Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

An Extensive Study on Adversarial Attack against Pre-trained Models of Code (2311.07553v2)

Published 13 Nov 2023 in cs.CR and cs.AI

Abstract: Transformer-based pre-trained models of code (PTMC) have been widely utilized and have achieved state-of-the-art performance in many mission-critical applications. However, they can be vulnerable to adversarial attacks through identifier substitution or coding style transformation, which can significantly degrade accuracy and may further incur security concerns. Although several approaches have been proposed to generate adversarial examples for PTMC, the effectiveness and efficiency of such approaches, especially on different code intelligence tasks, has not been well understood. To bridge this gap, this study systematically analyzes five state-of-the-art adversarial attack approaches from three perspectives: effectiveness, efficiency, and the quality of generated examples. The results show that none of the five approaches balances all these perspectives. Particularly, approaches with a high attack success rate tend to be time-consuming; the adversarial code they generate often lack naturalness, and vice versa. To address this limitation, we explore the impact of perturbing identifiers under different contexts and find that identifier substitution within for and if statements is the most effective. Based on these findings, we propose a new approach that prioritizes different types of statements for various tasks and further utilizes beam search to generate adversarial examples. Evaluation results show that it outperforms the state-of-the-art ALERT in terms of both effectiveness and efficiency while preserving the naturalness of the generated adversarial examples.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. A Transformer-based Approach for Source Code Summarization. In Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics, ACL 2020, Online, July 5-10, 2020, Dan Jurafsky, Joyce Chai, Natalie Schluter, and Joel R. Tetreault (Eds.). Association for Computational Linguistics, 4998–5007. https://doi.org/10.18653/v1/2020.acl-main.449
  2. Unified Pre-training for Program Understanding and Generation. In Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT 2021, Online, June 6-11, 2021, Kristina Toutanova, Anna Rumshisky, Luke Zettlemoyer, Dilek Hakkani-Tür, Iz Beltagy, Steven Bethard, Ryan Cotterell, Tanmoy Chakraborty, and Yichao Zhou (Eds.). Association for Computational Linguistics, 2655–2668. https://doi.org/10.18653/v1/2021.naacl-main.211
  3. CodeBERT: A Pre-Trained Model for Programming and Natural Languages. In Findings of the Association for Computational Linguistics: EMNLP 2020, Online Event, 16-20 November 2020 (Findings of ACL, Vol. EMNLP 2020), Trevor Cohn, Yulan He, and Yang Liu (Eds.). Association for Computational Linguistics, 1536–1547. https://doi.org/10.18653/v1/2020.findings-emnlp.139
  4. UniXcoder: Unified Cross-Modal Pre-training for Code Representation. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), ACL 2022, Dublin, Ireland, May 22-27, 2022, Smaranda Muresan, Preslav Nakov, and Aline Villavicencio (Eds.). Association for Computational Linguistics, 7212–7225. https://doi.org/10.18653/v1/2022.acl-long.499
  5. GraphCodeBERT: Pre-training Code Representations with Data Flow. In Proceedings of the 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, May 3-7, 2021. OpenReview.net. https://openreview.net/forum?id=jLoC4ez43PZ
  6. Pre-trained models: Past, present and future. AI Open 2 (2021), 225–250. https://doi.org/10.1016/j.aiopen.2021.08.002
  7. Semantic Robustness of Models of Source Code. In Proceedings of the IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2022, Honolulu, HI, USA, March 15-18, 2022. IEEE, 526–537. https://doi.org/10.1109/SANER53432.2022.00070
  8. Christopher Herbig. 2002. Genetic Algorithms vs. Greedy Algorithms in the Optimization of Course Scheduling. J. Comput. Sci. Coll. 17, 5 (apr 2002), 90–94. https://dl.acm.org/doi/pdf/10.5555/775009.775028
