{"id":"https://openalex.org/W4408859326","doi":"https://doi.org/10.1109/access.2025.3554960","title":"LLM-Driven, Self-Improving Framework for Security Test Automation: Leveraging Karate DSL for Augmented API Resilience","display_name":"LLM-Driven, Self-Improving Framework for Security Test Automation: Leveraging Karate DSL for Augmented API Resilience","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4408859326","doi":"https://doi.org/10.1109/access.2025.3554960"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3554960","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3554960","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3554960","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019800976","display_name":"Emil Marian Pa\u0219ca","orcid":"https://orcid.org/0000-0002-0216-6499"},"institutions":[{"id":"https://openalex.org/I158333966","display_name":"Technical University of Cluj-Napoca","ror":"https://ror.org/03r8nwp71","country_code":"RO","type":"education","lineage":["https://openalex.org/I158333966"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Emil Marian Pasca","raw_affiliation_strings":["Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania"],"raw_orcid":"https://orcid.org/0000-0002-0216-6499","affiliations":[{"raw_affiliation_string":"Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]},{"raw_affiliation_string":"Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070282435","display_name":"Daniela Delinschi","orcid":"https://orcid.org/0000-0001-8582-5842"},"institutions":[{"id":"https://openalex.org/I158333966","display_name":"Technical University of Cluj-Napoca","ror":"https://ror.org/03r8nwp71","country_code":"RO","type":"education","lineage":["https://openalex.org/I158333966"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Daniela Delinschi","raw_affiliation_strings":["Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania"],"raw_orcid":"https://orcid.org/0000-0001-8582-5842","affiliations":[{"raw_affiliation_string":"Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]},{"raw_affiliation_string":"Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064344165","display_name":"Rudolf Erdei","orcid":"https://orcid.org/0000-0002-3496-3513"},"institutions":[{"id":"https://openalex.org/I158333966","display_name":"Technical University of Cluj-Napoca","ror":"https://ror.org/03r8nwp71","country_code":"RO","type":"education","lineage":["https://openalex.org/I158333966"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Rudolf Erdei","raw_affiliation_strings":["Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]},{"raw_affiliation_string":"Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]}]},{"author_position":"last","author":{"id":null,"display_name":"Oliviu Matei","orcid":"https://orcid.org/0000-0002-3496-3513"},"institutions":[{"id":"https://openalex.org/I158333966","display_name":"Technical University of Cluj-Napoca","ror":"https://ror.org/03r8nwp71","country_code":"RO","type":"education","lineage":["https://openalex.org/I158333966"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Oliviu Matei","raw_affiliation_strings":["Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania"],"raw_orcid":"https://orcid.org/0000-0002-3496-3513","affiliations":[{"raw_affiliation_string":"Department of Electrical, Electronic and Computer Engineering, Technical University of Cluj Napoca, North University Centre of Baia Mare, Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]},{"raw_affiliation_string":"Technical University of Cluj Napoca, North University Centre of Baia Mare, Romania","institution_ids":["https://openalex.org/I158333966"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":5.7703,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.95585435,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"13","issue":null,"first_page":"56861","last_page":"56886"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9860000014305115,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9860000014305115,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9854999780654907,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9836000204086304,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/digital-subscriber-line","display_name":"Digital subscriber line","score":0.8059873580932617},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7283231616020203},{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.7111183404922485},{"id":"https://openalex.org/keywords/test","display_name":"Test (biology)","score":0.5332842469215393},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.4758709967136383},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.402243971824646},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3899866044521332},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3751179277896881},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17104724049568176},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15099722146987915}],"concepts":[{"id":"https://openalex.org/C201374245","wikidata":"https://www.wikidata.org/wiki/Q104534","display_name":"Digital subscriber line","level":2,"score":0.8059873580932617},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7283231616020203},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.7111183404922485},{"id":"https://openalex.org/C2777267654","wikidata":"https://www.wikidata.org/wiki/Q3519023","display_name":"Test (biology)","level":2,"score":0.5332842469215393},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.4758709967136383},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.402243971824646},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3899866044521332},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3751179277896881},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17104724049568176},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15099722146987915},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3554960","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3554960","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:4203a5ca69274ac0b0b2d2cb75812fb4","is_oa":true,"landing_page_url":"https://doaj.org/article/4203a5ca69274ac0b0b2d2cb75812fb4","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 