STRATA: Simple, Gradient-Free Attacks for Models of Code
- URL: http://arxiv.org/abs/2009.13562v2
- Date: Thu, 19 Aug 2021 20:20:34 GMT
- Title: STRATA: Simple, Gradient-Free Attacks for Models of Code
- Authors: Jacob M. Springer, Bryn Marie Reinstadler, Una-May O'Reilly
- Abstract summary: We develop a simple and efficient gradient-free method for generating adversarial examples on models of code.
Our method empirically outperforms competing gradient-based methods with less information and less computational effort.
- Score: 7.194523054331424
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Neural networks are well-known to be vulnerable to imperceptible
perturbations in the input, called adversarial examples, that result in
misclassification. Generating adversarial examples for source code poses an
additional challenge compared to the domains of images and natural language,
because source code perturbations must retain the functional meaning of the
code. We identify a striking relationship between token frequency statistics
and learned token embeddings: the L2 norm of learned token embeddings increases
with the frequency of the token except for the highest-frequnecy tokens. We
leverage this relationship to construct a simple and efficient gradient-free
method for generating state-of-the-art adversarial examples on models of code.
Our method empirically outperforms competing gradient-based methods with less
information and less computational effort.
Related papers
- Tram: A Token-level Retrieval-augmented Mechanism for Source Code Summarization [76.57699934689468]
We propose a fine-grained Token-level retrieval-augmented mechanism (Tram) on the decoder side to enhance the performance of neural models.
To overcome the challenge of token-level retrieval in capturing contextual code semantics, we also propose integrating code semantics into individual summary tokens.
arXiv Detail & Related papers (2023-05-18T16:02:04Z) - Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck [77.37409441129995]
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
arXiv Detail & Related papers (2023-03-24T16:03:21Z) - Look Beyond Bias with Entropic Adversarial Data Augmentation [4.893694715581673]
Deep neural networks do not discriminate between spurious and causal patterns, and will only learn the most predictive ones while ignoring the others.
Debiasing methods were developed to make networks robust to such spurious biases but require to know in advance if a dataset is biased.
In this paper, we argue that such samples should not be necessarily needed because the ''hidden'' causal information is often also contained in biased images.
arXiv Detail & Related papers (2023-01-10T08:25:24Z) - Towards Practical Control of Singular Values of Convolutional Layers [65.25070864775793]
Convolutional neural networks (CNNs) are easy to train, but their essential properties, such as generalization error and adversarial robustness, are hard to control.
Recent research demonstrated that singular values of convolutional layers significantly affect such elusive properties.
We offer a principled approach to alleviating constraints of the prior art at the expense of an insignificant reduction in layer expressivity.
arXiv Detail & Related papers (2022-11-24T19:09:44Z) - Software Vulnerability Detection via Deep Learning over Disaggregated
Code Graph Representation [57.92972327649165]
This work explores a deep learning approach to automatically learn the insecure patterns from code corpora.
Because code naturally admits graph structures with parsing, we develop a novel graph neural network (GNN) to exploit both the semantic context and structural regularity of a program.
arXiv Detail & Related papers (2021-09-07T21:24:36Z) - Discriminator-Free Generative Adversarial Attack [87.71852388383242]
Agenerative-based adversarial attacks can get rid of this limitation.
ASymmetric Saliency-based Auto-Encoder (SSAE) generates the perturbations.
The adversarial examples generated by SSAE not only make thewidely-used models collapse, but also achieves good visual quality.
arXiv Detail & Related papers (2021-07-20T01:55:21Z) - Invariance, encodings, and generalization: learning identity effects
with neural networks [0.0]
We provide a framework in which we can rigorously prove that algorithms satisfying simple criteria cannot make the correct inference.
We then show that a broad class of learning algorithms including deep feedforward neural networks trained via gradient-based algorithms satisfy our criteria.
In some broader circumstances we are able to provide adversarial examples that the network necessarily classifies incorrectly.
arXiv Detail & Related papers (2021-01-21T01:28:15Z) - Learning What Makes a Difference from Counterfactual Examples and
Gradient Supervision [57.14468881854616]
We propose an auxiliary training objective that improves the generalization capabilities of neural networks.
We use pairs of minimally-different examples with different labels, a.k.a counterfactual or contrasting examples, which provide a signal indicative of the underlying causal structure of the task.
Models trained with this technique demonstrate improved performance on out-of-distribution test sets.
arXiv Detail & Related papers (2020-04-20T02:47:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.