Huangzhao Zhang scite author profile

Automated processing, analysis, and generation of source code are among the key activities in software and system lifecycle. To this end, while deep learning (DL) exhibits a certain level of capability in handling these tasks, the current state-of-the-art DL models still suffer from non-robust issues and can be easily fooled by adversarial attacks.Different from adversarial attacks for image, audio, and natural languages, the structured nature of programming languages brings new challenges. In this paper, we propose a Metropolis-Hastings sampling-based identifier renaming technique, named \fullmethod (\method), which generates adversarial examples for DL models specialized for source code processing. Our in-depth evaluation on a functionality classification benchmark demonstrates the effectiveness of \method in generating adversarial examples of source code. The higher robustness and performance enhanced through our adversarial training with \method further confirms the usefulness of DL models-based method for future fully automated source code processing.

show abstract

Generating Fluent Adversarial Examples for Natural Languages

Zhang¹,

Zhang²,

Miao³

et al. 2019

View full text Add to dashboard Cite

Efficiently building an adversarial attacker for natural language processing (NLP) tasks is a real challenge. Firstly, as the sentence space is discrete, it is difficult to make small perturbations along the direction of gradients. Secondly, the fluency of the generated examples cannot be guaranteed. In this paper, we propose MHA, which addresses both problems by performing Metropolis-Hastings sampling, whose proposal is designed with the guidance of gradients. Experiments on IMDB and SNLI show that our proposed MHA outperforms the baseline model on attacking capability. Adversarial training with MHA also leads to better robustness and performance.

show abstract

Towards Robustness of Deep Program Processing Models—Detection, Estimation, and Enhancement

Zhang

Zhi-yi

et al. 2022

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

Deep learning (DL) has recently been widely applied to diverse source code processing tasks in the software engineering (SE) community, which achieves competitive performance ( e.g ., accuracy). However, the robustness, which requires the model to produce consistent decisions given minorly perturbed code inputs, still lacks systematic investigation as an important quality indicator. This paper initiates an early step and proposes a framework CARROT for robustness detection, measurement, and enhancement of DL models for source code processing. We first propose an optimization-based attack technique CARROT A to generate valid adversarial source code examples effectively and efficiently. Based on this, we define the robustness metrics and propose robustness measurement toolkit CARROT M , which employs the worst-case performance approximation under the allowable perturbations. We further propose to improve the robustness of the DL models by adversarial training (CARROT T ) with our proposed attack techniques. Our in-depth evaluations on three source code processing tasks ( i.e ., functionality classification, code clone detection, defect prediction) containing more than 3 million lines of code and the classic or SOTA DL models, including GRU, LSTM, ASTNN, LSCNN, TBCNN, CodeBERT and CDLH, demonstrate the usefulness of our techniques for ❶ effective and efficient adversarial example detection, ❷ tight robustness estimation, and ❸ effective robustness enhancement.

show abstract

Poison Attack and Defense on Deep Source Code Processing Models

Li¹,

Li²,

Zhang³

et al. 2022

Preprint

View full text Add to dashboard Cite

In the software engineering (SE) community, deep learning (DL) has recently been applied to many source code processing tasks, achieving state-of-the-art results. Due to the poor interpretability of DL models, their security vulnerabilities require scrutiny. Recently, researchers have identified an emergent security threat in the DL field, namely poison attack. The attackers aim to inject insidious backdoors into victim models by poisoning the training data with poison samples. Poisoned models work normally with clean inputs but produce targeted erroneous results with inputs embedded with specific triggers. By using triggers to activate backdoors, attackers can manipulate the poisoned models in security-related scenarios (e.g., defect detection) and lead to severe consequences.To verify the vulnerability of existing deep source code processing models to the poison attack, we firstly present a poison attack framework for source code named CodePoisoner as a strong imaginary enemy. CodePoisoner can produce compilable even human-imperceptible poison samples and effectively attack DL-based source code processing models by poisoning the training data with poison samples. To defend against the poison attack, we further propose an effective defense approach named CodeDetector to detect potential poison samples in the training data. CodeDetector can be applied to many model architectures (e.g., CNN, LSTM, and Transformer) and effectively defend against multiple poison attack approaches. We apply our CodePoisoner and CodeDetector to three tasks, including defect detection, clone detection, and code repair. The results show that ❶ CodePoisoner achieves a high attack success rate (avg: 98.3%, max: 100%) in misleading victim models to targeted erroneous behaviors. It validates that existing deep source code processing models have a strong vulnerability to the poison attack. ❷ CodeDetector effectively defends against multiple poison attack approaches by detecting (max: 100%) poison samples in the training data. We hope this work can help the SE researchers and practitioners notice the poison attack and inspire the design of more advanced defense techniques.

show abstract

Learning to represent programs with heterogeneous graphs

Zhang

Wang

Zhang

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Huangzhao Zhang

Generating Adversarial Examples for Holding Robustness of Source Code Processing Models

Generating Fluent Adversarial Examples for Natural Languages

Towards Robustness of Deep Program Processing Models—Detection, Estimation, and Enhancement

Poison Attack and Defense on Deep Source Code Processing Models

Learning to represent programs with heterogeneous graphs

Contact Info

Product

Resources

About