  9. Revealing injection vulnerabilities by leveraging existing tests. In Proceedings of the 42nd International Conference on Software Engineering, ICSE 2020, Seoul, South Korea, 27 June - 19 July, 2020, Gregg Rothermel and Doo-Hwan Bae (Eds.). ACM, 284–296. https://doi.org/10.1145/3377811.3380326
  10. Summarizing Source Code with Transferred API Knowledge. In Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, IJCAI 2018, July 13-19, 2018, Stockholm, Sweden, Jérôme Lang (Ed.). ijcai.org, 2269–2275. https://doi.org/10.24963/ijcai.2018/314
  11. CodeSearchNet Challenge: Evaluating the State of Semantic Code Search. CoRR abs/1909.09436 (2019). arXiv:1909.09436 http://arxiv.org/abs/1909.09436
  12. Beam search algorithms for multilabel learning. Mach. Learn. 92, 1 (2013), 65–89. https://doi.org/10.1007/s10994-013-5371-6
  13. RoPGen: Towards Robust Code Authorship Attribution via Automatic Coding Style Transformation. In Proceedings of the 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 1906–1918. https://doi.org/10.1145/3510003.3510181
  14. CodeXGLUE: A Machine Learning Benchmark Dataset for Code Understanding and Generation. In Proceedings of the Neural Information Processing Systems Track on Datasets and Benchmarks 1, NeurIPS Datasets and Benchmarks 2021, December 2021, virtual, Joaquin Vanschoren and Sai-Kit Yeung (Eds.). https://datasets-benchmarks-proceedings.neurips.cc/paper/2021/hash/c16a5320fa475530d9583c34fd356ef5-Abstract-round1.html
  15. Equation of state calculations by fast computing machines. The journal of chemical physics 21, 6 (1953), 1087–1092. https://doi.org/10.1063/1.1699114
  16. Adversarial Attacks to API Recommender Systems: Time to Wake Up and Smell the Coffeef𝑓fitalic_f. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Melbourne, Australia, November 15-19, 2021. IEEE, 253–265. https://doi.org/10.1109/ASE51524.2021.9678946
  17. A Search-Based Testing Framework for Deep Neural Networks of Source Code Embedding. In Proceedings of the 14th IEEE Conference on Software Testing, Verification and Validation, ICST 2021, Porto de Galinhas, Brazil, April 12-16, 2021. IEEE, 36–46. https://doi.org/10.1109/ICST49551.2021.00016
  18. Understanding the syntactic rule usage in java. J. Syst. Softw. 123 (2017), 160–172. https://doi.org/10.1016/j.jss.2016.10.017
  19. Pre-trained Models for Natural Language Processing: A Survey. CoRR abs/2003.08271 (2020). arXiv:2003.08271 https://arxiv.org/abs/2003.08271
  20. On the generalizability of Neural Program Models with respect to semantic-preserving program transformations. Inf. Softw. Technol. 135 (2021), 106552. https://doi.org/10.1016/j.infsof.2021.106552
  21. Graeme D. Ruxton. 2006. The unequal variance t-test is an underused alternative to Student’s t-test and the Mann–Whitney U test. Behavioral Ecology 17, 4 (05 2006), 688–690. https://doi.org/10.1093/beheco/ark016
  22. A Unified Survey on Anomaly, Novelty, Open-Set, and Out of-Distribution Detection: Solutions and Future Challenges. Trans. Mach. Learn. Res. 2022 (2022). https://openreview.net/forum?id=aRtjVZvbpK
  23. An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. ACM Trans. Softw. Eng. Methodol. 32, 1 (2023), 25:1–25:45. https://doi.org/10.1145/3554732
  24. On the Evaluation of Neural Code Summarization. In Proceedings of the 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 1597–1608. https://doi.org/10.1145/3510003.3510060
  25. Static Identification of Injection Attacks in Java. ACM Trans. Program. Lang. Syst. 41, 3 (2019), 18:1–18:58. https://doi.org/10.1145/3332371
  26. Generating Adversarial Computer Programs using Optimized Obfuscations. In Proceedings of the 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, May 3-7, 2021. OpenReview.net. https://openreview.net/forum?id=PH5PH9ZO_4
  27. Towards a Big Data Curated Benchmark of Inter-project Code Clones. In Proceedings of the 30th IEEE International Conference on Software Maintenance and Evolution, Victoria, BC, Canada, September 29 - October 3, 2014. IEEE Computer Society, 476–480. https://doi.org/10.1109/ICSME.2014.77
