Next Article in Journal
A Blockchain Address Generation Method Based on the Improved SM9 Algorithm
Next Article in Special Issue
Dermatological Health: A High-Performance, Embedded, and Distributed System for Real-Time Facial Skin Problem Detection
Previous Article in Journal
Multithreaded and GPU-Based Implementations of a Modified Particle Swarm Optimization Algorithm with Application to Solving Large-Scale Systems of Nonlinear Equations
Previous Article in Special Issue
Applying Large Language Model to User Experience Testing
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 3
10.3390/electronics14030586
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Enhancing Security in Software Design Patterns and Antipatterns: A Framework for LLM-Based Detection

by
Roberto Andrade
1,
Jenny Torres
2 and
Iván Ortiz-Garcés
3,*
1
Colegio de Ciencias e Ingenierías, Universidad San Francisco de Quito USFQ, Quito 170901, Ecuador
2
Software Security Anti-Patterns Research Group (SSA-RG), Facultad de Ingeniería de Sistemas, Escuela Politécnica Nacional, Quito 170525, Ecuador
3
Escuela de Ingeniería en Ciberseguridad, Facultad de Ingeniería y Ciencias Aplicadas, Universidad de Las Américas, Quito 170125, Ecuador
*
Author to whom correspondence should be addressed.
Electronics 2025, 14(3), 586; https://doi.org/10.3390/electronics14030586
Submission received: 16 November 2024 / Revised: 21 January 2025 / Accepted: 28 January 2025 / Published: 1 February 2025
(This article belongs to the Special Issue Recent Advances of Software Engineering)
Browse Figures
Versions Notes

Abstract

:
The detection of security vulnerabilities in software design patterns and antipatterns is crucial for maintaining robust and maintainable systems, particularly in dynamic Continuous Integration/Continuous Deployment (CI/CD) environments. Traditional static analysis tools, while effective for identifying isolated issues, often lack contextual awareness, leading to missed vulnerabilities and high rates of false positives. This paper introduces a novel framework leveraging Large Language Models (LLMs) to detect and mitigate security risks in design patterns and antipatterns. By analyzing relationships and behavioral dynamics in code, LLMs provide a nuanced, context-aware approach to identifying issues such as unauthorized state changes, insecure communication, and improper data handling. The proposed framework integrates key security heuristics—such as the principles of least privilege and input validation—to enhance LLM performance. An evaluation of the framework demonstrates its potential to outperform traditional tools in terms of accuracy and efficiency, enabling the proactive detection and remediation of vulnerabilities in real time. This study contributes to the field of software engineering by offering an innovative methodology for securing software systems using LLMs, promoting both academic research and practical application in industry settings.

1. Introduction

In modern software development, the detection of antipatterns and security vulnerabilities is essential, especially within Continuous Integration/Continuous Deployment (CI/CD) environments. CI/CD frameworks, which are characterized by frequent code updates and rapid deployment cycles, demand real-time and continuous security assessments to prevent vulnerabilities from propagating undetected into production environments [1]. Antipatterns in software production have a significant negative impact, introducing design and structural issues that affect code quality, security, performance, and system maintainability. Antipatterns like the God Object or Spaghetti Code degrade code quality by generating disorganized and unmaintainable structures. These structures create complex, hard-to-understand systems, making collaboration between developers difficult and increasing the time needed to fix bugs or add new features. Over time, these antipatterns lead to less robust and more error-prone code, increasing the likelihood of introducing bugs and security vulnerabilities. For instance, Spaghetti Code creates code that is difficult to read and follow, resulting in numerous undocumented dependencies. This negatively impacts production by complicating the process of fixing errors and implementing new features.
Traditional static analysis tools, though effective in identifying certain isolated security issues, often lack the contextual depth and flexibility needed to handle the complexity of modern software architectures [2,3]. The absence of contextual awareness hinders the efficacy of static analysis tools in identifying complex vulnerabilities that span multiple components. These vulnerabilities, such as Feature Envy or God Object antipatterns, can be particularly challenging to detect. The rigid, rule-based nature of these tools leads to a high rate of false positives, which can overwhelm developers with a deluge of alerts that often do not translate into actionable security risks [4]. This limitation creates a pressing need for advanced approaches that go beyond static analysis to align with the continuous and dynamic nature of CI/CD workflows [5]. However, the inclusion of automated security testing within CI/CD pipelines mitigates risks during rapid deployments, ensuring compliance with regulatory standards and customer trust. To address this challenge, recent advancements in Large Language Models (LLMs) offer a promising solution by leveraging their capacity to process vast amounts of contextual information [6]. Unlike traditional tools, LLMs can interpret relationships between components, detect abstract patterns, and provide a deeper understanding of both code and architectural context [7]. When combined with security heuristics [8,9], LLMs can identify complex vulnerabilities and antipatterns that span across various code modules, which static analysis tools typically overlook [6]. This combination allows LLMs to go beyond syntax-level analysis, adapting to evolving software designs and providing more nuanced, context-aware insights that are crucial for robust security in CI/CD environments.
The integration of CI/CD practices and LLM-based tools is transforming software development by enhancing agility, reliability, and security [10,11,12]. Recent studies explore the effectiveness of CI/CD pipelines in handling such challenges, leveraging automated tools to identify misconfigurations and incorporating LLMs to suggest mitigations [13,14]. This iterative process combines tool-based analysis with LLM-driven refactoring, aiming to achieve compliance with security policies and reduce false positives [15]. Additionally, manual evaluations provide insights into the accuracy and efficacy of these approaches, reinforcing the necessity of integrating LLMs into automated pipelines to address evolving software vulnerabilities [16].
The motivation for this research lies in bridging the gap between traditional static tools and the demands of CI/CD workflows. By embedding LLMs within CI/CD pipelines, developers can receive real-time feedback on security issues at each stage of the deployment process, such as detecting code antipatterns like the God Object, flagging insecure data flows, or suggesting alternative algorithms for weak encryption methods, from code commit to production monitoring. This capability not only improves response times but also enables continuous and automated security monitoring that adapts to the changing state of the codebase. Moreover, by integrating security heuristics—such as the principles of least privilege and input validation, the framework enhances LLM performance and contextual adaptability, making it a robust solution for evolving software environments.
The proposed framework leverages Large Language Models (LLMs) to overcome these limitations through a contextual, system-wide analysis of code. By dynamically adapting to new threats via fine-tuning with recent vulnerability data, the framework ensures up-to-date and robust security coverage. Additionally, its ability to differentiate between real vulnerabilities and benign patterns significantly reduces false positives. Designed for seamless integration into CI/CD pipelines, the framework combines lightweight initial validation with intensive LLM-driven analysis, minimizing disruption while enabling continuous security monitoring. This proactive approach addresses gaps in traditional methods, empowering developers with tools to detect and mitigate vulnerabilities early in the development lifecycle.
The contributions of this study are twofold: first, it introduces a novel theoretical framework for integrating LLMs with security heuristics to detect software antipatterns in real-time within CI/CD environments; second, it positions this approach as a significant improvement over traditional static analysis methods. By facilitating the proactive detection of complex vulnerabilities, this approach aims to enhance software security without compromising development agility. This integration not only supports continuous security monitoring but also promotes a deeper understanding of architectural and behavioral dynamics in software systems, making it valuable for both academic research and industry applications.

