Saved in:
Bibliographic Details
Main Authors: Zhang, Yang, Ouyang, Wenyi, Zhang, Yi, Cheng, Liang, Wu, Chen, Hu, Wenxin
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.10814
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911152760422400
author Zhang, Yang
Ouyang, Wenyi
Zhang, Yi
Cheng, Liang
Wu, Chen
Hu, Wenxin
author_facet Zhang, Yang
Ouyang, Wenyi
Zhang, Yi
Cheng, Liang
Wu, Chen
Hu, Wenxin
contents The prevalence of cryptographic API misuse (CAM) is compromising the effectiveness of cryptography and in turn the security of modern systems and applications. Despite extensive efforts to develop CAM detection tools, these tools typically rely on a limited set of predefined rules from human-curated knowledge. This rigid, rule-based approach hinders adaptation to evolving CAM patterns in real practices. We propose leveraging large language models (LLMs), trained on publicly available cryptography-related data, to automatically detect and classify CAMs in real-world code to address this limitation. Our method enables the development and continuous expansion of a CAM taxonomy, supporting developers and detection tools in tracking and understanding emerging CAM patterns. Specifically, we develop an LLM-agnostic prompt engineering method to guide LLMs in detecting CAM instances from C/C++, Java, Python, and Go code, and then classifying them into a hierarchical taxonomy. Using a data set of 3,492 real-world software programs, we demonstrate the effectiveness of our approach with mainstream LLMs, including GPT, Llama, Gemini, and Claude. It also allows us to quantitatively measure and compare the performance of these LLMs in analyzing CAM in realistic code. Our evaluation produced a taxonomy with 279 base CAM categories, 36 of which are not addressed by existing taxonomies. To validate its practical value, we encode 11 newly identified CAM types into detection rules and integrate them into existing tools. Experiments show that such integration expands the tools' detection capabilities.
format Preprint
id arxiv_https___arxiv_org_abs_2509_10814
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Automatic Generation of a Cryptography Misuse Taxonomy Using Large Language Models
Zhang, Yang
Ouyang, Wenyi
Zhang, Yi
Cheng, Liang
Wu, Chen
Hu, Wenxin
Cryptography and Security
The prevalence of cryptographic API misuse (CAM) is compromising the effectiveness of cryptography and in turn the security of modern systems and applications. Despite extensive efforts to develop CAM detection tools, these tools typically rely on a limited set of predefined rules from human-curated knowledge. This rigid, rule-based approach hinders adaptation to evolving CAM patterns in real practices. We propose leveraging large language models (LLMs), trained on publicly available cryptography-related data, to automatically detect and classify CAMs in real-world code to address this limitation. Our method enables the development and continuous expansion of a CAM taxonomy, supporting developers and detection tools in tracking and understanding emerging CAM patterns. Specifically, we develop an LLM-agnostic prompt engineering method to guide LLMs in detecting CAM instances from C/C++, Java, Python, and Go code, and then classifying them into a hierarchical taxonomy. Using a data set of 3,492 real-world software programs, we demonstrate the effectiveness of our approach with mainstream LLMs, including GPT, Llama, Gemini, and Claude. It also allows us to quantitatively measure and compare the performance of these LLMs in analyzing CAM in realistic code. Our evaluation produced a taxonomy with 279 base CAM categories, 36 of which are not addressed by existing taxonomies. To validate its practical value, we encode 11 newly identified CAM types into detection rules and integrate them into existing tools. Experiments show that such integration expands the tools' detection capabilities.
title Automatic Generation of a Cryptography Misuse Taxonomy Using Large Language Models
topic Cryptography and Security
url https://arxiv.org/abs/2509.10814