Skip to content

Commit

Permalink
Adding LLM4GW
Browse files Browse the repository at this point in the history
  • Loading branch information
XinyuZhangXvX committed Nov 25, 2024
1 parent 11e9602 commit f24cac4
Show file tree
Hide file tree
Showing 9 changed files with 224 additions and 65 deletions.
100 changes: 100 additions & 0 deletions LLM4GW.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
<!doctype html>
<html>

<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-EER1LDV4TH"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());

gtag('config', 'G-EER1LDV4TH');
</script>
<title>LLM4GW</title>
<meta charset="utf-8" name="viewport" content="width=device-width, initial-scale=1">
<link href="css/frame.css" media="screen" rel="stylesheet" type="text/css" />
<link href="css/controls.css" media="screen" rel="stylesheet" type="text/css" />
<link href="css/custom.css" media="screen" rel="stylesheet" type="text/css" />
<link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300,700' rel='stylesheet' type='text/css'>
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700" rel="stylesheet">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="js/menu.js"></script>
<style>
.menu-index {
color: rgb(255, 255, 255) !important;
opacity: 1 !important;
font-weight: 700 !important;
}
</style>
</head>

<body>
<div class="menu-container"></div>
<div class="content-container">
<div class="content">
<div class="content-table flex-column">
<!-------------------------------------------------------------------------------------------->
<!--Start LLM4GW-->
<div class="flex-row">
<div class="flex-item flex-column">
<h2 class="add-top-margin">LLM4GW</h2>
<hr>
<p style="font-size:14pt;">
LLM4GW is the first comprehensive study to assess how effective Large Language Models (LLMs) are for tasks related to GitHub workflows. While LLMs have shown effectiveness in software development tasks like coding and testing, GitHub workflows are distinct from regular code in terms of structure, semantics, and security properties.
</p>
<p style="font-size:14pt;">
We curated a dataset of around 400,000 workflows based on ARGUS dataset, generated prompts with varying levels of detail, and fine-tuned three state-of-the-art LLMs: GPT-3.5, CodeLlama, and StarChat. We evaluated the performance of these LLMs, both off-the-shelf and fine-tuned, on five workflow-related tasks: workflow generation, defect detection (syntactic errors and code injection vulnerabilities), and defect repair. The evaluation encompassed different prompting modes (zero-shot, one-shot) and involved identifying the best-performing temperature value and prompt for each LLM and task.
</p>
<p style="font-size:14pt;">
The study revealed that, unlike regular code generation, LLMs require detailed prompts to generate the desired workflows, but these detailed prompts can lead to invalid workflows with syntactic errors. Additionally, the LLMs were found to produce workflows with code injection vulnerabilities. The research also highlights the need for novel LLM-assisted techniques, as the current LLMs were found to be ineffective at repairing workflow defects.
</p>

<h2 class="add-top-margin">Paper</h2>
<p style="font-size:14pt;">
<a href="https://dl.acm.org/doi/10.1145/3664476.3664497" target="_blank">Our paper</a> is accepted at ARES '24.

<h2 class="add-top-margin">Code</h2>
<p style="font-size:14pt;">
Our code is opensourced on <a href="https://github.com/purs3lab/LLMs4GitHubWorkflows" target="_blank"> GitHub</a>. Please check out the repository for more details.
</p>
<h2 class="add-top-margin">Bibtex</h2>
<pre>
@inproceedings{10.1145/3664476.3664497,
author = {Zhang, Xinyu and Muralee, Siddharth and Cherupattamoolayil, Sourag and Machiry, Aravind},
title = {On the Effectiveness of Large Language Models for GitHub Workflows},
year = {2024},
isbn = {9798400717185},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3664476.3664497},
doi = {10.1145/3664476.3664497},
booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
articleno = {32},
numpages = {14},
location = {Vienna, Austria},
series = {ARES '24}
}
</pre>
</div>
</div>
<!--End LLM4GW-->

