Generating API Parameter Security Rules with LLM for API Misuse Detection
Jinghua Liu
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · API Security
In the realm of software development, **Application Programming Interfaces (APIs)** serve as fundamental building blocks, accelerating development cycles and providing diverse functionalities. However, the widespread adoption of APIs introduces a significant security challenge: developers, often unaware of an API's intricate implementation details, may inadvertently misuse parameters, leading to critical security vulnerabilities. This talk, presented by Jinghua Liu from the Institute of Information Engineering Chinese Academy of Sciences, introduces **GBT8**, a novel framework that leverages **Large Language Models (LLMs)** to automatically generate accurate and concrete API parameter security rules (**APSRs**) for the detection of such misuse.
AI review
Legitimate academic systems-security research with a sensible core idea: use LLMs to generate API parameter security rules, validate them with execution feedback, and refine vague outputs into concrete detectors. The engineering is honest and the numbers are real, but this is an NDSS paper presentation, not a conference talk that will change how practitioners work tomorrow.