Leveraging Static Analysis for Feedback-Driven Security Patching in LLM-Generated Code
Guardat en:
| Publicat a: | Journal of Cybersecurity and Privacy vol. 5, no. 4 (2025), p. 110-139 |
|---|---|
| Autor principal: | |
| Altres autors: | , , |
| Publicat: |
MDPI AG
|
| Matèries: | |
| Accés en línia: | Citation/Abstract Full Text + Graphics Full Text - PDF |
| Etiquetes: |
Sense etiquetes, Sigues el primer a etiquetar aquest registre!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3286310480 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2624-800X | ||
| 024 | 7 | |a 10.3390/jcp5040110 |2 doi | |
| 035 | |a 3286310480 | ||
| 045 | 2 | |b d20251001 |b d20251231 | |
| 100 | 1 | |a Kamel, Alrashedy | |
| 245 | 1 | |a Leveraging Static Analysis for Feedback-Driven Security Patching in LLM-Generated Code | |
| 260 | |b MDPI AG |c 2025 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a Large language models (LLMs) have shown remarkable potential for automatic code generation. Yet, these models share a weakness with their human counterparts: inadvertently generating code with security vulnerabilities that could allow unauthorized attackers to access sensitive data or systems. In this work, we propose Feedback-Driven Security Patching (FDSP), wherein LLMs automatically refine vulnerable generated code. The key to our approach is a unique framework that leverages automatic static code analysis to enable the LLM to create and implement potential solutions to code vulnerabilities. Further, we curate a novel benchmark, PythonSecurityEval, that can accelerate progress in the field of code generation by covering diverse, real-world applications, including databases, websites, and operating systems. Our proposed FDSP approach achieves the strongest improvements, reducing vulnerabilities by up to 33% when evaluated with Bandit and 12% with CodeQL and outperforming baseline refinement methods. | |
| 653 | |a Language | ||
| 653 | |a Design | ||
| 653 | |a Coding standards | ||
| 653 | |a Datasets | ||
| 653 | |a Automation | ||
| 653 | |a Documentation | ||
| 653 | |a Feedback | ||
| 653 | |a Debugging | ||
| 653 | |a Access control | ||
| 653 | |a Large language models | ||
| 653 | |a Software engineering | ||
| 653 | |a Natural language | ||
| 653 | |a Benchmarks | ||
| 700 | 1 | |a Aljasser Abdullah | |
| 700 | 1 | |a Tambwekar Pradyumna | |
| 700 | 1 | |a Gombolay Matthew | |
| 773 | 0 | |t Journal of Cybersecurity and Privacy |g vol. 5, no. 4 (2025), p. 110-139 | |
| 786 | 0 | |d ProQuest |t ABI/INFORM Global | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3286310480/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text + Graphics |u https://www.proquest.com/docview/3286310480/fulltextwithgraphics/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3286310480/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |