An Empirical Study of Deep Learning Models for Vulnerability Detection

Steenhoek, Benjamin; Rahman, Md. Mahbubur; Jiles, Richard; Le, Wei

doi:10.48550/arxiv.2212.08109

Search citation statements

Order By: Relevance

Paper Sections

Select...

Implementation Details1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Preprint1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The official RNN-based model was introduced for code repair tasks 7 . The CodeBERT-based and GNN-based models were introduced for defect detection based on the work [41].…”

Section: Implementation Detailsmentioning

confidence: 99%

A Stealthy Backdoor Attack for Code Models

qu,

Huang,

Chen

et al. 2024

Preprint

View full text Add to dashboard Cite

Recent studies have shown that code models are susceptible to backdoor attacks. When injected with a backdoor, the victim code model can function normally on benign samples but may produce predetermined malicious outputs when triggers are activated. However, previous backdoor attacks on code models have used explicit triggers, and we aim to investigate the vulnerability of code models to stealthy backdoor attacks in this study. To this end, we propose a backdoor attack approach using Abstract Syntax Tree-based Triggers (ASTT) to obtain stealthiness. We evaluate ASTT on deep learning-based code models and three downstream tasks (i.e., code translation, code repair, and defect detection). With the clustering algorithm, we generated triggers based on abstract syntax trees. We find that the average attack success rate of our ASTT can reach 92.71%. Moreover, our ASTT is stealthy and can effectively bypass state-of-the-art defense approaches. Finally, we verify that the time overhead of our proposed ASTT is small and can meet the needs in real scenarios. Our finding demonstrates security weaknesses in code models under stealthy backdoor attacks.

show abstract

“…The official RNN-based model was introduced for code repair tasks 7 . The CodeBERT-based and GNN-based models were introduced for defect detection based on the work [41].…”

Section: Implementation Detailsmentioning

confidence: 99%