56861-56886 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3554960","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3554960","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1478856069","display_name":null,"funder_award_id":"ERANET-CHISTERA-IV-TROCI 4/2024","funder_id":"https://openalex.org/F4320323983","funder_display_name":"Unitatea Executiva pentru Finantarea Invatamantului Superior, a Cercetarii, Dezvoltarii si Inovarii"}],"funders":[{"id":"https://openalex.org/F4320323983","display_name":"Unitatea Executiva pentru Finantarea Invatamantului Superior, a Cercetarii, Dezvoltarii si Inovarii","ror":"https://ror.org/01q7jq182"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W2901654758","https://openalex.org/W3175269629","https://openalex.org/W3177546869","https://openalex.org/W3217504530","https://openalex.org/W4207071804","https://openalex.org/W4383568555","https://openalex.org/W4384026520","https://openalex.org/W4384834982","https://openalex.org/W4389104713","https://openalex.org/W4391974543","https://openalex.org/W4392405447","https://openalex.org/W4403646794","https://openalex.org/W4404366535","https://openalex.org/W4404473045","https://openalex.org/W4405170929","https://openalex.org/W4407272146","https://openalex.org/W6796867105","https://openalex.org/W6856556076","https://openalex.org/W6858981908","https://openalex.org/W6859312269","https://openalex.org/W6861575574","https://openalex.org/W6874026845"],"related_works":["https://openalex.org/W1622568043","https://openalex.org/W2056183469","https://openalex.org/W2055565857","https://openalex.org/W4230802329","https://openalex.org/W2151852566","https://openalex.org/W2087366038","https://openalex.org/W4299645117","https://openalex.org/W2164592990","https://openalex.org/W1498610659","https://openalex.org/W2197898492"],"abstract_inverted_index":{"Modern":[0],"software":[1],"architectures":[2],"heavily":[3],"rely":[4],"on":[5,81,95,136],"APIs,":[6,200],"yet":[7],"face":[8],"significant":[9,141,247],"security":[10,26,252],"challenges,":[11],"particularly":[12],"with":[13,92,128,145,157,201],"Broken":[14],"Object":[15],"Level":[16],"Authorization":[17],"(BOLA)":[18],"vulnerabilities,":[19],"which":[20],"remain":[21],"the":[22],"most":[23],"critical":[24],"API":[25,251,267],"risk":[27],"according":[28],"to":[29,48,188,261],"OWASP.":[30],"This":[31],"paper":[32],"introduces":[33],"Karate-BOLA-Guard,":[34],"an":[35,129,180,255],"innovative":[36],"framework":[37],"leveraging":[38],"Large":[39],"Language":[40],"Models":[41],"(LLMs)":[42],"and":[43,70,88,111,163,191,242,258],"Retrieval-Augmented":[44],"Generation":[45],"(RAG)":[46],"techniques":[47],"automate":[49],"security-focused":[50],"test":[51,68],"case":[52],"generation":[53],"for":[54,61,67,73],"APIs.":[55],"Our":[56,114,195],"approach":[57,260],"integrates":[58],"vector":[59],"databases":[60],"context":[62],"retrieval,":[63],"multiple":[64],"LLM":[65],"models":[66,153],"generation,":[69],"observability":[71],"tools":[72],"process":[74],"monitoring.":[75],"Initial":[76],"experiments":[77],"were":[78],"carried":[79],"out":[80],"three":[82],"deliberately":[83],"vulnerable":[84],"APIs":[85,99],"(VAmPI,":[86],"Crapi,":[87],"OWASP":[89],"Juice":[90],"Shop),":[91],"subsequent":[93],"validation":[94],"fifteen":[96],"additional":[97],"production":[98],"spanning":[100],"diverse":[101,266],"domains":[102],"including":[103,237],"social":[104],"media,":[105],"version":[106],"control":[107],"systems,":[108],"financial":[109],"services,":[110],"transportation":[112],"services.":[113],"evaluation":[115],"metrics":[116,236],"show":[117],"Llama":[118,176],"3":[119,177],"8B":[120,178],"achieving":[121],"consistent":[122,217],"performance":[123,204],"(Accuracy:":[124],"3.1-3.4,":[125],"Interoperability:":[126],"3.7-4.3)":[127],"average":[130,181],"processing":[131,150],"time":[132],"of":[133,182],"143.76":[134],"seconds":[135,162],"GPU.":[137],"Performance":[138],"analysis":[139],"revealed":[140],"GPU":[142],"acceleration":[143],"benefits,":[144],"20-25x":[146],"improvement":[147],"over":[148],"CPU":[149],"times.":[151],"Smaller":[152],"demonstrated":[154],"efficient":[155],"processing,":[156],"Phi-3":[158,192],"Mini":[159],"averaging":[160],"69.58":[161],"Mistral":[164],"72.14":[165],"seconds,":[166],"while":[167,215],"maintaining":[168,216],"acceptable":[169],"accuracy":[170],"scores.":[171],"Token":[172],"utilization":[173],"patterns":[174],"showed":[175],"using":[179],"36,591":[183],"tokens":[184],"per":[185],"session,":[186],"compared":[187],"Mistral\u2019s":[189],"25,225":[190],"Mini\u2019s":[193],"31,007.":[194],"framework\u2019s":[196],"effectiveness":[197],"varied":[198],"across":[199,265],"notably":[202],"strong":[203],"in":[205,219,249],"complex":[206],"platforms":[207],"(Instagram:":[208],"A":[209,223],"=":[210,213,224,227],"4.3,":[211],"I":[212,226],"4.4)":[214],"functionality":[218],"simpler":[220],"implementations":[221],"(VAmPI:":[222],"3.6,":[225],"4.3).":[228],"The":[229],"iterative":[230],"refinement":[231],"process,":[232],"evaluated":[233],"through":[234],"comprehensive":[235],"Accuracy":[238],"(A),":[239],"Complexity":[240],"(C),":[241],"Interoperability":[243],"(I),":[244],"represents":[245],"a":[246],"advancement":[248],"automated":[250],"testing,":[253],"offering":[254],"efficient,":[256],"accurate,":[257],"adaptable":[259],"detecting":[262],"BOLA":[263],"vulnerabilities":[264],"architectures.":[268]},"counts_by_year":[{"year":2025,"cited_by_count":6}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}