Fine-tuning Large Language Models for Software Supply Chains Threats Mitigation

Thummala, Lakshman Reddy; Rachaboyina, Hemanth

Enkel sökning

Avancerad sökning -
Forskningspublikationer Avancerad sökning -
Studentuppsatser Statistik

Ändra sökning

Permanent länk

https://urn.kb.se/resolve?urn=urn:nbn:se:bth-27597

Direktlänk

http://bth.diva-portal.org/smash/record.jsf?pid=diva2:1944165

Referera

Referensformat

apa
ieee
modern-language-association-8th-edition
vancouver
Annat format

Fler format

Språk

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Annat språk

Fler språk

Utmatningsformat

html
text
asciidoc
rtf

Fine-tuning Large Language Models for Software Supply Chains Threats Mitigation

Thummala, Lakshman Reddy

Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för programvaruteknik.

Rachaboyina, Hemanth

Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för programvaruteknik.

2025 (Engelska)Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)

Abstract [en]

The growing complexity and interconnectivity of software supply chains have elevated the risks of security threats, demanding innovative solutions. This thesis investigates the fine-tuning of Large Language Models (LLMs), particularly Microsoft Phi-2, to enhance their ability to identify and mitigate software supply chain vulnerabilities. Using advanced techniques such as Parameter-Efficient Fine-Tuning (PEFT) with Low-Rank Adaptation (LoRA), the Phi-2 model was trained on a domain-specific dataset comprising incident reports, threat intelligence data, and best practices.

The methodology encompasses a rigorous evaluation process using quantitative metrics, including ROUGE, BERTScore, and BLEURT, supplemented by qualitative insights derived from semi-structured interviews with cybersecurity experts. The in[1]terviews revealed valuable perspectives on the practical applicability of the fine-tuned model in addressing real-world threats such as compromised third-party components, open-source dependency vulnerabilities, and emerging attack patterns.

The fine-tuned model exhibited significant improvements in generating contex[1]tually relevant, precise, and actionable threat mitigation strategies compared to its baseline. The findings demonstrate that domain-specific fine-tuning of LLMs is a vi[1]able approach for advancing automated threat detection and response capabilities in software supply chains. This research provides a robust framework for integrating AI[1]driven solutions into the software development lifecycle, contributing to the fields of software engineering and cybersecurity by improving resilience against supply chain attacks.

Ort, förlag, år, upplaga, sidor

2025. , s. 74

Nyckelord [en]

Large Language Models, Fine-Tuning, Software Supply Chain Security, Threat Mitigation, Cybersecurity, Microsoft Phi-2, Low-Rank Adaptation (LoRA), ParameterEfficient Fine-Tuning (PEFT), Automated Threat Detection, Software Engineering

Nationell ämneskategori

Programvaruteknik

Identifikatorer

URN: urn:nbn:se:bth-27597OAI: oai:DiVA.org:bth-27597DiVA, id: diva2:1944165

Ämne / kurs

PA2534 Masterarbete i programvaruteknik

Utbildningsprogram

PAADA Plan för kvalifikation till masterexamen inom programvaruteknik 120,0 hp

Handledare

Oleksandr, Adamov

Examinatorer

Unterkalmsteiner, Michael

Tillgänglig från: 2025-03-18 Skapad: 2025-03-12 Senast uppdaterad: 2025-09-30Bibliografiskt granskad

Open Access i DiVA

fulltext(1564 kB)

418 nedladdningar

Filinformation

Filnamn FULLTEXT01.pdfFilstorlek 1564 kBChecksumma SHA-512

48f0051b4026839243c05d7bc343f05c1492906f62e3c84a0761723117711bbc347276a8b66ca2067c93f28442de6669c46d6a1f0e2e3bd32d6860dffad177f8

Typ fulltextMimetyp application/pdf

Totalt: 418 nedladdningar

Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Totalt: 911 träffar

Referera ExporteraLänk till posten

Permanent länk

https://urn.kb.se/resolve?urn=urn:nbn:se:bth-27597

Direktlänk

http://bth.diva-portal.org/smash/record.jsf?pid=diva2:1944165

Referera

Referensformat

apa
ieee
modern-language-association-8th-edition
vancouver
Annat format

Fler format

Språk

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Annat språk

Fler språk

Utmatningsformat

html
text
asciidoc
rtf

v. 2.47.0

WCAG

BTHs bibliotek

Publicera

Hur jag publicerar/registrerar

Diva portal

SwePub

Uppsök