2. State of the Art

2.1. LLMs and Their Application in Software Security

Leveraging Large Language Models (LLMs) and AI-driven tools are used to address challenges in human–computer collaboration, software development, and usability optimization [17]. LLMs have shown promise in enhancing workflows across diverse domains, including Agile meetings, developer conversations, quantum computing, and SDK integrations [18,19]. These tools streamline complex tasks by improving efficiency, abstraction, and usability, bridging the gap between humans and machines in collaborative environments [20]. However, despite their advancements, challenges such as compatibility issues and usability concerns persist, particularly when integrating LLMs into domain-specific tasks like CI/CD workflows [21].
A key focus of recent studies is on security and reliability in AI-assisted tools. Cotroneo et al. [21] introduced Devaic, a tool designed for the security assessment of AI-generated code, highlighting the vulnerabilities that automated code generation can introduce. This work underscores the need for systematic evaluation processes to ensure the secure integration of AI-generated artifacts into software development pipelines. Similarly, Saad Ullah et al. [22] provides a comprehensive evaluation of LLMs’ capabilities in identifying and reasoning about security vulnerabilities. Their study exposes limitations in LLMs’ reasoning and context-aware analysis, demonstrating the need for complementary tools and frameworks to fill these gaps. Both studies align with the broader research objective of developing robust methodologies to detect security-related antipatterns and ensure safe AI integration.
The practical applications of LLMs in cybersecurity are further explored by Al-Hawawreh et al. [23], who investigated ChatGPT’s potential in this domain. While acknowledging its utility, the authors identify critical challenges, such as error propagation, context limitations, and the lack of domain-specific tuning. They propose directions for future research, including improving contextual reasoning and integrating domain-specific knowledge into LLMs to enhance their effectiveness. This work supports the need for tailored approaches that adapt general-purpose LLMs like ChatGPT to specific contexts, such as CI/CD pipelines, where precision and adaptability are critical.
Large Language Models (LLMs) are transforming software security by providing advanced capabilities to process contextual information and identify abstract patterns in code and architecture. Unlike traditional tools, which often rely on static analysis, LLMs excel in interpreting syntax, semantics, and interactions between components, enabling them to uncover deeper security-related issues. This ability is particularly valuable in detecting patterns and antipatterns that influence the robustness and performance of software architectures, showcasing LLMs’ potential to enhance the reliability and security of modern software systems (See Table 1).
Large Language Models (LLMs) are revolutionizing software security by leveraging their capacity to process contextual information and identify abstract patterns in code and architecture [24]. LLMs surpass traditional tools by interpreting the syntax, semantics, and interactions between components [22], which could be essential for detecting security-related issues with patterns and antipatterns that affect the robustness and performance of software architecture.
LLMs could be particularly effective in identifying common security issues in software patterns and antipatterns (Figure 1 and Table 2). In the case of antipatterns, they introduce structural problems within security designs, such as excessive responsibility in a single component (God Object) or the improper handling of sensitive information with primitive data types (Primitive Obsession), both of which can lead to significant vulnerabilities. Unlike static methods, LLMs do not focus on isolated code snippets but instead evaluate the broader relationships and behavioral dynamics within the system. This approach enables LLMs to detect complex patterns affecting the entire architecture, which might otherwise go unnoticed. Figure 1 illustrates the comparative structure of design patterns and antipatterns, highlighting their key differences. While design patterns start with a well-defined problem and progress to effective solutions within a specific context, antipatterns start with a problematic solution and explore the contextual causes that led to its misapplication.
Furthermore, LLMs can be fine-tuned on datasets containing well-structured systems alongside those with identified antipatterns, enabling them to learn the specific characteristics of security issues [8]. For example, LLMs can detect God Objects by identifying classes that centralize multiple critical functions, such as authentication, encryption, and auditing. Concentrating these functions in one module represents a single point of failure, exposing the system to attacks that could compromise multiple areas.
LLMs also excel in real-time vulnerability detection within CI/CD workflows, continuously adapting to new security data such as recent CVEs (Common Vulnerabilities and Exposures) [9]. This adaptability allows LLMs to provide contextualized recommendations based on the specific development and deployment environment, improving both the speed and accuracy of threat identification [10].

