Improved Labeling of Security Defects in Code Review by Active Learning with LLMs

Johannes Härtel

doi:10.1145/3756681.3756986

Improved Labeling of Security Defects in Code Review by Active Learning with LLMs

Johannes Härtel^*

^*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Mining high-quality datasets of security defects is important for cybersecurity. In this paper, we focus on mining a dataset of reviews that discuss potential security defects in code or other artifacts. Mining such datasets often involves labeling, and this is challenging because security defects are rare.We investigate the use of active learning with a fine-tuned large language model to make the mining and labeling of such datasets more effective. Our simulations demonstrate that active learning can increase the effectivity of human annotators by a factor of 13. This means we can produce datasets with 13 times more defects than found in random samples of the same size. We conducted an empirical study on over four million unlabeled reviews from GitHub, showing that active learning increases the effectiveness by a factor bigger than 6. In total, 246 out of 1298 labeled reviews can be identified as discussing security defects. We do not depend on a keyword list for upfront candidate selection but dynamically evolve an LLM for this.Our work holds the potential to inspire future research in this area, resolving rare class and imbalance problems at the root where they appear, by adjusting the mining and labeling of the datasets. Our final dataset and model are publicly available.

Original language	English
Title of host publication	EASE '25: Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering
Editors	Muhammad Ali Babar, Ayse Tosun, Stefan Wagner, Viktoria Stray
Publisher	Association for Computing Machinery, Inc
Pages	1014-1023
Number of pages	10
ISBN (Electronic)	9798400713859
DOIs	https://doi.org/10.1145/3756681.3756986
Publication status	Published - 2025
Event	29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025 - Istanbul, Turkey Duration: 17 Jun 2025 → 20 Jun 2025

Conference

Conference	29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025
Country/Territory	Turkey
City	Istanbul
Period	17/06/25 → 20/06/25

Bibliographical note

Publisher Copyright:
© 2025 Copyright held by the owner/author(s).

Keywords

active learning
code review
cybersecurity
dataset curation
empirical study.
manual labeling
Security defects
simulation

Access to Document

10.1145/3756681.3756986Licence: CC BY

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{ac98eaee0785414ebca844f25978e3f2,

title = "Improved Labeling of Security Defects in Code Review by Active Learning with LLMs",

abstract = "Mining high-quality datasets of security defects is important for cybersecurity. In this paper, we focus on mining a dataset of reviews that discuss potential security defects in code or other artifacts. Mining such datasets often involves labeling, and this is challenging because security defects are rare.We investigate the use of active learning with a fine-tuned large language model to make the mining and labeling of such datasets more effective. Our simulations demonstrate that active learning can increase the effectivity of human annotators by a factor of 13. This means we can produce datasets with 13 times more defects than found in random samples of the same size. We conducted an empirical study on over four million unlabeled reviews from GitHub, showing that active learning increases the effectiveness by a factor bigger than 6. In total, 246 out of 1298 labeled reviews can be identified as discussing security defects. We do not depend on a keyword list for upfront candidate selection but dynamically evolve an LLM for this.Our work holds the potential to inspire future research in this area, resolving rare class and imbalance problems at the root where they appear, by adjusting the mining and labeling of the datasets. Our final dataset and model are publicly available.",

keywords = "active learning, code review, cybersecurity, dataset curation, empirical study., manual labeling, Security defects, simulation",

author = "Johannes H{\"a}rtel",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025 ; Conference date: 17-06-2025 Through 20-06-2025",

year = "2025",

doi = "10.1145/3756681.3756986",

language = "English",

pages = "1014--1023",

editor = "Babar, \{Muhammad Ali\} and Ayse Tosun and Stefan Wagner and Viktoria Stray",

booktitle = "EASE '25: Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering",

publisher = "Association for Computing Machinery, Inc",

}

Härtel, J 2025, Improved Labeling of Security Defects in Code Review by Active Learning with LLMs. in MA Babar, A Tosun, S Wagner & V Stray (eds), EASE '25: Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering. Association for Computing Machinery, Inc, pp. 1014-1023, 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025, Istanbul, Turkey, 17/06/25. https://doi.org/10.1145/3756681.3756986

Improved Labeling of Security Defects in Code Review by Active Learning with LLMs. / Härtel, Johannes.
EASE '25: Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering. ed. / Muhammad Ali Babar; Ayse Tosun; Stefan Wagner; Viktoria Stray. Association for Computing Machinery, Inc, 2025. p. 1014-1023.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Improved Labeling of Security Defects in Code Review by Active Learning with LLMs

AU - Härtel, Johannes

PY - 2025

Y1 - 2025

N2 - Mining high-quality datasets of security defects is important for cybersecurity. In this paper, we focus on mining a dataset of reviews that discuss potential security defects in code or other artifacts. Mining such datasets often involves labeling, and this is challenging because security defects are rare.We investigate the use of active learning with a fine-tuned large language model to make the mining and labeling of such datasets more effective. Our simulations demonstrate that active learning can increase the effectivity of human annotators by a factor of 13. This means we can produce datasets with 13 times more defects than found in random samples of the same size. We conducted an empirical study on over four million unlabeled reviews from GitHub, showing that active learning increases the effectiveness by a factor bigger than 6. In total, 246 out of 1298 labeled reviews can be identified as discussing security defects. We do not depend on a keyword list for upfront candidate selection but dynamically evolve an LLM for this.Our work holds the potential to inspire future research in this area, resolving rare class and imbalance problems at the root where they appear, by adjusting the mining and labeling of the datasets. Our final dataset and model are publicly available.

AB - Mining high-quality datasets of security defects is important for cybersecurity. In this paper, we focus on mining a dataset of reviews that discuss potential security defects in code or other artifacts. Mining such datasets often involves labeling, and this is challenging because security defects are rare.We investigate the use of active learning with a fine-tuned large language model to make the mining and labeling of such datasets more effective. Our simulations demonstrate that active learning can increase the effectivity of human annotators by a factor of 13. This means we can produce datasets with 13 times more defects than found in random samples of the same size. We conducted an empirical study on over four million unlabeled reviews from GitHub, showing that active learning increases the effectiveness by a factor bigger than 6. In total, 246 out of 1298 labeled reviews can be identified as discussing security defects. We do not depend on a keyword list for upfront candidate selection but dynamically evolve an LLM for this.Our work holds the potential to inspire future research in this area, resolving rare class and imbalance problems at the root where they appear, by adjusting the mining and labeling of the datasets. Our final dataset and model are publicly available.

KW - active learning

KW - code review

KW - cybersecurity

KW - dataset curation

KW - empirical study.

KW - manual labeling

KW - Security defects

KW - simulation

UR - https://www.scopus.com/pages/publications/105027187702

UR - https://www.scopus.com/pages/publications/105027187702#tab=citedBy

U2 - 10.1145/3756681.3756986

DO - 10.1145/3756681.3756986

M3 - Conference contribution

AN - SCOPUS:105027187702

SP - 1014

EP - 1023

BT - EASE '25: Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering

A2 - Babar, Muhammad Ali

A2 - Tosun, Ayse

A2 - Wagner, Stefan

A2 - Stray, Viktoria

PB - Association for Computing Machinery, Inc

T2 - 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025

Y2 - 17 June 2025 through 20 June 2025

ER -

Improved Labeling of Security Defects in Code Review by Active Learning with LLMs

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this