Re(gEx|DoS)Eval: Evaluating Generated Regular Expressions and their Proneness to DoS Attacks
With the recent development of the large language model-based text and code generation technologies, users are using them for a vast range of tasks, including regex generation. Despite the efforts to generate regexes from natural language, there is no prompt benchmark for LLMs with real-world data and robust test sets. Moreover, a regex can be prone to the Denial of Service (DoS) attacks due to catastrophic backtracking. Hence, we need a systematic evaluation process to evaluate the correctness and security of the regexes generated by the language models. In this NIER paper, we describe Re(gEx|DoS)Eval, a framework which includes a dataset of 762 regex descriptions (prompts) from real users, refined prompts with examples, and a robust set of tests. We introduce the pass@k and vulnerable@k metrics to evaluate the generated regexes based on the functional correctness and proneness to ReDoS attacks. Moreover, we demonstrate the Re(gEx|DoS)Eval with three language models, i.e., T5, Phi-1.5, and GPT-3, and described the plan for the future extension of this framework.
Thu 18 AprDisplayed time zone: Lisbon change
11:00 - 12:30 | AI & Security 2Research Track / New Ideas and Emerging Results at Sophia de Mello Breyner Andresen Chair(s): Gabriele Bavota Software Institute @ Università della Svizzera Italiana | ||
11:00 15mTalk | Towards Causal Deep Learning for Vulnerability Detection Research Track Md Mahbubur Rahman Iowa State University, Ira Ceka Columbia University, Chengzhi Mao Columbia University, Saikat Chakraborty Microsoft Research, Baishakhi Ray AWS AI Labs, Wei Le Iowa State University | ||
11:15 15mTalk | MetaLog: Generalizable Cross-System Anomaly Detection from Logs with Meta-Learning Research Track Chenyangguang Zhang Tsinghua University, Tong Jia Institute for Artificial Intelligence, Peking University, Beijing, China, Guopeng Shen Linkedsee Technology (China) Limited, Pinyan Zhu Linkedsee Technology (China) Limited, Ying Li School of Software and Microelectronics, Peking University, Beijing, China | ||
11:30 15mTalk | Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems Research Track Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, David Lo Singapore Management University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Wei Liu Nanjing University Media Attached File Attached | ||
11:45 15mTalk | Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection Research Track Yizhou Chen Peking University, Zeyu Sun Institute of Software, Chinese Academy of Sciences, Zhihao Gong Peking University, Dan Hao Peking University | ||
12:00 15mTalk | On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities Research Track Zhen Li Huazhong University of Science and Technology, Ning Wang Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Yating Li Huazhong University of Science and Technology, Ruqian Zhang Huazhong University of Science and Technology, Shouhuai Xu University of Colorado Colorado Springs, Chao Zhang Tsinghua University, Hai Jin Huazhong University of Science and Technology Pre-print | ||
12:15 7mTalk | Large Language Model for Vulnerability Detection: Emerging Results and Future Directions New Ideas and Emerging Results Xin Zhou Singapore Management University, Singapore, Ting Zhang Singapore Management University, David Lo Singapore Management University | ||
12:22 7mTalk | Re(gEx|DoS)Eval: Evaluating Generated Regular Expressions and their Proneness to DoS Attacks New Ideas and Emerging Results Mohammed Latif Siddiq University of Notre Dame, Jiahao Zhang , Lindsay Roney University of Notre Dame, Joanna C. S. Santos University of Notre Dame DOI Pre-print Media Attached | ||