2.2. Limitations of Traditional Static Analysis Tools

Static analysis tools, such as SonarQube9.9, Checkmarx 9.6, and Fortify20.2, have long been used in software security for identifying common vulnerabilities and coding issues without executing code [25]. These tools rely on predefined rules or security patterns to detect issues, which makes them effective at identifying straightforward security problems like hardcoded passwords or SQL injections. However, they have notable limitations [26]:
  • Lack of Contextual Awareness: Static analysis tools operate without a complete understanding of the broader context, often evaluating code at the function or file level. This limitation prevents them from detecting complex security patterns that span multiple components or layers. For example, issues related to Feature Envy or God Object require an understanding of relationships across components, which these tools struggle to capture.
  • High Rate of False Positives: Due to their rigid rule-based detection, static analysis tools tend to produce many false positives, as they cannot discern the purpose of the code or the context in which it executes. This can lead to tagging secure code as potentially vulnerable, increasing the manual workload for developers who must review each alert.
  • Limited Detection of Complex Patterns and Architectural Issues: Static tools focus mainly on identifying isolated vulnerabilities but lack the capacity to detect architectural issues that degrade security over time. This makes static tools ineffective at identifying complex antipatterns like Spaghetti Code, where components are tangled in a chaotic way, making the system difficult to audit and secure.
  • Limited Adaptability and Scalability: Static analysis tools are inflexible, as they rely on pre-established rules and are not readily adaptable to new software designs or emerging threats. Additionally, integrating these tools into CI/CD can slow down the development process for large projects, as they struggle to scale efficiently for the real-time analysis of complex dependencies.

2.3. Key Security Heuristics Guiding LLM Analysis

To enhance LLM performance in security, certain key heuristics are crucial for guiding analysis, helping LLMs focus on critical aspects that often indicate structural issues in design [27]. These heuristics support the real-time detection of security antipatterns and include the following:
Principle of Least Privilege: This heuristic ensures each component has only the permissions necessary to perform its function [24]. LLMs apply this heuristic by identifying classes or modules with excessive responsibilities, flagging potential God Objects that concentrate critical functions. Reducing permission scope minimizes the risk of privilege escalation.
Separation of Responsibilities: This heuristic encourages the clear distribution of distinct security functions across modules [27]. An LLM guided by this principle can detect antipatterns where responsibility is poorly distributed, such as Feature Envy, where one module excessively depends on another. Implementing this heuristic strengthens modularity and reduces cascading failures across the system.
Input Validation and Data Sanitization: Effective input validation is essential for preventing common attacks like SQL injection or XSS. LLMs, guided by this heuristic, can detect the insecure handling of sensitive data by spotting Primitive Obsession antipatterns, where sensitive information is managed with primitive data types instead of secure objects [28]. This helps prevent sensitive data from being stored or transmitted without proper protection.
Large Language Models (LLMs) detect the Golden Hammer antipattern by analyzing patterns of the repetitive or excessive use of a single tool, framework, or methodology within a codebase, even in contexts where alternative approaches would be more suitable. This antipattern often arises from over-reliance on familiar tools, resulting in inefficiencies or vulnerabilities. LLMs, trained on diverse datasets of code and software design principles, can identify this issue by recognizing anomalies in the logical flow of the code, mismatches between the tool’s intended purpose and its application, and the absence of appropriate variations in problem-solving approaches (See, Figure 2).

3. Methodology: Theoretical Framework for Detecting Antipatterns in CI/CD Using LLMs

To address the need for empirical validation, our methodology leverages Python as the core programming language alongside ChatGPT and the GEMINIS framework to enhance human–AI collaboration in software development tasks. Python’s extensive libraries enable efficient data processing and AI model analysis, while ChatGPT is fine-tuned for generating code, debugging, and assisting with Agile workflows. The GEMINIS framework integrates AI outputs into the development lifecycle, ensuring seamless collaboration between AI-generated insights and human decision making. Examples and datasets are drawn from publicly available GitHub repositories, allowing us to evaluate the correctness, compatibility, and real-world applicability of AI-assisted solutions.
The methodology is further validated using a combination of performance metrics, such as accuracy in code generation, task completion rates, and developer productivity improvements measured through time-to-completion and error reduction. Case studies, including real-world debugging and code refactoring scenarios, provide additional evidence of effectiveness. By integrating practical tools, examples, and measurable metrics, our approach establishes a strong empirical foundation, ensuring transparency, replicability, and relevance to modern software development challenges.
The proposed framework integrates LLMs within CI/CD pipelines to monitor code changes at critical stages, including commits, pull requests, and pre-deployment reviews. The model utilizes an attention-based mechanism to selectively focus on high-risk code segments, ensuring efficiency without disrupting development workflows. The procedural steps for the implementation of the framework are as follows:
1 
Integration into CI/CD Pipelines:
  • LLMs are integrated into tools such as Jenkins, GitLab CI/CD, or GitHub Actions to monitor code at specific stages.
  • For instance, during a code commit, the LLM scans for potential antipatterns and provides immediate feedback to developers
2 
Tokenization and Contextual Analysis:
  • Each code snippet undergoes tokenization, yielding embeddings for every element. These embeddings are processed using the LLM’s attention mechanism, prioritizing critical structures like control flows and variable dependencies.
3 
Security Heuristic Application:
  • The LLM employs heuristics, such as the principle of least privilege and input validation, to evaluate code. For instance, it identifies modules with excessive permissions or inadequate data sanitization.
4 
Feedback and Remediation:
  • The framework generates actionable recommendations, such as refactoring suggestions for God Objects or secure alternatives for deprecated encryption algorithms.
Figure 3 illustrates the complete workflow of the proposed framework, showing how LLMs are integrated into the CI/CD pipeline for antipattern detection.

