{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T18:58:12Z","timestamp":1770577092169,"version":"3.49.0"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031708787","type":"print"},{"value":"9783031708794","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70879-4_18","type":"book-chapter","created":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T19:02:20Z","timestamp":1725476540000},"page":"353-373","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["CryptoLLM: Harnessing the\u00a0Power of\u00a0LLMs to\u00a0Detect Cryptographic API Misuse"],"prefix":"10.1007","author":[{"given":"Heewon","family":"Baek","sequence":"first","affiliation":[]},{"given":"Minwook","family":"Lee","sequence":"additional","affiliation":[]},{"given":"Hyoungshick","family":"Kim","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,5]]},"reference":[{"key":"18_CR1","unstructured":"Shiftleft scan (2015). https:\/\/shiftleft.io\/scan"},{"key":"18_CR2","unstructured":"Spotbugs (2024). https:\/\/spotbugs.github.io\/"},{"key":"18_CR3","doi-asserted-by":"crossref","unstructured":"Afrose, S., Rahaman, S., Yao, D.: CryptoAPI-bench: a comprehensive benchmark on java cryptographic API misuses. In: Proceedings of the IEEE Cybersecurity Development (SecDev) (2019)","DOI":"10.1109\/SecDev.2019.00017"},{"key":"18_CR4","doi-asserted-by":"crossref","unstructured":"Allix, K., Bissyand\u00e9, T.F., Klein, J., Le\u00a0Traon, Y.: AndroZoo: collecting millions of Android apps for the research community. In: Proceedings of the International Conference on Mining Software Repositories (2016)","DOI":"10.1145\/2901739.2903508"},{"key":"18_CR5","doi-asserted-by":"crossref","unstructured":"Amann, S., Nadi, S., Nguyen, H.A., Nguyen, T.N., Mezini, M.: MUBench: a benchmark for API-misuse detectors. In: Proceedings of the International Conference on Mining Software Repositories (2016)","DOI":"10.1145\/2901739.2903506"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Ami, A.S., et al.: MASC: a tool for mutation-based evaluation of static crypto-API misuse detectors. In: Proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2023)","DOI":"10.1145\/3611643.3613099"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Ami, A.S., Cooper, N., Kafle, K., Moran, K., Poshyvanyk, D., Nadkarni, A.: Why crypto-detectors fail: a systematic evaluation of cryptographic misuse detection techniques. In: Proceedings of IEEE Symposium on Security and Privacy (SP) (2022)","DOI":"10.1109\/SP46214.2022.9833582"},{"key":"18_CR8","first-page":"131A","volume":"800","author":"E Barker","year":"2011","unstructured":"Barker, E., Roginsky, A., et al.: Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Spec. Publ. 800, 131A (2011)","journal-title":"NIST Spec. Publ."},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"Braga, A., Dahab, R.: A longitudinal and retrospective study on how developers misuse cryptography in online communities. In: Anais do XVII Simp\u00f3sio Brasileiro em Seguran\u00e7a da Informa\u00e7\u00e3o e de Sistemas Computacionais (2017)","DOI":"10.5753\/sbseg.2017.19488"},{"key":"18_CR10","unstructured":"Clark, K., Luong, M.T., Le, Q.V., Manning, C.D.: Electra: pre-training text encoders as discriminators rather than generators. arXiv preprint arXiv:2003.10555 (2020)"},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Das, D., et al.: COMEX: a tool for generating customized source code representations. In: Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering (ASE) (2023)","DOI":"10.1109\/ASE56229.2023.00010"},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: SP 800-38A 2001 edition. Recommendation for block cipher modes of operation: methods and techniques. Tech. rep. (2001)","DOI":"10.6028\/NIST.SP.800-38a"},{"key":"18_CR13","doi-asserted-by":"crossref","unstructured":"Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2013)","DOI":"10.1145\/2508859.2516693"},{"key":"18_CR14","doi-asserted-by":"crossref","unstructured":"Feng, Z., et al.: CodeBERT: a pre-trained model for programming and natural languages. arXiv preprint arXiv:2002.08155 (2020)","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Fischer, F., et al.: Stack overflow considered harmful? the impact of copy &paste on android application security. In: Proceedings of IEEE Symposium on Security and Privacy (SP) (2017)","DOI":"10.1109\/SP.2017.31"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Gajrani, J., Tripathi, M., Laxmi, V., Gaur, M.S., Conti, M., Rajarajan, M.: sPECTRA: a precise framework for analyzing cryptographic vulnerabilities in android apps. In: Proceedings of the IEEE Annual Consumer Communications & Networking Conference (CCNC) (2017)","DOI":"10.1109\/CCNC.2017.7983245"},{"issue":"5","key":"18_CR17","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2016.111","volume":"14","author":"M Green","year":"2016","unstructured":"Green, M., Smith, M.: Developers are not the enemy!: the need for usable security APIs. IEEE Secur. Priv. 14(5), 40\u201346 (2016)","journal-title":"IEEE Secur. Priv."