Sun, and David Lo. 2025. "Large Language Model for Vulnerability Detection and Repair: Literature Review and the Road Ahead." ACM Trans. Softw. Eng. Methodol. 34, 5, Article 145 (June 2025), 31 pages. https://doi.org/10.1145/3708522.
2. Kunwar, Pradip, Kshitiz Aryal, Maanak Gupta, Mahmoud Abdelsalam, and Elisa Bertino. "SoK: Leveraging Transformers for Malware Analysis." IEEE Transactions on Dependable and Secure Computing (2025).
3. Noever, David. "Can large language models find and fix vulnerable software?." arXiv preprint arXiv:2308.10345 (2023).