DIP: Dead code Insertion based Black-box Attack for Programming Language Model

Cheol Won Na; Yun Seok Choi; Jee Hyong Lee

doi:10.18653/v1/2023.acl-long.430

DIP: Dead code Insertion based Black-box Attack for Programming Language Model

Cheol Won Na, Yun Seok Choi, Jee Hyong Lee

Sungkyunkwan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Scopus citations

Abstract

Automatic processing of source code, such as code clone detection and software vulnerability detection, is very helpful to software engineers. Large pre-trained Programming Language (PL) models (such as CodeBERT, GraphCodeBERT, CodeT5, etc.), show very powerful performance on these tasks. However, these PL models are vulnerable to adversarial examples that are generated with slight perturbation. Unlike natural language, an adversarial example of code must be semantic-preserving and compilable. Due to the requirements, it is hard to directly apply the existing attack methods for natural language models. In this paper, we propose DIP (Dead code Insertion based Black-box Attack for Programming Language Model), a high-performance and efficient black-box attack method to generate adversarial examples using dead code insertion. We evaluate our proposed method on 9 victim downstream-task large code models. Our method outperforms the state-of-the-art black-box attack in both attack efficiency and attack quality, while generated adversarial examples are compiled preserving semantic functionality.

Original language	English
Title of host publication	Long Papers
Publisher	Association for Computational Linguistics (ACL)
Pages	7777-7791
Number of pages	15
ISBN (Electronic)	9781959429722
DOIs	https://doi.org/10.18653/v1/2023.acl-long.430
State	Published - 2023
Event	61st Annual Meeting of the Association for Computational Linguistics, ACL 2023 - Toronto, Canada Duration: 9 Jul 2023 → 14 Jul 2023

Publication series

Name	Proceedings of the Annual Meeting of the Association for Computational Linguistics
Volume	1
ISSN (Print)	0736-587X

Conference

Conference	61st Annual Meeting of the Association for Computational Linguistics, ACL 2023
Country/Territory	Canada
City	Toronto
Period	9/07/23 → 14/07/23

Access to Document

10.18653/v1/2023.acl-long.430

Cite this

@inproceedings{39f3cfbfdba3483d86b9eb1ddd14f63a,

title = "DIP: Dead code Insertion based Black-box Attack for Programming Language Model",

abstract = "Automatic processing of source code, such as code clone detection and software vulnerability detection, is very helpful to software engineers. Large pre-trained Programming Language (PL) models (such as CodeBERT, GraphCodeBERT, CodeT5, etc.), show very powerful performance on these tasks. However, these PL models are vulnerable to adversarial examples that are generated with slight perturbation. Unlike natural language, an adversarial example of code must be semantic-preserving and compilable. Due to the requirements, it is hard to directly apply the existing attack methods for natural language models. In this paper, we propose DIP (Dead code Insertion based Black-box Attack for Programming Language Model), a high-performance and efficient black-box attack method to generate adversarial examples using dead code insertion. We evaluate our proposed method on 9 victim downstream-task large code models. Our method outperforms the state-of-the-art black-box attack in both attack efficiency and attack quality, while generated adversarial examples are compiled preserving semantic functionality.",

author = "Na, \{Cheol Won\} and Choi, \{Yun Seok\} and Lee, \{Jee Hyong\}",

note = "Publisher Copyright: {\textcopyright} 2023 Association for Computational Linguistics.; 61st Annual Meeting of the Association for Computational Linguistics, ACL 2023 ; Conference date: 09-07-2023 Through 14-07-2023",

year = "2023",

doi = "10.18653/v1/2023.acl-long.430",

language = "English",

series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",

publisher = "Association for Computational Linguistics (ACL)",

pages = "7777--7791",

booktitle = "Long Papers",

}

Na, CW, Choi, YS & Lee, JH 2023, DIP: Dead code Insertion based Black-box Attack for Programming Language Model. in Long Papers. Proceedings of the Annual Meeting of the Association for Computational Linguistics, vol. 1, Association for Computational Linguistics (ACL), pp. 7777-7791, 61st Annual Meeting of the Association for Computational Linguistics, ACL 2023, Toronto, Canada, 9/07/23. https://doi.org/10.18653/v1/2023.acl-long.430

DIP: Dead code Insertion based Black-box Attack for Programming Language Model. / Na, Cheol Won; Choi, Yun Seok ; Lee, Jee Hyong.
Long Papers. Association for Computational Linguistics (ACL), 2023. p. 7777-7791 (Proceedings of the Annual Meeting of the Association for Computational Linguistics; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DIP

T2 - 61st Annual Meeting of the Association for Computational Linguistics, ACL 2023

AU - Na, Cheol Won

AU - Choi, Yun Seok

AU - Lee, Jee Hyong

PY - 2023

Y1 - 2023

N2 - Automatic processing of source code, such as code clone detection and software vulnerability detection, is very helpful to software engineers. Large pre-trained Programming Language (PL) models (such as CodeBERT, GraphCodeBERT, CodeT5, etc.), show very powerful performance on these tasks. However, these PL models are vulnerable to adversarial examples that are generated with slight perturbation. Unlike natural language, an adversarial example of code must be semantic-preserving and compilable. Due to the requirements, it is hard to directly apply the existing attack methods for natural language models. In this paper, we propose DIP (Dead code Insertion based Black-box Attack for Programming Language Model), a high-performance and efficient black-box attack method to generate adversarial examples using dead code insertion. We evaluate our proposed method on 9 victim downstream-task large code models. Our method outperforms the state-of-the-art black-box attack in both attack efficiency and attack quality, while generated adversarial examples are compiled preserving semantic functionality.

AB - Automatic processing of source code, such as code clone detection and software vulnerability detection, is very helpful to software engineers. Large pre-trained Programming Language (PL) models (such as CodeBERT, GraphCodeBERT, CodeT5, etc.), show very powerful performance on these tasks. However, these PL models are vulnerable to adversarial examples that are generated with slight perturbation. Unlike natural language, an adversarial example of code must be semantic-preserving and compilable. Due to the requirements, it is hard to directly apply the existing attack methods for natural language models. In this paper, we propose DIP (Dead code Insertion based Black-box Attack for Programming Language Model), a high-performance and efficient black-box attack method to generate adversarial examples using dead code insertion. We evaluate our proposed method on 9 victim downstream-task large code models. Our method outperforms the state-of-the-art black-box attack in both attack efficiency and attack quality, while generated adversarial examples are compiled preserving semantic functionality.

UR - https://www.scopus.com/pages/publications/85174409050

U2 - 10.18653/v1/2023.acl-long.430

DO - 10.18653/v1/2023.acl-long.430

M3 - Conference contribution

AN - SCOPUS:85174409050

T3 - Proceedings of the Annual Meeting of the Association for Computational Linguistics

SP - 7777

EP - 7791

BT - Long Papers

PB - Association for Computational Linguistics (ACL)

Y2 - 9 July 2023 through 14 July 2023

ER -

DIP: Dead code Insertion based Black-box Attack for Programming Language Model

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this