CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse

Heewon Baek; Minwook Lee; Hyoungshick Kim

doi:10.1007/978-3-031-70879-4_18

CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse

Heewon Baek
, Minwook Lee
, Hyoungshick Kim

Department of Computer Science and Engineering

Sungkyunkwan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

We propose CryptoLLM, a novel static analysis tool leveraging large language models (LLMs) to detect cryptographic API misuse vulnerabilities. Integrating optimized code slicing with fine-tuned LLMs, CryptoLLM achieves superior detection capabilities. After evaluating four models, we recommend CodeT5. CryptoLLM outperforms existing rule-based tools such as CryptoGuard, CogniCrypt, and SpotBugs on the CryptoAPI-Bench dataset (F1 score: 0.935). For unseen real-world Android apps, with a 20-minute analysis limit, CryptoLLM achieved the highest F1 score of 0.898, analyzing all apps without errors, while other tools failed to analyze a significant proportion, with CryptoGuard’s highest F1 score at 0.645. Although CryptoLLM ’s performance initially dropped to 0.749 F1 score on mutated code, retraining with augmented data improved it to 0.988, demonstrating adaptability across diverse datasets.

Original language	English
Title of host publication	Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings
Editors	Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	353-373
Number of pages	21
ISBN (Print)	9783031708787
DOIs	https://doi.org/10.1007/978-3-031-70879-4_18
State	Published - 2024
Event	29th European Symposium on Research in Computer Security, ESORICS 2024 - Bydgoszcz, Poland Duration: 16 Sep 2024 → 20 Sep 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14982 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	29th European Symposium on Research in Computer Security, ESORICS 2024
Country/Territory	Poland
City	Bydgoszcz
Period	16/09/24 → 20/09/24

Access to Document

10.1007/978-3-031-70879-4_18

Cite this

Baek, H., Lee, M., & Kim, H. (2024). CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse. In J. Garcia-Alfaro, R. Kozik, M. Choraś, & S. Katsikas (Eds.), Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings (pp. 353-373). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14982 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-70879-4_18

Baek, Heewon ; Lee, Minwook ; Kim, Hyoungshick. / CryptoLLM : Harnessing the Power of LLMs to Detect Cryptographic API Misuse. Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings. editor / Joaquin Garcia-Alfaro ; Rafał Kozik ; Michał Choraś ; Sokratis Katsikas. Springer Science and Business Media Deutschland GmbH, 2024. pp. 353-373 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{dc17f6e7066b4dc3be3d27e3f401dd42,

title = "CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse",

abstract = "We propose CryptoLLM, a novel static analysis tool leveraging large language models (LLMs) to detect cryptographic API misuse vulnerabilities. Integrating optimized code slicing with fine-tuned LLMs, CryptoLLM achieves superior detection capabilities. After evaluating four models, we recommend CodeT5. CryptoLLM outperforms existing rule-based tools such as CryptoGuard, CogniCrypt, and SpotBugs on the CryptoAPI-Bench dataset (F1 score: 0.935). For unseen real-world Android apps, with a 20-minute analysis limit, CryptoLLM achieved the highest F1 score of 0.898, analyzing all apps without errors, while other tools failed to analyze a significant proportion, with CryptoGuard{\textquoteright}s highest F1 score at 0.645. Although CryptoLLM {\textquoteright}s performance initially dropped to 0.749 F1 score on mutated code, retraining with augmented data improved it to 0.988, demonstrating adaptability across diverse datasets.",

author = "Heewon Baek and Minwook Lee and Hyoungshick Kim",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; 29th European Symposium on Research in Computer Security, ESORICS 2024 ; Conference date: 16-09-2024 Through 20-09-2024",

year = "2024",

doi = "10.1007/978-3-031-70879-4\_18",

language = "English",

isbn = "9783031708787",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "353--373",

editor = "Joaquin Garcia-Alfaro and Rafa{\l} Kozik and Micha{\l} Chora{\'s} and Sokratis Katsikas",

booktitle = "Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings",

}

Baek, H, Lee, M & Kim, H 2024, CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse. in J Garcia-Alfaro, R Kozik, M Choraś & S Katsikas (eds), Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14982 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 353-373, 29th European Symposium on Research in Computer Security, ESORICS 2024, Bydgoszcz, Poland, 16/09/24. https://doi.org/10.1007/978-3-031-70879-4_18

CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse. / Baek, Heewon; Lee, Minwook; Kim, Hyoungshick.
Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings. ed. / Joaquin Garcia-Alfaro; Rafał Kozik; Michał Choraś; Sokratis Katsikas. Springer Science and Business Media Deutschland GmbH, 2024. p. 353-373 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14982 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - CryptoLLM

T2 - 29th European Symposium on Research in Computer Security, ESORICS 2024

AU - Baek, Heewon

AU - Lee, Minwook

AU - Kim, Hyoungshick

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024

Y1 - 2024

N2 - We propose CryptoLLM, a novel static analysis tool leveraging large language models (LLMs) to detect cryptographic API misuse vulnerabilities. Integrating optimized code slicing with fine-tuned LLMs, CryptoLLM achieves superior detection capabilities. After evaluating four models, we recommend CodeT5. CryptoLLM outperforms existing rule-based tools such as CryptoGuard, CogniCrypt, and SpotBugs on the CryptoAPI-Bench dataset (F1 score: 0.935). For unseen real-world Android apps, with a 20-minute analysis limit, CryptoLLM achieved the highest F1 score of 0.898, analyzing all apps without errors, while other tools failed to analyze a significant proportion, with CryptoGuard’s highest F1 score at 0.645. Although CryptoLLM ’s performance initially dropped to 0.749 F1 score on mutated code, retraining with augmented data improved it to 0.988, demonstrating adaptability across diverse datasets.

AB - We propose CryptoLLM, a novel static analysis tool leveraging large language models (LLMs) to detect cryptographic API misuse vulnerabilities. Integrating optimized code slicing with fine-tuned LLMs, CryptoLLM achieves superior detection capabilities. After evaluating four models, we recommend CodeT5. CryptoLLM outperforms existing rule-based tools such as CryptoGuard, CogniCrypt, and SpotBugs on the CryptoAPI-Bench dataset (F1 score: 0.935). For unseen real-world Android apps, with a 20-minute analysis limit, CryptoLLM achieved the highest F1 score of 0.898, analyzing all apps without errors, while other tools failed to analyze a significant proportion, with CryptoGuard’s highest F1 score at 0.645. Although CryptoLLM ’s performance initially dropped to 0.749 F1 score on mutated code, retraining with augmented data improved it to 0.988, demonstrating adaptability across diverse datasets.

UR - https://www.scopus.com/pages/publications/85204377260

U2 - 10.1007/978-3-031-70879-4_18

DO - 10.1007/978-3-031-70879-4_18

M3 - Conference contribution

AN - SCOPUS:85204377260

SN - 9783031708787

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 353

EP - 373

BT - Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings

A2 - Garcia-Alfaro, Joaquin

A2 - Kozik, Rafał

A2 - Choraś, Michał

A2 - Katsikas, Sokratis

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 16 September 2024 through 20 September 2024

ER -

Baek H, Lee M, Kim H. CryptoLLM: Harnessing the Power of LLMs to Detect Cryptographic API Misuse. In Garcia-Alfaro J, Kozik R, Choraś M, Katsikas S, editors, Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 353-373. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-70879-4_18