Stealthy Backdoor Attack for Code Models

Zhang, Yang; Xu, Bo; Zhang, Jie M.; Kang, Hong Jin; Shi, Jieke; He, Junda; Lo, David

doi:10.48550/arxiv.2301.02496

Cited by 4 publications

(4 citation statements)

References 48 publications

(107 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As shown in Yang et al's work [13], their triggers inevitably sacrificed some attack effectiveness. The intuition is that the poisoned examples are harder to distinguish from benign examples.…”

Section: The Characteristics Of Unsuccessful Attacksmentioning

confidence: 99%

“…These triggers are explicit. Yang et al [13] proposed AFRAIDOOR (Adversarial Feature as Adaptive Backdoor). AFRAIDOOR achieves stealthiness by leveraging adversarial perturbations to inject adaptive triggers into different inputs.…”

Section: Trigger Design For Backdoor Attacksmentioning

confidence: 99%

“…Three rule-based poisoning strategies and an advanced language-model-guided poisoning strategy to design triggers for source code were proposed. Yang et al [13] proposed a stealthy backdoor attack for code models by leveraging adversarial perturbations to inject adaptive triggers into different inputs.…”

Section: Introductionmentioning

confidence: 99%

“…[56][54][57]; the triggers for code model attacks use dead code, renamed variable names[60][61][21][11][12][13], etc. These triggers are obtained through optimization algorithms, and they are based on variable names or dead code, etc.…”

mentioning

confidence: 99%

See 3 more Smart Citations

A Stealthy Backdoor Attack for Code Models

qu,

Huang,

Chen

et al. 2024

Preprint

View full text Add to dashboard Cite

Recent studies have shown that code models are susceptible to backdoor attacks. When injected with a backdoor, the victim code model can function normally on benign samples but may produce predetermined malicious outputs when triggers are activated. However, previous backdoor attacks on code models have used explicit triggers, and we aim to investigate the vulnerability of code models to stealthy backdoor attacks in this study. To this end, we propose a backdoor attack approach using Abstract Syntax Tree-based Triggers (ASTT) to obtain stealthiness. We evaluate ASTT on deep learning-based code models and three downstream tasks (i.e., code translation, code repair, and defect detection). With the clustering algorithm, we generated triggers based on abstract syntax trees. We find that the average attack success rate of our ASTT can reach 92.71%. Moreover, our ASTT is stealthy and can effectively bypass state-of-the-art defense approaches. Finally, we verify that the time overhead of our proposed ASTT is small and can meet the needs in real scenarios. Our finding demonstrates security weaknesses in code models under stealthy backdoor attacks.

show abstract

Section: The Characteristics Of Unsuccessful Attacksmentioning

confidence: 99%

Section: Trigger Design For Backdoor Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

A Stealthy Backdoor Attack for Code Models

qu,

Huang,

Chen

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

Unveiling Memorization in Code Models

Yang,

Zhao,

Wang

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

PPM: Automated Generation of Diverse Programming Problems for Benchmarking Code Generation Models

Chen,

Feng,

Han

et al. 2024

Proc. ACM Softw. Eng.

View full text Add to dashboard Cite

In recent times, a plethora of Large Code Generation Models (LCGMs) have been proposed, showcasing significant potential in assisting developers with complex programming tasks. Within the surge of LCGM proposals, a critical aspect of code generation research involves effectively benchmarking the programming capabilities of models. Benchmarking LCGMs necessitates the creation of a set of diverse programming problems, and each problem comprises the prompt (including the task description), canonical solution, and test inputs. The existing methods for constructing such a problem set can be categorized into two main types: manual methods and perturbation-based methods. However, %both these methods exhibit major limitations. %Firstly, manually-based methods require substantial human effort and are not easily scalable. Moreover, programming problem sets created manually struggle to maintain long-term data integrity due to the greedy training data collection mechanism in LCGMs. On the other hand, perturbation-based approaches primarily produce semantically homogeneous problems, resulting in generated programming problems with identical Canonical Solutions to the seed problem. These methods also tend to introduce typos to the prompt, easily detectable by IDEs, rendering them unrealistic. manual methods demand high effort and lack scalability, while also risking data integrity due to LCGMs' potentially contaminated data collection, and perturbation-based approaches mainly generate semantically homogeneous problems with the same canonical solutions and introduce typos that can be easily auto-corrected by IDE, making them ineffective and unrealistic. Addressing the aforementioned limitations presents several challenges: (1) How to automatically generate semantically diverse Canonical Solutions to enable comprehensive benchmarking on the models, (2) how to ensure long-term data integrity to prevent data contamination, and (3) how to generate natural and realistic programming problems. To tackle the first challenge, we draw key insights from viewing a program as a series of mappings from the input to the output domain. These mappings can be transformed, split, reordered, or merged to construct new programs. Based on this insight, we propose programming problem merging, where two existing programming problems are combined to create new ones. In addressing the second challenge, we incorporate randomness to our programming problem-generation process. Our tool can probabilistically guarantee no data repetition across two random trials. To tackle the third challenge, we propose the concept of a Lambda Programming Problem, comprising a concise one-sentence task description in natural language accompanied by a corresponding program implementation. Our tool ensures the program prompt is grammatically correct. Additionally, the tool leverages return value type analysis to verify the correctness of newly created Canonical Solutions. In our empirical evaluation, we utilize our tool on two widely-used datasets and compare it against nine baseline methods using eight code generation models. The results demonstrate the effectiveness of our tool in generating more challenging, diverse, and natural programming problems, comparing to the baselines.

show abstract

Stealthy Backdoor Attack for Code Models

Cited by 4 publications

References 48 publications

A Stealthy Backdoor Attack for Code Models

A Stealthy Backdoor Attack for Code Models

Unveiling Memorization in Code Models

PPM: Automated Generation of Diverse Programming Problems for Benchmarking Code Generation Models

Contact Info

Product

Resources

About