为了解决真实Web应用攻击数据数量小、差异性大和攻击载荷多样化导致大模型训练效果差的问题,提出一种基于联邦大模型的网络攻击检测方法(Intrusion Detection methods based on Federal Large Language Model,FLLLMID).首先,提出一种...为了解决真实Web应用攻击数据数量小、差异性大和攻击载荷多样化导致大模型训练效果差的问题,提出一种基于联邦大模型的网络攻击检测方法(Intrusion Detection methods based on Federal Large Language Model,FLLLMID).首先,提出一种面向大模型微调的联邦学习网络,服务器对客户端本地大模型通过增量数据训练产生的参数,进行增量聚合的方式,提高联邦学习中大模型的参数聚合效率以及避免网络流量数据暴露的问题;其次,基于大模型对代码的理解能力,提出面向应用层数据的攻击检测模型(CodeBERT-LSTM),通过对应用层数据报文进行分析,使用CodeBERT模型对有效字段进行向量编码后,结合长短期记忆网络(Long Short-Term Memory,LSTM)进行分类,实现对Web应用高效的攻击检测任务;最后,实验结果表明,FL-LLMID方法在面向应用层数据的攻击检测任务中准确率达到99.63%,与传统联邦学习相比,增量式学习的效率提升了12个百分点.展开更多
Source code vulnerabilities present significant security threats,necessitating effective detection techniques.Rigid rule-sets and pattern matching are the foundation of traditional static analysis tools,which drown de...Source code vulnerabilities present significant security threats,necessitating effective detection techniques.Rigid rule-sets and pattern matching are the foundation of traditional static analysis tools,which drown developers in false positives and miss context-sensitive vulnerabilities.Large Language Models(LLMs)like BERT,in particular,are examples of artificial intelligence(AI)that exhibit promise but frequently lack transparency.In order to overcome the issues with model interpretability,this work suggests a BERT-based LLM strategy for vulnerability detection that incorporates Explainable AI(XAI)methods like SHAP and attention heatmaps.Furthermore,to ensure auditable and comprehensible choices,we present a transparency obligation structure that covers the whole LLM lifetime.Our experiments on a comprehensive and extensive source code DiverseVul dataset show that the proposed method outperform,attaining 92.3%detection accuracy and surpassing CodeT5(89.4%),GPT-3.5(85.1%),and GPT-4(88.7%)under the same evaluation scenario.Through integrated SHAP analysis,this exhibits improved detection capabilities while preserving explainability,which is a crucial advantage over black-box LLM alternatives in security contexts.The XAI analysis discovers crucial predictive tokens such as susceptible and function through SHAP framework.Furthermore,the local token interactions that support the decision-making of the model process are graphically highlighted via attention heatmaps.This method provides a workable solution for reliable vulnerability identification in software systems by effectively fusing high detection accuracy with model explainability.Our findings imply that transparent AI models are capable of successfully detecting security flaws while preserving interpretability for human analysts.展开更多
The Large Language Models (LLMs), such as GPT and BERT, were proposed for natural language processing (NLP) and have shown promising results as general-purpose language models. An increasing number of industry profess...The Large Language Models (LLMs), such as GPT and BERT, were proposed for natural language processing (NLP) and have shown promising results as general-purpose language models. An increasing number of industry professionals and researchers are adopting LLMs for program analysis tasks. However, one significant difference between programming languages and natural languages is that a programmer has the flexibility to assign any names to variables, methods, and functions in the program, whereas a natural language writer does not. Intuitively, the quality of naming in a program affects the performance of LLMs in program analysis tasks. This paper investigates how naming affects LLMs on code analysis tasks. Specifically, we create a set of datasets with code containing nonsense or misleading names for variables, methods, and functions, respectively. We then use well-trained models (CodeBERT) to perform code analysis tasks on these datasets. The experimental results show that naming has a significant impact on the performance of code analysis tasks based on LLMs, indicating that code representation learning based on LLMs heavily relies on well-defined names in code. Additionally, we conduct a case study on some special code analysis tasks using GPT, providing further insights.展开更多
文摘为了解决真实Web应用攻击数据数量小、差异性大和攻击载荷多样化导致大模型训练效果差的问题,提出一种基于联邦大模型的网络攻击检测方法(Intrusion Detection methods based on Federal Large Language Model,FLLLMID).首先,提出一种面向大模型微调的联邦学习网络,服务器对客户端本地大模型通过增量数据训练产生的参数,进行增量聚合的方式,提高联邦学习中大模型的参数聚合效率以及避免网络流量数据暴露的问题;其次,基于大模型对代码的理解能力,提出面向应用层数据的攻击检测模型(CodeBERT-LSTM),通过对应用层数据报文进行分析,使用CodeBERT模型对有效字段进行向量编码后,结合长短期记忆网络(Long Short-Term Memory,LSTM)进行分类,实现对Web应用高效的攻击检测任务;最后,实验结果表明,FL-LLMID方法在面向应用层数据的攻击检测任务中准确率达到99.63%,与传统联邦学习相比,增量式学习的效率提升了12个百分点.
文摘Source code vulnerabilities present significant security threats,necessitating effective detection techniques.Rigid rule-sets and pattern matching are the foundation of traditional static analysis tools,which drown developers in false positives and miss context-sensitive vulnerabilities.Large Language Models(LLMs)like BERT,in particular,are examples of artificial intelligence(AI)that exhibit promise but frequently lack transparency.In order to overcome the issues with model interpretability,this work suggests a BERT-based LLM strategy for vulnerability detection that incorporates Explainable AI(XAI)methods like SHAP and attention heatmaps.Furthermore,to ensure auditable and comprehensible choices,we present a transparency obligation structure that covers the whole LLM lifetime.Our experiments on a comprehensive and extensive source code DiverseVul dataset show that the proposed method outperform,attaining 92.3%detection accuracy and surpassing CodeT5(89.4%),GPT-3.5(85.1%),and GPT-4(88.7%)under the same evaluation scenario.Through integrated SHAP analysis,this exhibits improved detection capabilities while preserving explainability,which is a crucial advantage over black-box LLM alternatives in security contexts.The XAI analysis discovers crucial predictive tokens such as susceptible and function through SHAP framework.Furthermore,the local token interactions that support the decision-making of the model process are graphically highlighted via attention heatmaps.This method provides a workable solution for reliable vulnerability identification in software systems by effectively fusing high detection accuracy with model explainability.Our findings imply that transparent AI models are capable of successfully detecting security flaws while preserving interpretability for human analysts.
文摘The Large Language Models (LLMs), such as GPT and BERT, were proposed for natural language processing (NLP) and have shown promising results as general-purpose language models. An increasing number of industry professionals and researchers are adopting LLMs for program analysis tasks. However, one significant difference between programming languages and natural languages is that a programmer has the flexibility to assign any names to variables, methods, and functions in the program, whereas a natural language writer does not. Intuitively, the quality of naming in a program affects the performance of LLMs in program analysis tasks. This paper investigates how naming affects LLMs on code analysis tasks. Specifically, we create a set of datasets with code containing nonsense or misleading names for variables, methods, and functions, respectively. We then use well-trained models (CodeBERT) to perform code analysis tasks on these datasets. The experimental results show that naming has a significant impact on the performance of code analysis tasks based on LLMs, indicating that code representation learning based on LLMs heavily relies on well-defined names in code. Additionally, we conduct a case study on some special code analysis tasks using GPT, providing further insights.
