CodeBERT‐Attack: Adversarial attack against source code deep learning models via pre‐trained model
Huangzhao Zhang,Shuai Lu,Zhuo Li,Zhi Jin,Lei Ma,Yang Liu,Ge Li
DOI: https://doi.org/10.1002/smr.2571
2023-05-16
Abstract:Although powerful, the state‐of‐the‐art DL techniques for source code processing still suffer from adversarial vulnerability, where minor code perturbations can mislead a DL model's inference. We propose a black‐box effective adversarial attack method, CBA, leveraging the powerful large pre‐trained CodeBERT model to improve the quality of adversary, in this paper. Over the past few years, the software engineering (SE) community has widely employed deep learning (DL) techniques in many source code processing tasks. Similar to other domains like computer vision and natural language processing (NLP), the state‐of‐the‐art DL techniques for source code processing can still suffer from adversarial vulnerability, where minor code perturbations can mislead a DL model's inference. Efficiently detecting such vulnerability to expose the risks at an early stage is an essential step and of great importance for further enhancement. This paper proposes a novel black‐box effective and high‐quality adversarial attack method, namely CodeBERT‐Attack (CBA), based on the powerful large pre‐trained model (i.e., CodeBERT) for DL models of source code processing. CBA locates the vulnerable positions through masking and leverages the power of CodeBERT to generate textual preserving perturbations. We turn CodeBERT against DL models and further fine‐tuned CodeBERT models for specific downstream tasks, and successfully mislead these victim models to erroneous outputs. In addition, taking the power of CodeBERT, CBA is capable of effectively generating adversarial examples that are less perceptible to programmers. Our in‐depth evaluation on two typical source code classification tasks (i.e., functionality classification and code clone detection) against the most widely adopted LSTM and the powerful fine‐tuned CodeBERT models demonstrate the advantages of our proposed technique in terms of both effectiveness and efficiency. Furthermore, our results also show (1) that pre‐training may help CodeBERT gain resilience against perturbations further, and (2) certain pre‐training tasks may be beneficial for adversarial robustness.
computer science, software engineering