Enhancing Trustworthiness in LLM-Generated Code: A Reinforcement Learning and Domain-Knowledge Constrained Approach

Files

1428.pdf (188.95 KB)

Links to Files

https://ebiquity.umbc.edu/_file_directory_/papers/1428.pdf

Permanent Link

http://hdl.handle.net/11603/42288

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Center for Cybersecurity
UMBC Faculty Collection
UMBC Information Systems Department

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-6354-1686
 https://orcid.org/0000-0002-6593-1792
 https://orcid.org/0000-0002-8641-3193

Date

2025-02

Type of Work

conference papers and proceedings
preprints
Text

Department

Program

Citation of Original Publication

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

UMBC Ebiquity Researh Group
UMBC Accelerated Cognitive Cybersecurity Laboratory
UMBC Cybersecurity Institute

Abstract

Imagine analyzing a piece of code that uses the function ConnectToServer() withan encrypted string as its argument. A large language model (LLM), trained onextensive programming data, might flag the use of encryption as suspicious andgenerate an explanation suggesting that the function likely connects to a maliciousserver. While this explanation might seem plausible, it can often be unfaithful—itovergeneralizes based on statistical patterns from its training data without trulyunderstanding the context or validating its claims [8]. A REACT (Reasoning andActing) framework, which combines reasoning with action steps, is likely a betterapproach because it allows the LLM to propose actions—such as decrypting the stringor examining server connections—while reasoning about the results [7]. However,REACT still lacks a feedback mechanism to evaluate the effectiveness of thoseactions or iteratively refine the sequence based on empirical observations. Without such feedback, it risks falling short in dynamic scenarios, where the validation of predictions and adaptation to new evidence are critical [10].