  28. Attention is All you Need. In Proceedings of the 31st Annual Conference on Neural Information Processing Systems, NIPS 17, December 4-9, 2017, Long Beach, CA, USA, Isabelle Guyon, Ulrike von Luxburg, Samy Bengio, Hanna M. Wallach, Rob Fergus, S. V. N. Vishwanathan, and Roman Garnett (Eds.). 5998–6008. https://proceedings.neurips.cc/paper/2017/hash/3f5ee243547dee91fbd053c1c4a845aa-Abstract.html
  29. Open-Source Tools and Benchmarks for Code-Clone Detection: Past, Present, and Future Trends. SIGAPP Appl. Comput. Rev. 19, 4 (jan 2020), 28–39. https://doi.org/10.1145/3381307.3381310
  30. No more fine-tuning? an experimental evaluation of prompt tuning in code intelligence. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022, Singapore, Singapore, November 14-18, 2022, Abhik Roychoudhury, Cristian Cadar, and Miryung Kim (Eds.). ACM, 382–394. https://doi.org/10.1145/3540250.3549113
  31. Detecting Code Clones with Graph Neural Network and Flow-Augmented Abstract Syntax Tree. In Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2020, London, ON, Canada, February 18-21, 2020, Kostas Kontogiannis, Foutse Khomh, Alexander Chatzigeorgiou, Marios-Eleftherios Fokaefs, and Minghui Zhou (Eds.). IEEE, 261–271. https://doi.org/10.1109/SANER48275.2020.9054857
  32. Towards a Robust Deep Neural Network Against Adversarial Texts: A Survey. IEEE Trans. Knowl. Data Eng. 35, 3 (2023), 3159–3179. https://doi.org/10.1109/TKDE.2021.3117608
  33. CodeT5: Identifier-aware Unified Pre-trained Encoder-Decoder Models for Code Understanding and Generation. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, EMNLP 2021, Virtual Event / Punta Cana, Dominican Republic, 7-11 November, 2021, Marie-Francine Moens, Xuanjing Huang, Lucia Specia, and Scott Wen-tau Yih (Eds.). Association for Computational Linguistics, 8696–8708. https://doi.org/10.18653/v1/2021.emnlp-main.685
  34. Natural Attack for Pre-trained Models of Code. In Proceedings of the 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 1482–1493. https://doi.org/10.1145/3510003.3510146
  35. POSTER: UAFChecker: Scalable Static Detection of Use-After-Free Vulnerabilities. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM, 1529–1531. https://doi.org/10.1145/2660267.2662394
  36. Adversarial examples for models of code. Proc. ACM Program. Lang. 4, OOPSLA (2020), 162:1–162:30. https://doi.org/10.1145/3428230
  37. OpenAttack: An Open-source Textual Adversarial Attack Toolkit. In Proceedings of the Joint Conference of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing, ACL 2021 - System Demonstrations, Online, August 1-6, 2021, Heng Ji, Jong C. Park, and Rui Xia (Eds.). Association for Computational Linguistics, 363–371. https://doi.org/10.18653/v1/2021.acl-demo.43
  38. An extensive study on pre-trained models for program understanding and generation. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022, Virtual Event, South Korea, July 18 - 22, 2022, Sukyoung Ryu and Yannis Smaragdakis (Eds.). ACM, 39–51. https://doi.org/10.1145/3533767.3534390
  39. Towards Robustness of Deep Program Processing Models - Detection, Estimation, and Enhancement. ACM Trans. Softw. Eng. Methodol. 31, 3 (2022), 50:1–50:40. https://doi.org/10.1145/3511887
  40. Generating Adversarial Examples for Holding Robustness of Source Code Processing Models. In Proceedings of the Thirty-Fourth AAAI Conference on Artificial Intelligence, AAAI 2020, New York, NY, USA, February 7-12, 2020. AAAI Press, 1169–1176. https://ojs.aaai.org/index.php/AAAI/article/view/5469
  41. Adversarial Attacks on Deep-learning Models in Natural Language Processing: A Survey. ACM Trans. Intell. Syst. Technol. 11, 3 (2020), 24:1–24:41. https://doi.org/10.1145/3374217
  42. Gang Zhao and Jeff Huang. 2018. DeepSim: deep learning code functional similarity. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2018, Lake Buena Vista, FL, USA, November 04-09, 2018, Gary T. Leavens, Alessandro Garcia, and Corina S. Pasareanu (Eds.). ACM, 141–151. https://doi.org/10.1145/3236024.3236068
  43. Adversarial Robustness of Deep Code Comment Generation. ACM Trans. Softw. Eng. Methodol. 31, 4 (2022), 60:1–60:30. https://doi.org/10.1145/3501256
Citations (9)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now