Abstract
背景:目前大多数的adversarial attack method on pre-trained models of code忽略了perturbations should be natural to human judges(naturalness requirement)
本文:ALERT(Naturalness Aware Attack)
Github: https://github.com/soarsmu/attack-pretrain-models-of-code
Task: blackbox attack on pre-trained models of code
Method: 同时考虑生成的样本的自然语义(natural semantic)和操作性语义(operational semantic)
实验1:User study: ALERT生成的更natural
实验2:
数据集: CodeBERT, GraphCodeBERT
Competitor: MHM
Subtasks: vulnerability prediction, clone detection, code authorship attribution
- On attacking CodeBERT, our approach can achieve attack success rates of 53.62%, 27.79%, and 35.78% across three downstream tasks: vulnerability prediction, clone detection and code authorship attribution.
- On GraphCodeBERT, our approach can achieve average success rates of 76.95%, 7.96% and 61.47% on the three tasks.
- outperforms the baseline by 14.07% and 18.56% on the two pre-trained models on average
- retraining: increased by 87.59% and 92.32%
- pre-trained CDeepFuzz Natural Reading trainedpre-trained cdeepfuzz natural reading understanding pre-trained generation cdeepfuzz pre-trained pre-training pre-train understanding pre-training generative improving combinatorial cdeepfuzz learning reading differentiation cdeepfuzz automatic reading perl contextualized pivot-based pre-trained domain mixture-of-domain-adapters pre-trained