Real-World Implementation Suggestions

The proposed LLM-based framework integrates seamlessly into CI/CD pipelines, providing efficient and accurate vulnerability detection through a staged approach. In the first stage, a lightweight validation script (classifier.py) evaluates code changes based on heuristic rules, identifying high-risk modifications such as those involving critical files or vulnerable keywords (See Figure 4).
In the second stage, high-risk changes are analyzed using a Large Language Model (LLM) deployed via an API. The script (llm_analysis.py) sends code snippets to the LLM for semantic evaluation, detecting vulnerabilities like the God Object or insecure input handling. The LLM generates detailed reports with identified issues and recommended mitigations, stored in a JSON format for further developer review. This deep analysis leverages the LLM’s contextual understanding, reducing false positives compared to traditional tools (See Figure 5).
To ensure security and scalability, the framework incorporates authentication mechanisms and HTTPS for secure communication with the LLM API. For connecting to modern CI/CD workflows, a yaml script could be used, which will allow the integration with Jenkins, GitHub, and other CI/CD tools (see Figure 6).
The LLM could use diverse datasets to evaluate security potential sources for these datasets, including open-source repositories: projects with known security issues, such as those listed in Common Vulnerabilities and Exposure (CVE) databases (see Figure 7).
Key performance metrics, including accuracy, precision, recall, and false positive rates, provide a robust measure of the framework’s ability to identify and mitigate vulnerabilities efficiently. The collective efficacy of these elements is indicative of the framework’s capacity to address prevailing limitations and to facilitate its integration into dynamic and intricate software development pipelines.

4. Discussion

4.1. Conceptual Architecture of the LLM with Security Heuristics

The architecture has four main components:
  • Development environment:
    • Integrates with industry-standard development tools.
    • Provides instant feedback to developers.
    • Manages version control integration.
  • CI/CD Pipeline:
    • Manages automated build processes.
    • Executes test suites.
    • Manages deployment workflows.
  • LLM Analysis Engine:
    • Processes code with a specialized analyzer.
    • Generates code embeds for analysis.
    • Applies security and pattern matching heuristics.
    • Maintains databases of known antipatterns and security rules.
  • Analysis Results:
    • Generates comprehensive security reports.
    • Provides practical refactoring recommendations.
    • Provides metrics for risk assessment.
The architecture allows for bi-directional data flow between components, providing
  • Real-time information for developers.
  • Continuous integration into development workflows.
  • Automated security assessment.
  • Contextual analysis of code changes.
Figure 8 shows the conceptual architecture of the proposed LLM-based antipattern detection system.

4.1.1. LLM Architecture in CI/CD Environments

In this theoretical framework, the LLM is embedded within the CI/CD pipeline to monitor code changes at key stages, including commits, pull requests, and pre-deployment stages. The model is activated at each stage to scan and analyze the code, using an attention-based mechanism that selectively focuses on high-risk code segments. An analogy to illustrate this process is to imagine the LLM as reading a recipe: it focuses on specific instructions relevant to the current task, like “baking” and “temperature”, rather than other completed parts, such as ingredient lists. Similarly, in code analysis, the LLM’s attention mechanism concentrates on critical structures such as function calls, control flows, and variable dependencies that may reveal security antipatterns or vulnerabilities. Each token in the code sequence is processed to create embeddings, represented as vectors. Then, each vector is multiplied by weight matrices. This process enables the LLM to create a contextualized understanding of each code element’s role, facilitating the detection of complex security patterns and antipatterns.
Table 3 outlines 11 behavioral design patterns, highlighting the security risks associated with each pattern and how LLMs (Large Language Models) can help in detecting or mitigating those risks.
  • Behavioral Pattern: List the behavioral design patterns from the Gang of Four (GoF) catalog, which focus on communication between objects and the responsibility assignment in a system. The patterns listed include well-known ones like the Chain of Responsibility, Observer, and Visitor, each addressing specific design problems.
  • Security Risks: This column describes the potential security vulnerabilities associated with each behavioral pattern when implemented without proper security measures. Examples of security risks include unvalidated data flow, unauthorized state changes, sensitive data exposure, and weak algorithm selection. These risks arise when the pattern allows unsafe or unintended behavior in its interactions or data handling.
LLM evaluation can be used to assess the security risks of each pattern. LLMs, leveraging their ability to process and understand both code and natural language, can detect issues such as insecure data flows, race conditions, and poor access control mechanisms. For example, for the Observer pattern, LLMs can ensure that only authorized observers are notified of changes, preventing sensitive data leaks. Similarly, for the Command pattern, LLMs can verify whether commands are authenticated and properly logged to avoid the execution of unauthorized actions.
The LLM demonstrated high precision and recall in detecting the God Object antipattern, indicating its effectiveness at identifying overly complex classes that handle too many responsibilities. However, the detection of Feature Envy was slightly lower, likely due to the more subtle dependencies involved in this antipattern. This difference highlights the need for further tuning and fine-grained analysis to capture nuanced relationships within certain antipatterns. LLMs excel not only in analyzing code but also in evaluating associated documentation and comments. This capability allows them to detect inconsistencies between documented security practices and actual code implementation, offering a comprehensive view of potential vulnerabilities. By simultaneously processing code and human-written documentation, LLMs reduce the need for developers to cross-reference external security standards manually, saving time and improving accuracy. For instance, an LLM can identify when a codebase does not comply with GDPR or OWASP guidelines, even if those guidelines are referenced in the documentation but not implemented within the code.

