{"title":"Security Analysis of Large Language Models on API Misuse Programming Repair","authors":"Rui Zhang, Ziyue Qiao, Yong Yu","doi":"10.1155/2024/7135765","DOIUrl":null,"url":null,"abstract":"<div>\n <p>Application programming interface (API) misuse refers to misconceptions or carelessness in the anticipated usage of APIs, threatening the software system’s security. Moreover, API misuses demonstrate significant concealment and are challenging to uncover. Recent advancements have explored enhanced LLMs in a variety of software engineering (SE) activities, such as code repair. Nonetheless, the security implications of using LLMs for these purposes remain underexplored, particularly concerning the issue of API misuse. In this paper, we present an empirical study to observe the bug-fixing capabilities of LLMs in addressing API misuse related to monitoring resource management (MRM API misuse). Initially, we propose APImisRepair, a real-world benchmark for repairing MRM API misuse, including buggy programs, corresponding fixed programs, and descriptions of API misuse. Subsequently, we assess the performance of several LLMs using the APImisRepair benchmark. Findings reveal the vulnerabilities of LLMs in repairing MRM API misuse and find several reasons, encompassing factors such as fault localization and a lack of awareness regarding API misuse. Additionally, we have insights on improving LLMs in terms of their ability to fix MRM API misuse and introduce a crafted approach, APImisAP. Experimental results demonstrate that APImisAP exhibits a certain degree of improvement in the security of LLMs.</p>\n </div>","PeriodicalId":14089,"journal":{"name":"International Journal of Intelligent Systems","volume":"2024 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1155/2024/7135765","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1155/2024/7135765","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Application programming interface (API) misuse refers to misconceptions or carelessness in the anticipated usage of APIs, threatening the software system’s security. Moreover, API misuses demonstrate significant concealment and are challenging to uncover. Recent advancements have explored enhanced LLMs in a variety of software engineering (SE) activities, such as code repair. Nonetheless, the security implications of using LLMs for these purposes remain underexplored, particularly concerning the issue of API misuse. In this paper, we present an empirical study to observe the bug-fixing capabilities of LLMs in addressing API misuse related to monitoring resource management (MRM API misuse). Initially, we propose APImisRepair, a real-world benchmark for repairing MRM API misuse, including buggy programs, corresponding fixed programs, and descriptions of API misuse. Subsequently, we assess the performance of several LLMs using the APImisRepair benchmark. Findings reveal the vulnerabilities of LLMs in repairing MRM API misuse and find several reasons, encompassing factors such as fault localization and a lack of awareness regarding API misuse. Additionally, we have insights on improving LLMs in terms of their ability to fix MRM API misuse and introduce a crafted approach, APImisAP. Experimental results demonstrate that APImisAP exhibits a certain degree of improvement in the security of LLMs.
应用程序接口(API)滥用是指在预期使用 API 时出现误解或疏忽,从而威胁到软件系统的安全。此外,应用程序接口误用具有很大的隐蔽性,揭露起来也很困难。最近的进展是在代码修复等各种软件工程(SE)活动中探索增强型 LLM。然而,将 LLMs 用于这些目的的安全影响仍未得到充分探索,尤其是在 API 滥用问题上。在本文中,我们介绍了一项实证研究,以观察 LLM 在解决与监控资源管理相关的 API 滥用(MRM API 滥用)方面的错误修复能力。首先,我们提出了 APImisRepair,这是一个用于修复 MRM API 滥用的真实世界基准,其中包括错误程序、相应的修复程序以及 API 滥用的描述。随后,我们使用 APImisRepair 基准评估了几种 LLM 的性能。研究结果揭示了 LLM 在修复 MRM API 误用方面的漏洞,并发现了若干原因,其中包括故障定位和缺乏对 API 误用的认识等因素。此外,我们还就如何提高 LLM 修复 MRM API 误用的能力提出了见解,并介绍了一种精心设计的方法 APImisAP。实验结果表明,APImisAP 在一定程度上提高了 LLM 的安全性。
期刊介绍:
The International Journal of Intelligent Systems serves as a forum for individuals interested in tapping into the vast theories based on intelligent systems construction. With its peer-reviewed format, the journal explores several fascinating editorials written by today''s experts in the field. Because new developments are being introduced each day, there''s much to be learned — examination, analysis creation, information retrieval, man–computer interactions, and more. The International Journal of Intelligent Systems uses charts and illustrations to demonstrate these ground-breaking issues, and encourages readers to share their thoughts and experiences.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
