Enhancing Large Language Models with Faster Code Preprocessing for Vulnerability Detection
José Gonçalves, Miguel Silva, Eva Maia, Isabel Praça
TL;DR
This paper tackles the challenge of vulnerability detection by standardizing code representations with a faster preprocessing tool. It introduces SCoPE2, a TreeSitter-based framework that unifies and accelerates code transformations, enabling broader language support and macro handling while producing text or token-array representations. Through experiments on DiverseVul/RDiverseVul and fine-tuning LLaMA 3.2 with LoRA, SCoPE2 delivers a dramatic preprocessing time reduction (97.3%) and modest but consistent gains in vulnerability-detection metrics. The work highlights the practical impact of efficient, language-agnostic code preprocessing for scalable AI-driven security analysis and suggests directions for future model-coupled data augmentation and adversarial testing.
Abstract
The application of Artificial Intelligence has become a powerful approach to detecting software vulnerabilities. However, effective vulnerability detection relies on accurately capturing the semantic structure of code and its contextual relationships. Given that the same functionality can be implemented in various forms, a preprocessing tool that standardizes code representation is important. This tool must be efficient, adaptable across programming languages, and capable of supporting new transformations. To address this challenge, we build on the existing SCoPE framework and introduce SCoPE2, an enhanced version with improved performance. We compare both versions in terms of processing time and memory usage and evaluate their impact on a Large Language Model (LLM) for vulnerability detection. Our results show a 97.3\% reduction in processing time with SCoPE2, along with an improved F1-score for the LLM, solely due to the refined preprocessing approach.