<!--Start Credits-->
<div class="flex-row">
<div class="flex-item flex-item-stretch flex-column">
<br /><br />
<p class="text text-small text-italic">
LLM4GW | <span class="highlight-text">PurS3 Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">PurSec Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">WSPR Lab</span> at <span class="highlight-text">North Carolina State University</span>
</p>
</div>
</div>
<!--End Credits-->
<!-------------------------------------------------------------------------------------------->
</div>
</div>
</div>
</body>

</html>
12 changes: 10 additions & 2 deletions argus.html
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,18 @@ <h2 class="add-top-margin"> Github's Blog </h2>
<p style="font-size:14pt;">
GitHub published a <a href="https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/" target="_blank">blog post</a> about our findings and also mentioned our tool. We are grateful for the support provided by them throughout our research.

<h2 class="add-top-margin">Paper</h2>
<p style="font-size:14pt;">
<a href="https://www.usenix.org/conference/usenixsecurity23/presentation/muralee" target="_blank">Our paper</a> is accepted at USENIX Security '23.

<h2 class="add-top-margin">Code</h2>
<p style="font-size:14pt;">
Our tool is opensourced on <a href="https://github.com/purs3lab/ARGUS" target="_blank"> GitHub</a>. Please check out the repository for more details.
</p>
<h2 class="add-top-margin">PoCs</h2>
<p style="font-size:14pt;">
We have developed PoCs for some randomly picked vulnerable workflows. The PoCs are currently restricted to induviduals who's identities we can verfiy, to prevent any misuse. If you are interested in obtaining the PoCs, please follow the steps mentioned <a href="dataset.html">here</a>. You can select the PoC option while filling the form.
</p>
<h2 class="add-top-margin">Bibtex</h2>
<pre>
@inproceedings{muralee2023Argus,
Expand All @@ -83,7 +91,7 @@ <h2 class="add-top-margin">Bibtex</h2>

<!-------------------------------------------------------------------------------------------->
<!--Start Team-->
<div class="flex-row">
<!-- <div class="flex-row">
<div class="flex-item flex-column">
<h2 class="add-top-margin">Team</h2>
<hr>
Expand All @@ -96,7 +104,7 @@ <h2 class="add-top-margin">Team</h2>
<img src="./img/ncsu.png" height = "125" alt="ncsu" align="center" />
</div>
</div>
</div>
</div> -->
<!--End Team-->
<!-------------------------------------------------------------------------------------------->
<!--Start Credits-->
Expand Down
19 changes: 10 additions & 9 deletions dataset.html
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

