Salvato in:
Dettagli Bibliografici
Autori principali: Lee, Kiho, Kim, Jungkon, Kim, Doowon, Kim, Hyoungshick
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2509.12649
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866914039202840576
author Lee, Kiho
Kim, Jungkon
Kim, Doowon
Kim, Hyoungshick
author_facet Lee, Kiho
Kim, Jungkon
Kim, Doowon
Kim, Hyoungshick
contents Code-generating Large Language Models (LLMs) significantly accelerate software development. However, their frequent generation of insecure code presents serious risks. We present a comprehensive evaluation of seven parameter-efficient fine-tuning (PEFT) techniques, demonstrating substantial gains in secure code generation without compromising functionality. Our research identifies prompt-tuning as the most effective PEFT method, achieving an 80.86% Overall-Secure-Rate on CodeGen2 16B, a 13.5-point improvement over the 67.28% baseline. Optimizing decoding strategies through sampling temperature further elevated security to 87.65%. This equates to a reduction of approximately 203,700 vulnerable code snippets per million generated. Moreover, prompt and prefix tuning increase robustness against poisoning attacks in our TrojanPuzzle evaluation, with strong performance against CWE-79 and CWE-502 attack vectors. Our findings generalize across Python and Java, confirming prompt-tuning's consistent effectiveness. This study provides essential insights and practical guidance for building more resilient software systems with LLMs.
format Preprint
id arxiv_https___arxiv_org_abs_2509_12649
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Systematic Evaluation of Parameter-Efficient Fine-Tuning Methods for the Security of Code LLMs
Lee, Kiho
Kim, Jungkon
Kim, Doowon
Kim, Hyoungshick
Cryptography and Security
Artificial Intelligence
Code-generating Large Language Models (LLMs) significantly accelerate software development. However, their frequent generation of insecure code presents serious risks. We present a comprehensive evaluation of seven parameter-efficient fine-tuning (PEFT) techniques, demonstrating substantial gains in secure code generation without compromising functionality. Our research identifies prompt-tuning as the most effective PEFT method, achieving an 80.86% Overall-Secure-Rate on CodeGen2 16B, a 13.5-point improvement over the 67.28% baseline. Optimizing decoding strategies through sampling temperature further elevated security to 87.65%. This equates to a reduction of approximately 203,700 vulnerable code snippets per million generated. Moreover, prompt and prefix tuning increase robustness against poisoning attacks in our TrojanPuzzle evaluation, with strong performance against CWE-79 and CWE-502 attack vectors. Our findings generalize across Python and Java, confirming prompt-tuning's consistent effectiveness. This study provides essential insights and practical guidance for building more resilient software systems with LLMs.
title A Systematic Evaluation of Parameter-Efficient Fine-Tuning Methods for the Security of Code LLMs
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2509.12649