4.1.2. Predictive Vulnerability Identification

LLMs trained on extensive datasets of known vulnerabilities, such as those from CVE databases, open-source projects, and proprietary sources, can identify patterns like previous security issues. This predictive capability enables LLMs to flag vulnerabilities even before they fully manifest in the code, providing proactive protection. For example, if an LLM detects a code structure resembling a known vulnerability, such as improper user authentication or data encryption, it can prompt a review before the issue escalates to a critical level.

4.1.3. Real-Time Analysis in CI/CD Pipelines

Integrating LLMs within CI/CD pipelines enhances real-time security feedback for developers, allowing vulnerabilities to be detected and resolved within the development workflow itself. This integration speeds up detection, as vulnerabilities are flagged immediately upon code commits or feature deployments, eliminating the delays associated with periodic reviews or post-deployment audits. For example, LLMs can check each code commit for flaws related to authentication or unsafe data handling, providing instant feedback before the code is pushed to production.

4.1.4. Detecting Complex Vulnerabilities

LLMs are highly effective at detecting complex, multi-layered vulnerabilities that span across multiple components, such as race conditions, improper session management, and cross-site scripting (XSS) attacks. Traditional static analysis tools struggle with these types of vulnerabilities due to their intricacy. However, LLMs, with their capacity to understand context and semantics, can identify these vulnerabilities more efficiently by analyzing the system. For instance, an LLM could detect a race condition by examining insecure access to shared resources across various modules within a multi-threaded application, something that might otherwise require hours of manual analysis.

4.1.5. Faster Remediation Suggestions

Beyond identifying vulnerabilities, LLMs can also provide immediate recommendations for remediation, saving time for developers and security analysts. After detecting a flaw, LLM suggests a best-practice solution, reducing the time needed to research a fix. For example, if the model detects a weak hashing algorithm (e.g., MD5), it may recommend more secure alternatives like bcrypt or Argon2, along with implementation guidelines.

4.1.6. Context-Aware Vulnerability Detection

LLMs are uniquely equipped to analyze code in context, identifying vulnerabilities based on the broader usage within the system. This context-aware analysis helps reduce false positives and allows development teams to focus on actual vulnerabilities instead of wasting time on irrelevant alerts. For instance, an LLM can identify when input validation in one module is ineffective because it lacks specificity or is not consistently applied in related functions. By focusing on real vulnerabilities and reducing false positives, the LLM enhances the efficiency of vulnerability detection and remediation processes.

4.2. Comparative Analysis with Traditional Tools

Table 4 provides a comparative analysis between traditional tools and the proposed LLM framework for detecting antipatterns, highlighting significant advantages of the LLM-based approach. Traditional tools often rely on rule-based detection, which limits their ability to analyze code within broader system contexts. This results in a high number of false positives and superficial analysis that fails to address complex, interdependent issues in large-scale projects. In contrast, the proposed LLM framework leverages contextual learning, enabling a full system analysis that reduces false positives by understanding relationships and behaviors across the codebase. Additionally, while traditional tools require frequent manual updates and configurations to remain effective, the LLM framework incorporates continuous self-learning, ensuring adaptability to emerging threats and vulnerabilities without manual intervention. The LLM framework also seamlessly integrates into CI/CD pipelines without slowing down workflows, offering contextualized suggestions tailored to the specific project. Its proactive security coverage and scalability make it a superior solution for detecting antipatterns and maintaining robust software systems.

5. Conclusions

Large Language Models offer a transformative approach to detecting and addressing security vulnerabilities in software design patterns and antipatterns. Unlike traditional tools, LLMs excel in contextual analysis, enabling them to identify complex and multi-layered vulnerabilities across interconnected software components. The integration of LLMs within CI/CD workflows demonstrates their ability to provide immediate and actionable feedback, significantly reducing the time required for vulnerability identification and remediation. This supports agile development without compromising security.
LLMs improve the detection of vulnerabilities by leveraging security heuristics and understanding broader system interactions. This capability reduces false positives and ensures that the focus remains on critical security issues. By applying the framework to behavioral patterns such as the Chain of Responsibility and Observer, this study highlights the role of LLMs in addressing risks like unauthorized state changes, data leakage, and insecure communication, which are often missed by static tools.
While this research lays the groundwork for LLM-based vulnerability detection, further empirical evaluation on larger datasets and real-world systems is essential. Future work should focus on optimizing LLMs for specific design patterns and expanding their application to emerging software architectures. Moreover, investigating how these models can be integrated with real-time feedback mechanisms and dynamic threat intelligence systems could further enhance their adaptability and effectiveness.
Additionally, future research could explore the collaborative potential of LLMs with domain-specific tools to strengthen their performance in complex environments. For example, combining LLMs with tools like Devaic could enhance their ability to detect intricate vulnerabilities and provide more targeted feedback. Such integrations could lead to the development of hybrid models that balance the strengths of both approaches.
Another area worth exploring is the creation of benchmarks tailored to LLM-based security frameworks. Developing datasets that simulate real-world scenarios, including diverse codebases and evolving threat models, would enable the systematic evaluation of these models’ robustness and efficiency. These benchmarks would also guide optimization efforts, ensuring that LLMs meet the practical demands of modern software development.
Finally, fostering collaboration between academia and industry could accelerate the practical adoption of LLM-driven security frameworks. Industry partnerships could provide access to proprietary datasets, real-world use cases, and expert insights, while academic research could focus on theoretical advancements and experimental validations. This synergy would ensure the continuous improvement of LLMs and their relevance to evolving security challenges.

