NJIT PhD Researcher Develops Secure Code Generation System, Achieves Early Conference Acceptance
Research from New Jersey Institute of Technology (NJIT) addresses a critical issue in AI-powered code generation: the prevalence of security vulnerabilities. Ph.D. student Khiem Ton and his colleagues have developed SGCode, a system that combines advanced AI techniques with security analysis tools to detect and fix potential security flaws as code is being created.
In a remarkable achievement, Ton's paper on SGCode has been accepted for presentation at the prestigious 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS '24), only one week into his Ph.D. program. This early success highlights Ton's exceptional talent and the cutting-edge research being conducted at NJIT's Data Science Department.
SGCode integrates large language models (LLMs) like GPT-4 with a generative adversarial graph neural network (gGAN) and security analysis tools. The system's flexibility allows users to switch between different methods for optimizing code security, providing detailed security analysis reports and performance insights. This approach aims to produce code that is functional and free from common vulnerabilities.
The system's architecture consists of back-end services that integrate code security analysis tools with commercial LLMs, and a user-friendly web-based front-end. SGCode is deployed on a lightweight AWS server, demonstrating minimal system cost compared to the high cost of LLM code generation. The result is a solution that is highly scalable and widely deployable.
"Khiem Ton's outstanding achievement within the first week at NJIT is our testimony to developing the Data Science Department with a foremost research and education portfolio for the next generation of AI," said Associate Professor Hai Phan, Ton's advisor. "It aligns with NJIT's AI strategic development vision."
In addition to SGCode, Ton has contributed to a U.S. Provisional Patent in a project titled "XCopilot: Private and Secure Code Generation with LLMs" and developed two side projects, IP and data security protection and PrompSecure, which also focus on generating secure code.
As cyber threats become increasingly sophisticated, the importance of secure code generation is a critical component to the viability of AI-generated code. SGCode's ability to generate secure code with only a marginal increase in computational cost could revolutionize AI-assisted software development, representing a significant step forward in creating more resilient and secure software systems.
Ton will present the team's work at the ACM CCS 2024 conference in October, showcasing NJIT's commitment to fostering young talent and advancing cutting-edge AI technologies.