},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"Kr\u00fcger, S., et al.: CogniCrypt: supporting developers in using cryptography. In: Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering (ASE) (2017)","DOI":"10.1109\/ASE.2017.8115707"},{"issue":"11","key":"18_CR19","doi-asserted-by":"publisher","first-page":"2382","DOI":"10.1109\/TSE.2019.2948910","volume":"47","author":"S Kr\u00fcger","year":"2019","unstructured":"Kr\u00fcger, S., Sp\u00e4th, J., Ali, K., Bodden, E., Mezini, M.: CrySL: an extensible approach to validating the correct usage of cryptographic APIs. IEEE Trans. Software Eng. 47(11), 2382\u20132400 (2019)","journal-title":"IEEE Trans. Software Eng."},{"key":"18_CR20","unstructured":"LinkedIn: Introducing qark: An open source tool to improve android application security - linkedin engineering (2015). https:\/\/engineering.linkedin.com\/blog\/2015\/08\/introducing-qark"},{"key":"18_CR21","unstructured":"Lu, S., et al.: Codexglue: a machine learning benchmark dataset for code understanding and generation. arXiv preprint arXiv:2102.04664 (2021)"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Ma, S., Lo, D., Li, T., Deng, R.H.: CDRep: automatic repair of cryptographic misuses in android applications. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2897845.2897896"},{"key":"18_CR23","unstructured":"MITRE: CWE-1240: Use of a cryptographic primitive with a risky implementation (2024). https:\/\/cwe.mitre.org\/data\/definitions\/1240.html"},{"key":"18_CR24","unstructured":"MITRE: CWE-259: Use of hard-coded password (2024). https:\/\/cwe.mitre.org\/data\/definitions\/259.html"},{"key":"18_CR25","unstructured":"MITRE: CWE-321: Use of hard-coded cryptographic key (2024). https:\/\/cwe.mitre.org\/data\/definitions\/321.html"},{"key":"18_CR26","unstructured":"MITRE: CWE-327: Use of a broken or risky cryptographic algorithm (2024). https:\/\/cwe.mitre.org\/data\/definitions\/327.html"},{"key":"18_CR27","doi-asserted-by":"crossref","unstructured":"Muslukhov, I., Boshmaf, Y., Beznosov, K.: Source attribution of cryptographic API misuse in android applications. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security (2018)","DOI":"10.1145\/3196494.3196538"},{"key":"18_CR28","doi-asserted-by":"crossref","unstructured":"Nguyen, D.C., Wermke, D., Acar, Y., Backes, M., Weir, C., Fahl, S.: A stitch in time: supporting android developers in writingsecure code. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2017)","DOI":"10.1145\/3133956.3133977"},{"key":"18_CR29","doi-asserted-by":"publisher","first-page":"1678","DOI":"10.1109\/TR.2023.3237849","volume":"72","author":"GE de Paula Rodrigues","year":"2023","unstructured":"de Paula Rodrigues, G.E., Braga, A.M., Dahab, R.: Detecting cryptography misuses with machine learning: graph embeddings, transfer learning and data augmentation in source code related tasks. IEEE Trans. Reliab. 72, 1678\u20131689 (2023)","journal-title":"IEEE Trans. Reliab."},{"key":"18_CR30","doi-asserted-by":"crossref","unstructured":"Rahaman, S., et al.: CryptoGuard: high precision detection of cryptographic vulnerabilities in massive-sized java projects. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2019)","DOI":"10.1145\/3319535.3345659"},{"key":"18_CR31","doi-asserted-by":"crossref","unstructured":"Rodrigues, G.E.d.P., Braga, A.M., Dahab, R.: Using graph embeddings and machine learning to detect cryptography misuse in source code. In: Proceedings of the IEEE International Conference on Machine Learning and Applications (ICMLA) (2020)","DOI":"10.1109\/ICMLA51294.2020.00171"},{"issue":"11","key":"18_CR32","doi-asserted-by":"publisher","first-page":"2460","DOI":"10.3390\/electronics12112460","volume":"12","author":"L Wang","year":"2023","unstructured":"Wang, L., Wang, J., Sui, T., Kong, L., Zhao, Y.: Intelligent detection of cryptographic misuse in android applications based on program slicing and transformer-based classifier. Electronics 12(11), 2460 (2023)","journal-title":"Electronics"},{"key":"18_CR33","doi-asserted-by":"crossref","unstructured":"Wang, Y., Wang, W., Joty, S., Hoi, S.C.: Codet5: identifier-aware unified pre-trained encoder-decoder models for code understanding and generation. arXiv preprint arXiv:2109.00859 (2021)","DOI":"10.18653\/v1\/2021.emnlp-main.685"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70879-4_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T19:06:10Z","timestamp":1725476770000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70879-4_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031708787","9783031708794"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70879-4_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"5 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}