Author Contributions

Conceptualization, R.A. and J.T.; methodology, R.A.; formal analysis, R.A.; investigation, R.A.; writing—original draft preparation, J.T.; writing—review and editing, J.T. and J.T.; visualization, R.A.; supervision, I.O.-G.; project administration, I.O.-G.; funding acquisition, J.T. and R.A. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by Escuela Politécnica Nacional from Ecuador, grant research project PIS-22-19. And the APC was funded by the same project and institution.

Data Availability Statement

Data is contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Minna, F.; Massacci, F.; Tuma, K. Analyzing and mitigating (with LLMs) the security misconfigurations of Helm charts from Artifact Hub. arXiv 2024, arXiv:2403.09537. [Google Scholar]
  2. Charalambous, Y.; Tihanyi, N.; Sun, Y.; Ferrag, M.A.; Cordeiro, L. A New Era in Software Security: Towards Self-Healing Software via Large Language Models and Formal Verification. arXiv 2023, arXiv:2305.14752. [Google Scholar]
  3. Bagai, R.; Masrani, A.; Ranjan, P.; Najana, M. Implementing Continuous Integration and Deployment (CI/CD) for Machine Learning Models on AWS. Int. J. Glob. Innov. Solut. IJGIS 2024. [Google Scholar] [CrossRef]
  4. Chen, T. Challenges and Opportunities in Integrating LLMs into Continuous Integration/Continuous Deployment (CI/CD) Pipelines. In Proceedings of the 2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT), Nanjing, China, 29–31 March 2024; pp. 364–367. [Google Scholar] [CrossRef]
  5. Vighe, S. Security for Continuous Integration and Continuous Deployment Pipeline. Int. Res. J. Mod. Eng. Technol. Sci. 2024, 6, 2325–2330. [Google Scholar] [CrossRef]
  6. Chen, L.; Guo, Q.; Jia, H.; Zeng, Z.; Wang, X.; Xu, Y.; Wu, J.; Wang, Y.; Gao, Q.; Wang, J.; et al. A Survey on Evaluating Large Language Models in Code Generation Tasks. arXiv 2024, arXiv:2408.16498. [Google Scholar]
  7. Di Penta, M. Understanding and Improving Continuous Integration and Delivery Practice using Data from the Wild. In Proceedings of the 13th Innovations in Software Engineering Conference (Formerly Known as India Software Engineering Conference) (ISEC ’20), Jabalpur, India, 27–29 February 2020; Association for Computing Machinery: New York, NY, USA, 2020; p. 1. [Google Scholar] [CrossRef]
  8. Hilton, M.; Nelson, N.; Tunnell, T.; Marinov, D.; Dig, D. Trade-offs in continuous integration: Assurance, security, and flexibility. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017), Paderborn, Germany, 4–8 September 2017; Association for Computing Machinery: New York, NY, USA, 2017; pp. 197–207. [Google Scholar] [CrossRef]
  9. Tihanyi, N.; Ferrag, M.A.; Jain, R.; Bisztray, T.; Debbah, M. CyberMetric: A Benchmark Dataset based on Retrieval-Augmented Generation for Evaluating LLMs in Cybersecurity Knowledge. In Proceedings of the 2024 IEEE International Conference on Cyber Security and Resilience (CSR), London, UK, 2–4 September 2024; pp. 296–302. [Google Scholar] [CrossRef]
  10. Chen, Y.; Cui, M.; Wang, D.; Cao, Y.; Yang, P.; Jiang, B.; Lu, Z.; Liu, B. A survey of large language models for cyber threat detection. Comput. Secur. 2024, 145, 104016. [Google Scholar] [CrossRef]
  11. Paulo; Realpe, C.; Collazos, C.A.; Hurtado, J.; Granollers, A. A Set of Heuristics for Usable Security and User Authentication. In Proceedings of the XVII International Conference on Human Computer Interaction (Interacción ’16), Salamanca, Spain, 13–16 September 2016; Association for Computing Machinery: New York, NY, USA, 2016; p. 21. [Google Scholar] [CrossRef]
  12. Jaferian, P.; Hawkey, K.; Sotirakopoulos, A.; Velez-Rojas, M.; Beznosov, K. Heuristics for evaluating IT security management tools. In Proceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS ’11), Pittsburgh, PA, USA, 20–22 July 2011; Association for Computing Machinery: New York, NY, USA, 2011; p. 7. [Google Scholar] [CrossRef]
  13. Patil, R.; Gudivada, V. A Review of Current Trends, Techniques, and Challenges in Large Language Models (LLMs). Appl. Sci. 2024, 14, 2074. [Google Scholar] [CrossRef]
  14. Szabó, Z.; Bilicki, V. A New Approach to Web Application Security: Utilizing GPT Language Models for Source Code Inspection. Future Internet 2023, 15, 326. [Google Scholar] [CrossRef]
  15. Zhang, C.; Wang, L.; Fan, D.; Zhu, J.; Zhou, T.; Zeng, L.; Li, Z. VTT-LLM: Advancing Vulnerability-to-Tactic-and-Technique Mapping through Fine-Tuning of Large Language Model. Mathematics 2024, 12, 1286. [Google Scholar] [CrossRef]
  16. Diaba, S.Y.; Shafie-Khah, M.; Elmusrati, M. Cyber Security in Power Systems Using Meta-Heuristic and Deep Learning Algorithms. IEEE Access 2023, 11, 18660–18672. [Google Scholar] [CrossRef]
  17. Cabrero-Daniel, B.; Herda, T.; Pichler, V.; Eder, M. Exploring Human-AI Collaboration in Agile: Customised LLM Meeting Assistants. In Agile Processes in Software Engineering and Extreme Programming; Šmite, D., Guerra, E., Wang, X., Marchesi, M., Gregory, P., Eds.; XP 2024. Lecture Notes in Business Information Processing; Springer: Cham, Switzerland, 2024; Volume 512. [Google Scholar] [CrossRef]
  18. Raj, R.; Costa, D.E. The role of library versions in Developer-ChatGPT conversations. In Proceedings of the 21st International Conference on Mining Software Repositories (MSR ’24), Lisbon, Portugal, 15–16 April 2024; Association for Computing Machinery: New York, NY, USA, 2024; pp. 172–176. [Google Scholar] [CrossRef]
