Code Generation Security in LLMs: A Hybrid Detection and Post-Processing Framework for Vulnerability Mitigation

Authors: Beilei Zhang, Tao Hu, and Hailong Ma

Conference: ICIC 2025 Posters, Ningbo, China, July 26-29, 2025

Pages: 833-845

Keywords: LLM Security, Code Generation, Static Analysis, Dynamic Fuzzing, Vulnerability Repair.

DOI: 10.65286/icic.v21i4.69146

Abstract

Large Language Models LLMs have transformed code generation but introduce critical security risks in software development pipelines. This paper proposes a hybrid framework combining static analysis Bandit CodeQL , dynamic fuzzing AFL__ , and syntax-aware repair rules to mitigate vulnerabilities in LLM-generated code without retraining. Evaluated on an enhanced SecurityEval benchmark with 185 test samples, our framework achieves a 68.2 reduction in vulnerabilities 95 CI: 64.7–71.7 while preserving 92.1 functional correctness across four state-of-the-art LLMs Qwen2.5-72B, QwQ-32B, ChatGPT-3.5, and ChatGPT-4 . Key findings reveal significant disparities in model security: ChatGPT-4 demonstrates superior vulnerability awareness static VDR: 83 vs. 61 for Qwen2.5-72B and generates 1.9× fewer vulnerabilities than open-source alternatives. The lightweight repair pipeline operates at 0.8 seconds per sample, enabling real-time deployment. This work highlights the necessity of integrating hybrid detection with context-aware repair to balance security and functionality in LLM-generated code.

BibTeX Citation:

@inproceedings{ICIC2025,
    author = {Beilei Zhang, Tao Hu, and Hailong Ma},
    title = {Code Generation Security in LLMs: A Hybrid Detection and Post-Processing Framework for Vulnerability Mitigation},
    booktitle = {Proceedings of the 21st International Conference on Intelligent Computing (ICIC 2025)},
    month = {July},
    date = {26-29},
    year = {2025},
    address = {Ningbo, China},
    pages = {833-845},
    doi = {10.65286/icic.v21i4.69146}
}