中文标题#
使用大语言模型的显式漏洞生成:超越对抗攻击的研究
英文标题#
Explicit Vulnerability Generation with LLMs: An Investigation Beyond Adversarial Attacks
中文摘要#
大型语言模型(LLMs)越来越多地被用作代码助手,但当明确要求生成不安全代码时,它们的行为仍知之甚少。 尽管之前的研究集中在意外的漏洞上,但本研究考察了一个更直接的威胁:当被提示时,开源 LLMs 生成易受攻击的代码。 我们提出了一种双实验设计:(1)动态提示,系统地在结构化模板中变化漏洞类型、用户角色和提示措辞;以及(2)反向提示,从真实的易受攻击代码样本中推导出自然语言提示。 我们使用静态分析评估了三个开源 7B 参数模型(Qwen2、Mistral、Gemma),以评估生成漏洞的存在性和正确性。 我们的结果表明,所有模型经常生成请求的漏洞,尽管性能差异显著。 在动态提示下,Gemma 在内存漏洞方面的正确性最高(例如,缓冲区溢出的正确率为 98.6%),而 Qwen2 在所有任务中表现出最平衡的性能。 我们发现,专业角色(例如 “DevOps 工程师”)始终比学生角色产生更高的成功率,并且直接与间接措辞的有效性取决于提示策略而反转。 漏洞重现准确性与代码复杂度呈非线性关系,在中等范围内达到峰值。 我们的发现揭示了 LLMs 依赖模式回忆而非语义推理如何在其安全对齐中造成重大盲点,特别是在以看似合理的专业任务形式提出的请求中。
英文摘要#
Large Language Models (LLMs) are increasingly used as code assistants, yet their behavior when explicitly asked to generate insecure code remains poorly understood. While prior research has focused on unintended vulnerabilities, this study examines a more direct threat: open-source LLMs generating vulnerable code when prompted. We propose a dual experimental design: (1) Dynamic Prompting, which systematically varies vulnerability type, user persona, and prompt phrasing across structured templates; and (2) Reverse Prompting, which derives natural-language prompts from real vulnerable code samples. We evaluate three open-source 7B-parameter models (Qwen2, Mistral, Gemma) using static analysis to assess both the presence and correctness of generated vulnerabilities. Our results show that all models frequently generate the requested vulnerabilities, though with significant performance differences. Gemma achieves the highest correctness for memory vulnerabilities under Dynamic Prompting (e.g., 98.6% for buffer overflows), while Qwen2 demonstrates the most balanced performance across all tasks. We find that professional personas (e.g., "DevOps Engineer") consistently elicit higher success rates than student personas, and that the effectiveness of direct versus indirect phrasing is inverted depending on the prompting strategy. Vulnerability reproduction accuracy follows a non-linear pattern with code complexity, peaking in a moderate range. Our findings expose how LLMs' reliance on pattern recall over semantic reasoning creates significant blind spots in their safety alignments, particularly for requests framed as plausible professional tasks.
PDF 获取#
抖音扫码查看更多精彩内容