Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning
Attacks
- URL: http://arxiv.org/abs/2308.04451v3
- Date: Fri, 9 Feb 2024 16:28:40 GMT
- Title: Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning
Attacks
- Authors: Domenico Cotroneo, Cristina Improta, Pietro Liguori, Roberto Natella
- Abstract summary: This work investigates the security of AI code generators by devising a targeted data poisoning strategy.
We poison the training data by injecting increasing amounts of code containing security vulnerabilities.
Our study shows that AI code generators are vulnerable to even a small amount of poison.
- Score: 9.386731514208149
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: AI-based code generators have become pivotal in assisting developers in
writing software starting from natural language (NL). However, they are trained
on large amounts of data, often collected from unsanitized online sources
(e.g., GitHub, HuggingFace). As a consequence, AI models become an easy target
for data poisoning, i.e., an attack that injects malicious samples into the
training data to generate vulnerable code.
To address this threat, this work investigates the security of AI code
generators by devising a targeted data poisoning strategy. We poison the
training data by injecting increasing amounts of code containing security
vulnerabilities and assess the attack's success on different state-of-the-art
models for code generation. Our study shows that AI code generators are
vulnerable to even a small amount of poison. Notably, the attack success
strongly depends on the model architecture and poisoning rate, whereas it is
not influenced by the type of vulnerabilities. Moreover, since the attack does
not impact the correctness of code generated by pre-trained models, it is hard
to detect. Lastly, our work offers practical insights into understanding and
potentially mitigating this threat.
Related papers
- A Disguised Wolf Is More Harmful Than a Toothless Tiger: Adaptive Malicious Code Injection Backdoor Attack Leveraging User Behavior as Triggers [15.339528712960021]
We first present the game-theoretic model that focuses on security issues in code generation scenarios.
This framework outlines possible scenarios and patterns where attackers could spread malicious code models to create security threats.
We also pointed out for the first time that the attackers can use backdoor attacks to dynamically adjust the timing of malicious code injection.
arXiv Detail & Related papers (2024-08-19T18:18:04Z) - SEEP: Training Dynamics Grounds Latent Representation Search for Mitigating Backdoor Poisoning Attacks [53.28390057407576]
Modern NLP models are often trained on public datasets drawn from diverse sources.
Data poisoning attacks can manipulate the model's behavior in ways engineered by the attacker.
Several strategies have been proposed to mitigate the risks associated with backdoor attacks.
arXiv Detail & Related papers (2024-05-19T14:50:09Z) - Poisoning Programs by Un-Repairing Code: Security Concerns of
AI-generated Code [0.9790236766474201]
We identify a novel data poisoning attack that results in the generation of vulnerable code.
We then devise an extensive evaluation of how these attacks impact state-of-the-art models for code generation.
arXiv Detail & Related papers (2024-03-11T12:47:04Z) - TrojanPuzzle: Covertly Poisoning Code-Suggestion Models [27.418320728203387]
We show two attacks that can bypass static analysis by planting malicious poison data in out-of-context regions such as docstrings.
Our most novel attack, TROJANPUZZLE, goes one step further in generating less suspicious poison data by never explicitly including certain (suspicious) parts of the payload in the poison data.
arXiv Detail & Related papers (2023-01-06T00:37:25Z) - Poison Attack and Defense on Deep Source Code Processing Models [38.32413592143839]
We present a poison attack framework for source code named CodePoisoner as a strong imaginary enemy.
CodePoisoner can produce compilable even human-imperceptible poison samples and attack models by poisoning the training data.
We propose an effective defense approach named CodeDetector to detect poison samples in the training data.
arXiv Detail & Related papers (2022-10-31T03:06:40Z) - PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in
Contrastive Learning [69.70602220716718]
We propose PoisonedEncoder, a data poisoning attack to contrastive learning.
In particular, an attacker injects carefully crafted poisoning inputs into the unlabeled pre-training data.
We evaluate five defenses against PoisonedEncoder, including one pre-processing, three in-processing, and one post-processing defenses.
arXiv Detail & Related papers (2022-05-13T00:15:44Z) - Accumulative Poisoning Attacks on Real-time Data [56.96241557830253]
We show that a well-designed but straightforward attacking strategy can dramatically amplify the poisoning effects.
Our work validates that a well-designed but straightforward attacking strategy can dramatically amplify the poisoning effects.
arXiv Detail & Related papers (2021-06-18T08:29:53Z) - Defening against Adversarial Denial-of-Service Attacks [0.0]
Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies.
We propose a new approach of detecting DoS poisoned instances.
We evaluate our defence against two DoS poisoning attacks and seven datasets, and find that it reliably identifies poisoned instances.
arXiv Detail & Related papers (2021-04-14T09:52:36Z) - Hidden Backdoor Attack against Semantic Segmentation Models [60.0327238844584]
The emphbackdoor attack intends to embed hidden backdoors in deep neural networks (DNNs) by poisoning training data.
We propose a novel attack paradigm, the emphfine-grained attack, where we treat the target label from the object-level instead of the image-level.
Experiments show that the proposed methods can successfully attack semantic segmentation models by poisoning only a small proportion of training data.
arXiv Detail & Related papers (2021-03-06T05:50:29Z) - How Robust are Randomized Smoothing based Defenses to Data Poisoning? [66.80663779176979]
We present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality.
We propose a novel bilevel optimization-based data poisoning attack that degrades the robustness guarantees of certifiably robust classifiers.
Our attack is effective even when the victim trains the models from scratch using state-of-the-art robust training methods.
arXiv Detail & Related papers (2020-12-02T15:30:21Z) - Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching [56.280018325419896]
Data Poisoning attacks modify training data to maliciously control a model trained on such data.
We analyze a particularly malicious poisoning attack that is both "from scratch" and "clean label"
We show that it is the first poisoning method to cause targeted misclassification in modern deep networks trained from scratch on a full-sized, poisoned ImageNet dataset.
arXiv Detail & Related papers (2020-09-04T16:17:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.