Utilizing Fine-Tuning of Large Language Models for Generating Synthetic Payloads:Enhancing Web Application Cybersecurity through Innovative Penetration Testing Techniques  

作　　者：Stefan Cirkovic Vladimir Mladenovic Siniša Tomic Dalibor Drljaca Olga Ristic 

机构地区：[1]Faculty of Technical Sciences,University of Kragujevac,Cacak,32000,Serbia [2]Faculty of Information Technology,Pan-European University Apeiron,Banja Luka,78101,Bosnia and Hercegovina

出　　处：《Computers, Materials & Continua》2025年第3期4409-4430,共22页计算机、材料和连续体(英文)

基　　金：supported by the Ministry of Science,Technological Development and Innovation of the Republic of Serbia,and these results are parts of Grant No.451-03-66/2024-03/200132 with the University of Kragujevac-Faculty of Technical Sciences Cacak.

摘　　要：With the increasing use of web applications,challenges in the field of cybersecurity are becoming more complex.This paper explores the application of fine-tuned large language models(LLMs)for the automatic generation of synthetic attacks,including XSS(Cross-Site Scripting),SQL Injections,and Command Injections.A web application has been developed that allows penetration testers to quickly generate high-quality payloads without the need for in-depth knowledge of artificial intelligence.The fine-tuned language model demonstrates the capability to produce synthetic payloads that closely resemble real-world attacks.This approach not only improves the model’s precision and dependability but also serves as a practical resource for cybersecurity professionals to enhance the security of web applications.The methodology and structured implementation underscore the importance and potential of advanced language models in cybersecurity,illustrating their effectiveness in generating high-quality synthetic data for penetration testing purposes.The research results demonstrate that this approach enables the identification of vulnerabilities that traditional methods may not uncover,providing deeper insights into potential threats and enhancing overall security measures.The performance evaluation of the model indicated satisfactory results,while further hyperparameter optimization could improve accuracy and generalization capabilities.This research represents a significant step forward in improving web application security and opens new opportunities for the use of LLMs in security testing,thereby contributing to the development of more effective cybersecurity strategies.

关 键 词：LLM GPT-2 XSS SQL injection command injection evaluation loss perplexity 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]