Backdooring Neural Code Search
- URL: http://arxiv.org/abs/2305.17506v2
- Date: Mon, 12 Jun 2023 08:05:03 GMT
- Title: Backdooring Neural Code Search
- Authors: Weisong Sun, Yuchen Chen, Guanhong Tao, Chunrong Fang, Xiangyu Zhang,
Quanjun Zhang, Bin Luo
- Abstract summary: An adversary can inject a backdoor in neural code search models.
In this paper, we demonstrate such attacks are feasible and can be quite stealthy.
Our attack BADCODE features a special trigger generation and injection procedure, making the attack more effective and stealthy.
- Score: 20.88291603306741
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Reusing off-the-shelf code snippets from online repositories is a common
practice, which significantly enhances the productivity of software developers.
To find desired code snippets, developers resort to code search engines through
natural language queries. Neural code search models are hence behind many such
engines. These models are based on deep learning and gain substantial attention
due to their impressive performance. However, the security aspect of these
models is rarely studied. Particularly, an adversary can inject a backdoor in
neural code search models, which return buggy or even vulnerable code with
security/privacy issues. This may impact the downstream software (e.g., stock
trading systems and autonomous driving) and cause financial loss and/or
life-threatening incidents. In this paper, we demonstrate such attacks are
feasible and can be quite stealthy. By simply modifying one variable/function
name, the attacker can make buggy/vulnerable code rank in the top 11%. Our
attack BADCODE features a special trigger generation and injection procedure,
making the attack more effective and stealthy. The evaluation is conducted on
two neural code search models and the results show our attack outperforms
baselines by 60%. Our user study demonstrates that our attack is more stealthy
than the baseline by two times based on the F1 score.
Related papers
- CodePurify: Defend Backdoor Attacks on Neural Code Models via Entropy-based Purification [19.570958294967536]
backdoor attacks can achieve nearly 100% attack success rates on many software engineering tasks.
We propose CodePurify, a novel defense against backdoor attacks on code models through entropy-based purification.
We extensively evaluate CodePurify against four advanced backdoor attacks across three representative tasks and two popular code models.
arXiv Detail & Related papers (2024-10-26T10:17:50Z) - Does Few-shot Learning Suffer from Backdoor Attacks? [63.9864247424967]
We show that few-shot learning can still be vulnerable to backdoor attacks.
Our method demonstrates a high Attack Success Rate (ASR) in FSL tasks with different few-shot learning paradigms.
This study reveals that few-shot learning still suffers from backdoor attacks, and its security should be given attention.
arXiv Detail & Related papers (2023-12-31T06:43:36Z) - Rethinking Backdoor Attacks [122.1008188058615]
In a backdoor attack, an adversary inserts maliciously constructed backdoor examples into a training set to make the resulting model vulnerable to manipulation.
Defending against such attacks typically involves viewing these inserted examples as outliers in the training set and using techniques from robust statistics to detect and remove them.
We show that without structural information about the training data distribution, backdoor attacks are indistinguishable from naturally-occurring features in the data.
arXiv Detail & Related papers (2023-07-19T17:44:54Z) - Backdoor Attack with Sparse and Invisible Trigger [57.41876708712008]
Deep neural networks (DNNs) are vulnerable to backdoor attacks.
backdoor attack is an emerging yet threatening training-phase threat.
We propose a sparse and invisible backdoor attack (SIBA)
arXiv Detail & Related papers (2023-05-11T10:05:57Z) - SoK: A Systematic Evaluation of Backdoor Trigger Characteristics in
Image Classification [21.424907311421197]
Deep learning is vulnerable to backdoor attacks that modify the training set to embed a secret functionality in the trained model.
This paper systematically analyzes the most relevant parameters for the backdoor attacks.
Our attacks cover the majority of backdoor settings in research, providing concrete directions for future works.
arXiv Detail & Related papers (2023-02-03T14:00:05Z) - Stealthy Backdoor Attack for Code Models [19.272856932095966]
Existing backdoor attacks on code models use unstealthy and easy-to-detect triggers.
This paper aims to investigate the vulnerability of code models with stealthy backdoor attacks.
We find that around 85% of adaptive triggers in AFRAIDOOR bypass the detection in the defense process.
arXiv Detail & Related papers (2023-01-06T13:15:42Z) - Untargeted Backdoor Attack against Object Detection [69.63097724439886]
We design a poison-only backdoor attack in an untargeted manner, based on task characteristics.
We show that, once the backdoor is embedded into the target model by our attack, it can trick the model to lose detection of any object stamped with our trigger patterns.
arXiv Detail & Related papers (2022-11-02T17:05:45Z) - An anomaly detection approach for backdoored neural networks: face
recognition as a case study [77.92020418343022]
We propose a novel backdoored network detection method based on the principle of anomaly detection.
We test our method on a novel dataset of backdoored networks and report detectability results with perfect scores.
arXiv Detail & Related papers (2022-08-22T12:14:13Z) - Check Your Other Door! Establishing Backdoor Attacks in the Frequency
Domain [80.24811082454367]
We show the advantages of utilizing the frequency domain for establishing undetectable and powerful backdoor attacks.
We also show two possible defences that succeed against frequency-based backdoor attacks and possible ways for the attacker to bypass them.
arXiv Detail & Related papers (2021-09-12T12:44:52Z) - DeepPayload: Black-box Backdoor Attack on Deep Learning Models through
Neural Payload Injection [17.136757440204722]
We introduce a highly practical backdoor attack achieved with a set of reverse-engineering techniques over compiled deep learning models.
The injected backdoor can be triggered with a success rate of 93.5%, while only brought less than 2ms latency overhead and no more than 1.4% accuracy decrease.
We found 54 apps that were vulnerable to our attack, including popular and security-critical ones.
arXiv Detail & Related papers (2021-01-18T06:29:30Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.