  19. Fürntratt, H.; Schnabl, P.; Krebs, F.; Unterberger, R.; Zeiner, H. Towards Higher Abstraction Levels in Quantum Computing. In Service-Oriented Computing—ICSOC 2023 Workshops; Monti, F., Plebani, P., Moha, N., Paik, H., Barzen, J., Ramachandran, G., Bianchini, D., Tamburri, D., Mecella, M., Eds.; ICSOC 2023. Lecture Notes in Computer Science; Springer: Singapore, 2024; Volume 14518. [Google Scholar] [CrossRef]
  20. Li, G.; Peng, X.; Wang, Q.; Xie, T.; Jin, Z.; Wang, J.; Ma, X.; Li, X. Large Models: Challenges of Natural Interaction-Based Human-Machine Collaborative Tools for Software Development and Evolution. J. Softw. 2023, 34, 4601–4606. [Google Scholar]
  21. Cotroneo, D.; De Luca, R.; Liguori, P. DeVAIC: A tool for security assessment of AI-generated code. Inf. Softw. Technol. 2025, 177, 107572. [Google Scholar] [CrossRef]
  22. Ullah, S.; Han, M.; Pujar, S.; Pearce, H.; Coskun, A.; Stringhini, G. LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks. In IEEE Symposium on Security and Privacy; IEEE Xplorer: San Francisco, CA, USA, 2024; pp. 862–880. [Google Scholar] [CrossRef]
  23. Al-Hawawreh, M.; Aljuhani, A.; Jararweh, Y. Chatgpt for cybersecurity: Practical applications, challenges, and future directions. Cluster Comput. 2023, 26, 3421–3436. [Google Scholar] [CrossRef]
  24. Wu, H.; Yu, Z.; Huang, D.; Zhang, H.; Han, W. Automated Enforcement of the Principle of Least Privilege over Data Source Access. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December–1 January 2020; pp. 510–517. [Google Scholar] [CrossRef]
  25. Romano, S.; Zampetti, F.; Baldassarre, M.T.; Di Penta, M.; Scanniello, G. Do Static Analysis Tools Affect Software Quality when Using Test-driven Development? In Proceedings of the ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) (ESEM ’22), Helsinki, Finland, 19–23 September 2022; ACM: New York, NY, USA, 2022. [Google Scholar] [CrossRef]
  26. Walker, A.; Coffey, M.; Tisnovsky, P.; Cerny, T. On limitations of modern static analysis tools. In Information Science and Applications; Kim, K.J., Kim, H.-Y., Eds.; Springer: Berlin/Heidelberg, Germany; pp. 577–586. [CrossRef]
  27. Yang, B.; Hu, H. An Efficient Verification Approach to Separation of Duty in Attribute-Based Access Control. IEEE Trans. Knowl. Data Eng. 2024, 36, 4428–4442. [Google Scholar] [CrossRef]
  28. Barlas, E.; Du, X.; Davis, J.C. Exploiting input sanitization for regex denial of service. In Proceedings of the 44th International Conference on Software Engineering (ICSE ’22), Pittsburgh, PA, USA, 21–29 May 2022; Association for Computing Machinery: New York, NY, USA, 2022; pp. 883–895. [Google Scholar] [CrossRef]
Electronics 14 00586 g001
Figure 1. Comparison of the structure of design patterns and antipatterns in software development. Adapted from [1].
Figure 1. Comparison of the structure of design patterns and antipatterns in software development. Adapted from [1].
Electronics 14 00586 g001
Electronics 14 00586 g002
Figure 2. This is an example of a code with the architectural antipattern Golden Hammer.
Figure 2. This is an example of a code with the architectural antipattern Golden Hammer.
Electronics 14 00586 g002
Electronics 14 00586 g003
Figure 3. CI/CD antipattern detection framework using LLMs.
Figure 3. CI/CD antipattern detection framework using LLMs.
Electronics 14 00586 g003
Electronics 14 00586 g004
Figure 4. Script to evaluate code changes based on heuristic security.
Figure 4. Script to evaluate code changes based on heuristic security.
Electronics 14 00586 g004
Electronics 14 00586 g005
Figure 5. Script to send to LLM for antipattern detection.
Figure 5. Script to send to LLM for antipattern detection.
Electronics 14 00586 g005
Electronics 14 00586 g006
Figure 6. Yaml script to integrate with Github.
Figure 6. Yaml script to integrate with Github.
Electronics 14 00586 g006
Electronics 14 00586 g007
Figure 7. Integration with cve details.
Figure 7. Integration with cve details.
Electronics 14 00586 g007
Electronics 14 00586 g008
Figure 8. Conceptual architecture of the LLM for antipattern detection.
Figure 8. Conceptual architecture of the LLM for antipattern detection.
Electronics 14 00586 g008
Table 1. Summary of contributions from recent research on LLMs and AI-driven tools in software development and security.
Table 1. Summary of contributions from recent research on LLMs and AI-driven tools in software development and security.
ArticleFocus Research
Exploring Human-AI Collaboration in Agile: Customized LLM Meeting Assistants [17].Develop adaptive LLM tools tailored for Agile methodologies to enhance team collaboration and automate routine meeting tasks.
The role of library versions in Developer-ChatGPT conversations [18].Create compatibility analysis tools to address issues in developer–LLM interactions caused by mismatched library versions.
Towards Higher Abstraction Levels in Quantum Computing [19].Investigate new abstraction models and frameworks to simplify quantum algorithm development and improve accessibility for non-expert developers.
Challenges from LLMs as a Natural Language Based Human–machine Collaborative Tool for Software Development and Evolution [20].Explore strategies to address limitations of LLMs in software development, such as error handling, version control, and maintaining collaboration quality.
Devaic: A tool for security assessment of ai-generated code [21].Development of Devaic, a tool for systematic security assessment of AI-generated code, addressing vulnerabilities in automated code.
LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks [22].Comprehensive evaluation of LLMs’ capabilities in identifying and reasoning about security vulnerabilities, revealing reasoning gaps.