gtag('config', 'G-EER1LDV4TH');
</script>
<title>ARGUS</title>
<title>SecureCI</title>
<meta charset="utf-8" name="viewport" content="width=device-width, initial-scale=1">
<link href="https://use.fontawesome.com/releases/v5.2.0/css/all.css" media="screen" rel="stylesheet" type="text/css" />
<link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/base/jquery-ui.css" media="screen" rel="stylesheet" type="text/css" />
Expand Down Expand Up @@ -44,17 +44,18 @@
<!-------------------------------------------------------------------------------------------->
<div class="flex-row">
<div class="flex-item flex-column">
<h2 class="add-top-margin">Argus Dataset Policy</h2>
<h2 class="add-top-margin">Dataset Policy</h2>
<hr>
<p style="font-size:14pt;">
We are delighted to share the ARGUS dataset and believe it will be a valuable resource for your research. However, to prevent any potential misuse, we kindly request that you fill out a request form to confirm your identity and outline the scope of your research. Once we have verified these details, we will provide you with the download link for the ARGUS dataset.
We are delighted to share our datasets and believe they will be valuable resources for your research. However, to prevent any potential misuse, we kindly request that you fill out a request form to confirm your identity and outline the scope of your research. Once we have verified these details, we will provide you with the download link for the datasets.
</p>
<p style="font-size:16pt;"><strong>
Request Steps:
</strong></p>
<p style="font-size:14pt;">
<strong>1. Please open the <a href="https://forms.gle/SmzyqhtLNrvvZ8x37" target="_blank">online request form</a> in a browser.</strong><br />
<strong>1. Please open the online request form</a> in a browser.</strong><br />
Link to ARGUS Dataset Request Form: <a href="https://forms.gle/SmzyqhtLNrvvZ8x37" target="_blank">https://forms.gle/SmzyqhtLNrvvZ8x37</a><br />
Link to LLM4GW Dataset Request Form: <a href="https://forms.gle/gyASp6NxMMtNexwh6" target="_blank">hhttps://forms.gle/gyASp6NxMMtNexwh6</a><br />
(If you are unable to access the page, please contact us by email.)
</p>
<p style="font-size:14pt;">
Expand Down Expand Up @@ -88,7 +89,7 @@ <h2 class="add-top-margin">Argus Dataset Policy</h2>
<h2 class="add-top-margin">Disclaimer & Download Agreement</h2>
<hr>
<p style="font-size:14pt;">
To download the ARGUS dataset, you must agree with the items of the succeeding Disclaimer & Download Agreement. You should carefully read the following terms before submitting the ARGUS Dataset request form.
To download our datasets, you must agree with the items of the succeeding Disclaimer & Download Agreement. You should carefully read the following terms before submitting the Dataset Request Form.
</p>
<ul>
<li style="font-size:14pt;">ARGUS Dataset is constructed and cross-checked by 2 experts that work in workflow security research. Due to the potential misclassification led by subjective factors, our members cannot guarantee a 100% accuracy for samples in the dataset.</li>
Expand All @@ -97,12 +98,12 @@ <h2 class="add-top-margin">Disclaimer & Download Agreement</h2>
<br />
<li style="font-size:14pt;">The purpose of using the dataset should be non-commercial research and/or personal use. The dataset should not be used for commercial use and any profitable purpose.</li>
<br />
<li style="font-size:14pt;">The ARGUS dataset should not be re-selled or re-distributed. Anyone who has obtained ARGUS should not share the dataset with others without the permission from our team.</li>
<li style="font-size:14pt;">The dataset should not be re-selled or re-distributed. Anyone who has obtained the dataset should not share the dataset with others without the permission from our team.</li>
</ul>
</div>
</div>
<!-------------------------------------------------------------------------------------------->
<div class="flex-row">
<!-- <div class="flex-row">
<div class="flex-item flex-column">
<h2 class="add-top-margin">Citation</h2>
<hr>
Expand All @@ -117,7 +118,7 @@ <h2 class="add-top-margin">Citation</h2>
year={2023},
}</pre>
</div>
</div>
</div> -->
<!-------------------------------------------------------------------------------------------->

<div class="flex-row">
Expand Down Expand Up @@ -145,7 +146,7 @@ <h2 class="add-top-margin">Dataset Shared With</h2>
<div class="flex-item flex-item-stretch flex-column">
<br />
<p class="text text-small text-italic">
ARGUS | <span class="highlight-text">PurS3 Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">PurSec Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">WSPR Lab</span> at <span class="highlight-text">North Carolina State University</span>
SecureCI | <span class="highlight-text">PurS3 Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">PurSec Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">WSPR Lab</span> at <span class="highlight-text">North Carolina State University</span>
</p>
</div>
</div>
Expand Down
15 changes: 15 additions & 0 deletions file/LLM4GW.bib
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
@inproceedings{10.1145/3664476.3664497,
author = {Zhang, Xinyu and Muralee, Siddharth and Cherupattamoolayil, Sourag and Machiry, Aravind},
title = {On the Effectiveness of Large Language Models for GitHub Workflows},
year = {2024},
isbn = {9798400717185},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3664476.3664497},
doi = {10.1145/3664476.3664497},
booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
articleno = {32},
numpages = {14},
location = {Vienna, Austria},
series = {ARES '24}
}
Binary file added img/githublogo.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit f24cac4

Please sign in to comment.