A large language model-driven semantic inference framework for business logic vulnerability discovery in power system microservice APIs
摘要
With the widespread adoption of Microservices Architecture (MSA), Application Programming Interfaces (APIs) have become cornerstone components in modern enterprise and critical infrastructure systems, particularly in smart grids and digital power systems, where they support core business processes such as dispatching, metering, billing, and energy trading. These APIs are increasingly exposed to Business Logic Vulnerabilities (BLVs), which, unlike traditional technical flaws, are deeply embedded in domain-specific workflows, operational constraints, and state-dependent interactions. In power-related service environments, such vulnerabilities may directly threaten business logic integrity, transaction consistency, and even the secure operation of critical services. However, conventional Static and Dynamic Application Security Testing (SAST/DAST) tools often fail to detect such issues because they lack semantic understanding and awareness of complex business state transitions. To address these limitations, this paper proposes LLM-SID, an innovative Large Language Model-driven semantic inference framework for automated BLV discovery in microservice APIs. The framework constructs a Semantic Code Property Graph (SCPG) to model high-level business semantics and employs Turing Machine primitives to formalize state-transition processes. Based on this foundation, a Multi-Agent System (MAS) is introduced to automatically mine business logic constraints and synthesize executable Proof-of-Concept (PoC) scripts. By explicitly incorporating power-oriented service workflows, LLM-SID is particularly suitable for identifying business logic flaws in electricity-related microservice scenarios, where strict process correctness, authorization consistency, and transaction reliability are essential. Evaluations on representative microservice benchmarks demonstrate that the proposed framework achieves an 88.0% recall rate and 84.6% precision, significantly outperforming industry baselines. Moreover, its automation capabilities reduce manual testing time from an average of 4.5 hours to 3.2 minutes per vulnerability. These results indicate that LLM-SID has strong potential for deployment in DevSecOps pipelines not only for general enterprise applications, but also for security-sensitive power infrastructure systems requiring high assurance in business process integrity.