ChatGPT for cybersecurity: practical applications, challenges, and future directions [23].Exploring ChatGPT’s applications in cybersecurity, identifying limitations (error propagation, lack of tuning) and proposing improvements.
Table 2. Overview of patterns versus antipatterns of software [1].
Table 2. Overview of patterns versus antipatterns of software [1].
TypePatternAntipattern
DescriptionReusable solutions to common design problems in softwarePoor design choices that lead to maintainability and security issues
ExamplesObserver, SingletonSpaghetti Code, God Class, Lava Flow
Advantages- Improved modularity
- Clear structure
- Reusability		None; these designs typically create more problems than they solve
Disadvantages- Can introduce security vulnerabilities if misused
- Tightly coupled code
- Global state (Singleton)		- Poor maintainability
- Hard to refactor
- High technical debt
Security ImpactObserver Pattern:
- Uncontrolled access to data
- Event flooding
- Race conditions
Singleton Pattern:
- Global state compromise
- Thread safety issues		- Increases risk of vulnerabilities due to code complexity
- Difficult to apply security patches
- Obfuscates security flaws (unintentionally)
Common Misuse- Misuse of Observer can lead to data leakage (e.g., sensitive data shared with unintended observers)
- Misuse of Singleton can create single points of failure or global state manipulation		- Spaghetti Code often results from rushed development or lack of proper design practices, leading to logic errors, buffer overflows, and other vulnerabilities
Table 3. Behavioral design patterns with associated security risks.
Table 3. Behavioral design patterns with associated security risks.
Behavioral PatternSecurity RisksLLM Evaluation
Chain of ResponsibilityUnvalidated data flowing through handlers, potentially reaching insecure handlers.Check if handlers validate data properly and enforce security policies at each stage.
CommandMalicious commands can be injected or executed without proper authorization.Ensure commands are authenticated, validated, and logged before execution.
InterpreterCode injection or interpretation vulnerabilities due to improper input validation.Detect injection vulnerabilities and ensure secure input validation.
IteratorExposing sensitive data or internal states while iterating collections.Ensure iterators do not expose sensitive data or internal structures.
MediatorSingle point of failure or sensitive interactions exposed through unsecured communication.Evaluate if communication between objects is properly secured, preventing unauthorized access.
MementoMementos capturing sensitive state data insecurely or exposing them unintentionally.Verify mementos store sensitive state securely and prevent unauthorized access.
ObserverSensitive data leaks through unauthorized updates or insecure communication.Ensure only authorized observers receive updates and that communication is authenticated.
StateUnauthorized access to object states or changes in behavior due to improper state transitions.Check state transitions for proper access control and ensure unauthorized users cannot modify states.
StrategyInsecure algorithm selection, especially in cases like weak encryption strategies.Evaluate if strategy selection is secure, flagging weak or deprecated algorithms.
Template MethodOverriding or bypassing critical security steps in subclasses, leading to vulnerabilities.Ensure that critical security steps are consistently enforced in the template method.
VisitorUnauthorized visitors accessing or modifying sensitive elements in object structures.Check if visitors are restricted and that access control prevents unauthorized operations.
Table 4. Comparative analysis of antipattern detection solutions.
Table 4. Comparative analysis of antipattern detection solutions.
FeatureTraditional ToolsProposed LLM Framework
Contextual DetectionLimited to analysis per fileFull system analysis
False PositivesHigh numberReduced by context
Analysis TimeFast but superficialDeeper but optimized
ScalabilityLimited in large projectsAdaptable to any scale
Antipattern DetectionBased on fixed rulesContextual learning
IC/DC IntegrationCan slow down the pipelineSeamless integration
UpdatesRequires manual updateContinuous self-learning
Suggestions for ImprovementGenericContextualized to the project
Security CoverageFocused on known vulnerabilitiesProactive detection
MaintenanceRequires regular configurationSelf-adaptive
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Andrade, R.; Torres, J.; Ortiz-Garcés, I. Enhancing Security in Software Design Patterns and Antipatterns: A Framework for LLM-Based Detection. Electronics 2025, 14, 586. https://doi.org/10.3390/electronics14030586

AMA Style

Andrade R, Torres J, Ortiz-Garcés I. Enhancing Security in Software Design Patterns and Antipatterns: A Framework for LLM-Based Detection. Electronics. 2025; 14(3):586. https://doi.org/10.3390/electronics14030586

Chicago/Turabian Style

Andrade, Roberto, Jenny Torres, and Iván Ortiz-Garcés. 2025. "Enhancing Security in Software Design Patterns and Antipatterns: A Framework for LLM-Based Detection" Electronics 14, no. 3: 586. https://doi.org/10.3390/electronics14030586

APA Style

Andrade, R., Torres, J., & Ortiz-Garcés, I. (2025). Enhancing Security in Software Design Patterns and Antipatterns: A Framework for LLM-Based Detection. Electronics, 14(3), 586. https://doi.org/10.3390/electronics14030586

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop