Kim, Dae-KyooAnanbeh, ObiedaLu, LunjinLi, LiMing, Hua2026-03-032026-03-032025-01-01https://hdl.handle.net/10323/21869Software vulnerabilities pose a significant threat to the security of systems. While much of the existing research focuses on detecting vulnerabilities, the potential of refactoring for vulnerability mitigation has not been explored much. To bridge this gap, this work introduces a set of refactoring techniques aimed at mitigating various types of vulnerabilities. The process begins by categorizing vulnerabilities based on the weakness types defined in the CWE system, concentrating on eight categories that pose significant risks. For each CWE within each category, five samples are generated using ChatGPT, resulting in a dataset of 405 samples. These samples are rigorously analyzed manually for their validity. Based on the dataset, the characteristics of each category are identified, the core problem within the category is defined, and a specific refactoring solution is developed to address it. These techniques are evaluated using the Snyk tool on twenty-one active open-source projects. The results demonstrate an 89% reduction in vulnerabilities after applying the refactoring techniques, providing insights on enhancing software security through refactoring-based strategies. Building upon this foundation, this work introduces VulnFixAI, an automated tool designed to detect and repair various types of vulnerabilities in Java code by integrating refactoring techniques with fine-tuned domain-specific large language models (DSLLMs). Specifically, VulnFixAI implements three targeted refactoring algorithms, Whitelist Validation Refactoring (WVR), Output Safety Refactoring (OSR), and TrustChain Verification Refactoring (TCVR), which were selected for their demonstrated effectiveneess against prevalent CWE vulnerabilities identified in the initial study. A dataset of 10,000 vulnerabile Java snippets was collected, extracted from 907 open-source, and fine-tuned Llama 3.2 (3B parameters) model to enhance vulnerability detection and automated repair. VulnFixAI was evaluated on 20 real-world open-source projects listed in the GitHub Advisory Database. The results demonstrate an 89% overall effectiveness in detecting and repairing vulnerabilities, representing a 51% improvement over non-fine-tuned Llama 3.2 (3B) and an average 27% improvement over other LLMs, including ChatGPT4, Claude 3.5 Sonnet, and Gemini 2.0 Flash. These findings underscore how VulnFixAI's hybrid approach, integrating fine-tuned DSLLMs and refactoring algorithms, provides an efficient, scalable, and highly effective solution for enhancing software security. This work introduces eight novel refactoring techniques specifically designed to address the root causes of vulnerabilities and presents VulnFix AI, an automated tool that integrates these techniques with DSLLMs to detect and repair vulnerabilities with high precision. Evaluated on 20 real-world projects, VulnFixAI achieved an overall effectiveness rate of 89&, significantly outperforming leading LLMs such as ChatGPT-4 74%, Claude 3.5 Sonnet 70%, Gemini 2.0 Flash 67%, and non-fine-tuned Llama 3.2 59%. These results demonstrate VulnFixAI's superior ability to identify and repair vulnerabilities through domain-specific tuning and structured refactoringArtificial Intelligence in Software SecurityAutomated Vulnerability RepairDomain-specific large language modelsRefactoring techniquesSecure Code RefactoringSoftware securityDomain-Specific LLMS-Based Refactoring Techniques for Software Vulnerabilities