The Midas Touch: Triggering the Capability of LLMs for RM-API Misuse Detection
Yi Yang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · API Security
This talk, presented by Jinalu (one of the authors) on behalf of Yi Yang, Kachin, and Menlin from the Institute of Information Engineering, Chinese Academy of Sciences, introduces a novel approach called **ChatDetector** for identifying and detecting misuses of **Resource Management API (RM-API) pairs** using **Large Language Models (LLMs)**. The core problem addressed is the pervasive issue of RM-API misuse, which often leads to critical security vulnerabilities such as memory corruption, denial of service, and data leakage. These misuses stem from developers' oversight or poorly documented API contracts, where freeing or releasing operations are implicitly expected but not explicitly enforced or clearly stated.
AI review
Solid, original research applying LLMs to a problem that actually warrants them — RM-API pair identification from documentation is exactly the kind of semantically dense, inconsistently structured task where NLP traditionally faceplants. The two-dimensional cross-validation mechanism to catch LLM fabrication is the real contribution here, and the 115 confirmed bugs across six real libraries is the receipts. Not paradigm-shifting, but this is careful, reproducible work that advances the state of the art.