关于 API 滥用编程修复的大型语言模型的安全分析

IF 5 2区 计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE
Rui Zhang, Ziyue Qiao, Yong Yu
{"title":"关于 API 滥用编程修复的大型语言模型的安全分析","authors":"Rui Zhang,&nbsp;Ziyue Qiao,&nbsp;Yong Yu","doi":"10.1155/2024/7135765","DOIUrl":null,"url":null,"abstract":"<div>\n <p>Application programming interface (API) misuse refers to misconceptions or carelessness in the anticipated usage of APIs, threatening the software system’s security. Moreover, API misuses demonstrate significant concealment and are challenging to uncover. Recent advancements have explored enhanced LLMs in a variety of software engineering (SE) activities, such as code repair. Nonetheless, the security implications of using LLMs for these purposes remain underexplored, particularly concerning the issue of API misuse. In this paper, we present an empirical study to observe the bug-fixing capabilities of LLMs in addressing API misuse related to monitoring resource management (MRM API misuse). Initially, we propose APImisRepair, a real-world benchmark for repairing MRM API misuse, including buggy programs, corresponding fixed programs, and descriptions of API misuse. Subsequently, we assess the performance of several LLMs using the APImisRepair benchmark. Findings reveal the vulnerabilities of LLMs in repairing MRM API misuse and find several reasons, encompassing factors such as fault localization and a lack of awareness regarding API misuse. Additionally, we have insights on improving LLMs in terms of their ability to fix MRM API misuse and introduce a crafted approach, APImisAP. Experimental results demonstrate that APImisAP exhibits a certain degree of improvement in the security of LLMs.</p>\n </div>","PeriodicalId":14089,"journal":{"name":"International Journal of Intelligent Systems","volume":"2024 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1155/2024/7135765","citationCount":"0","resultStr":"{\"title\":\"Security Analysis of Large Language Models on API Misuse Programming Repair\",\"authors\":\"Rui Zhang,&nbsp;Ziyue Qiao,&nbsp;Yong Yu\",\"doi\":\"10.1155/2024/7135765\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n <p>Application programming interface (API) misuse refers to misconceptions or carelessness in the anticipated usage of APIs, threatening the software system’s security. Moreover, API misuses demonstrate significant concealment and are challenging to uncover. Recent advancements have explored enhanced LLMs in a variety of software engineering (SE) activities, such as code repair. Nonetheless, the security implications of using LLMs for these purposes remain underexplored, particularly concerning the issue of API misuse. In this paper, we present an empirical study to observe the bug-fixing capabilities of LLMs in addressing API misuse related to monitoring resource management (MRM API misuse). Initially, we propose APImisRepair, a real-world benchmark for repairing MRM API misuse, including buggy programs, corresponding fixed programs, and descriptions of API misuse. Subsequently, we assess the performance of several LLMs using the APImisRepair benchmark. Findings reveal the vulnerabilities of LLMs in repairing MRM API misuse and find several reasons, encompassing factors such as fault localization and a lack of awareness regarding API misuse. Additionally, we have insights on improving LLMs in terms of their ability to fix MRM API misuse and introduce a crafted approach, APImisAP. Experimental results demonstrate that APImisAP exhibits a certain degree of improvement in the security of LLMs.</p>\\n </div>\",\"PeriodicalId\":14089,\"journal\":{\"name\":\"International Journal of Intelligent Systems\",\"volume\":\"2024 1\",\"pages\":\"\"},\"PeriodicalIF\":5.0000,\"publicationDate\":\"2024-11-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1155/2024/7135765\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Intelligent Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1155/2024/7135765\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1155/2024/7135765","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0

摘要

应用程序接口(API)滥用是指在预期使用 API 时出现误解或疏忽,从而威胁到软件系统的安全。此外,应用程序接口误用具有很大的隐蔽性,揭露起来也很困难。最近的进展是在代码修复等各种软件工程(SE)活动中探索增强型 LLM。然而,将 LLMs 用于这些目的的安全影响仍未得到充分探索,尤其是在 API 滥用问题上。在本文中,我们介绍了一项实证研究,以观察 LLM 在解决与监控资源管理相关的 API 滥用(MRM API 滥用)方面的错误修复能力。首先,我们提出了 APImisRepair,这是一个用于修复 MRM API 滥用的真实世界基准,其中包括错误程序、相应的修复程序以及 API 滥用的描述。随后,我们使用 APImisRepair 基准评估了几种 LLM 的性能。研究结果揭示了 LLM 在修复 MRM API 误用方面的漏洞,并发现了若干原因,其中包括故障定位和缺乏对 API 误用的认识等因素。此外,我们还就如何提高 LLM 修复 MRM API 误用的能力提出了见解,并介绍了一种精心设计的方法 APImisAP。实验结果表明,APImisAP 在一定程度上提高了 LLM 的安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Security Analysis of Large Language Models on API Misuse Programming Repair

Security Analysis of Large Language Models on API Misuse Programming Repair

Application programming interface (API) misuse refers to misconceptions or carelessness in the anticipated usage of APIs, threatening the software system’s security. Moreover, API misuses demonstrate significant concealment and are challenging to uncover. Recent advancements have explored enhanced LLMs in a variety of software engineering (SE) activities, such as code repair. Nonetheless, the security implications of using LLMs for these purposes remain underexplored, particularly concerning the issue of API misuse. In this paper, we present an empirical study to observe the bug-fixing capabilities of LLMs in addressing API misuse related to monitoring resource management (MRM API misuse). Initially, we propose APImisRepair, a real-world benchmark for repairing MRM API misuse, including buggy programs, corresponding fixed programs, and descriptions of API misuse. Subsequently, we assess the performance of several LLMs using the APImisRepair benchmark. Findings reveal the vulnerabilities of LLMs in repairing MRM API misuse and find several reasons, encompassing factors such as fault localization and a lack of awareness regarding API misuse. Additionally, we have insights on improving LLMs in terms of their ability to fix MRM API misuse and introduce a crafted approach, APImisAP. Experimental results demonstrate that APImisAP exhibits a certain degree of improvement in the security of LLMs.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Intelligent Systems
International Journal of Intelligent Systems 工程技术-计算机:人工智能
CiteScore
11.30
自引率
14.30%
发文量
304
审稿时长
9 months
期刊介绍: The International Journal of Intelligent Systems serves as a forum for individuals interested in tapping into the vast theories based on intelligent systems construction. With its peer-reviewed format, the journal explores several fascinating editorials written by today''s experts in the field. Because new developments are being introduced each day, there''s much to be learned — examination, analysis creation, information retrieval, man–computer interactions, and more. The International Journal of Intelligent Systems uses charts and illustrations to demonstrate these ground-breaking issues, and encourages readers to share their thoughts and experiences.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信