Total: 1
In this paper, we present MoCQ, a novel neuro-symbolic framework that combines the complementary strengths of Large Language Model (LLM) and classic vulnerability checkers to enable scalable, automated vulnerability detection. The key insight is to leverage an LLM to automatically generate vulnerability patterns and translate them into detection queries. Specifically, MoCQ incorporates an iterative loop in which an LLM refines queries based on carefully designed feedback information. The resulting queries are then executed to analyze large codebases and detect vulnerabilities. We evaluated MoCQ on 12 vulnerability types across four programming languages. MoCQ achieved comparable precision and recall compared to expert-developed queries, with significantly less expert time needed. MoCQ also uncovered 46 new vulnerability patterns that experts missed, each representing an overlooked vulnerability class. MoCQ further discovered seven previously unknown vulnerabilities in real-world applications.