AI Code Generators for Security: Friend or Foe?
Authors: 
Roberto Natella, Pietro Liguori, Cristina Improta, Bojan Cukic, Domenico CotroneoAuthors Info & Claims
Abstract
Recent advances of artificial intelligence (AI) code generators are opening new opportunities in software security research, including misuse by malicious actors. We review use cases for AI code generators for security and introduce an evaluation benchmark.
References
[1]
T. O’Connor, Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. Oxford, U.K.: Newnes, 2012.
[2]
P. Liguori, E. Al-Hossami, D. Cotroneo, R. Natella, B. Cukic, and S. Shaikh, “Can we generate shellcodes via natural language? An empirical study,” Automated Softw. Eng., vol. 29, no. 1, p. 30, Mar. 2022.
[3]
P. Liguori et al., “EVIL: Exploiting software via natural language,” in Proc. 32nd IEEE Int. Symp. Softw. Rel. Eng. (ISSRE), Wuhan, China, Z. Jin, X. Li, J. Xiang, L. Mariani, T. Liu, X. Yu, and N. Ivaki, Eds., Piscataway, NJ, USA: IEEE, Oct. 25–28, 2021, pp. 321–332.
[4]
C. Zhou et al., “LIMA: Less is more for alignment,” 2023,.
[5]
P. Liguori, C. Improta, R. Natella, B. Cukic, and D. Cotroneo, “Who evaluates the evaluators? On automatic metrics for assessing AI-based offensive code generators,” Expert Syst. Appl., vol. 225, Sep. 2023, Art. 120073.
[6]
A. Svyatkovskiy, S. K. Deng, S. Fu, and N. Sundaresan, “IntelliCode compose: Code generation using transformer,” in Proc. 28th ACM Joint Eur. Softw. Eng. Conf. Symp. Found. Softw. Eng. (ESEC/FSE), P. Devanbu, M. B. Cohen, and T. Zimmermann, Eds., ACM, Nov. 8–13, 2020, pp. 1433–1443.
[7]
G. Yang, Y. Zhou, X. Chen, X. Zhang, T. Han, and T. Chen, “ExploitGen: Template-augmented exploit code generation based on codeBERT,” J. Syst. Softw., vol. 197, Mar. 2023, Art. no. 111577.
[8]
H. Kim and J. Ben-Othman, “Eco-friendly low resource security surveillance framework toward green ai digital twin,” IEEE Commun. Lett., vol. 27, no. 1, pp. 377–380, Jan. 2023.
[9]
G. Yang, X. Chen, Y. Zhou, and C. Yu, “DualSC: Automatic generation and summarization of shellcode via transformer and dual learning,” in Proc. IEEE Int. Conf. Softw. Anal., Evol. Reeng. (SANER), Honolulu, HI, USA, Mar. 15–18, 2022, pp. 361–372.
[10]
Y. Xiao, W. Song, J. Qi, B. Viswanath, P. D. McDaniel, and D. Yao, “Specializing neural networks for cryptographic code completion applications,” IEEE Trans. Softw. Eng, vol. 49, no. 6, pp. 3524–3535, Jun. 2023.
[11]
T. R. McIntosh et al., “Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation,” Comput. Secur., vol. 134, Nov. 2023, Art. no. 103424.
[12]
Y. M. P. Pa, S. Tanizaki, T. Kou, M. van Eeten, K. Yoshioka, and T. Matsumoto, “An attacker’s dream? Exploring the capabilities of ChatGPT for developing malware,” in Proc. Cyber Secur. Experimentation Test Workshop (CSET), Marina del Rey, CA, USA. New York, NY, USA: ACM, Aug. 7–8, 2023. pp. 10–18.
[13]
M. Gupta, C. Akiri, K. Aryal, E. Parker, and L. Praharaj, “From ChatGPT to ThreatGPT: Impact of generative AI in cybersecurity and privacy,” IEEE Access, vol. 11, pp. 80,218–80,245, Aug. 2023.
[14]
M. Botacin, “GPThreats-3: Is automatic malware generation a threat?” in Proc. IEEE Secur. Privacy Workshops (SPW), San Francisco, CA, USA. Piscataway, NJ, USA: IEEE, May 25, 2023. pp. 238–254.
[15]
S. Grigoriadou et al., “Hunting IoT cyberattacks with AI - Powered intrusion detection,” in Proc. IEEE Int. Conf. Cyber Secur. Resilience (CSR), Venice, Italy. Piscataway, NJ, USA: IEEE, Jul. 31/Aug. 2, 2023. 2023, pp. 142–147.
Index Terms
- AI Code Generators for Security: Friend or Foe?
Index terms have been assigned to the content through auto-classification.
Recommendations
AI as a friend or assistant: The mediating role of perceived usefulness in social AI vs. functional AI
Highlights- The study explores people’s perceptions toward social AI vs. functional AI.
- ...
AbstractAdvents of new technology have transformed how we currently view and use artificial intelligence (AI). Originally, AI was first developed to assist humans to complete tasks, but AI now takes on more social roles, such as functioning as ...
The Friend: Socially-Intelligent Tutoring and Collaboration
Proceedings of the 2009 conference on Artificial Intelligence in Education: Building Learning Systems that Care: From Knowledge Representation to Affective ModellingMotivation as key factor for maintaining effective learning must be maintained during computer-supported learning. For this, we attempt to investigate the benefits of a socially intelligent tutoring agent that goes beyond attending to aspects of an ...
Friend or Foe? Teaming Between Artificial Intelligence and Workers with Variation in Experience
As artificial intelligence (AI) applications become more pervasive, it is critical to understand how knowledge workers with different levels and types of experience can team with AI for productivity gains. We focus on the influence of two major types of ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© 2024 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/.
Publisher
IEEE Educational Activities Department
United States
Publication History
Published: 01 September 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Mar 2025