An input-denoising-based defense against stealthy backdoor attacks in large language models for code

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information and Software Technology Pub Date : 2025-01-06 DOI:10.1016/j.infsof.2024.107661

Yubin Qu , Song Huang , Xiang Chen , Tongtong Bai , Yongming Yao

{"title":"An input-denoising-based defense against stealthy backdoor attacks in large language models for code","authors":"Yubin Qu , Song Huang , Xiang Chen , Tongtong Bai , Yongming Yao","doi":"10.1016/j.infsof.2024.107661","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><div>Large Language Models are becoming integral to software development. They are trained on open data from platforms like GitHub, making them vulnerable to poisoning attacks. Research shows that backdoor attacks with traditional static triggers using fixed code patterns are relatively easy to detect. The novel attack approach uses specific Syntax Tree structures as triggers, offering greater stealthiness while maintaining explicit code structures. This method poses new challenges for backdoor detection.</div></div><div><h3>Objective:</h3><div>We propose an <strong>I</strong>nput-<strong>D</strong> enoising-based defense against stealthy <strong>B</strong>ackdoor <strong>A</strong>ttacks with dynamic triggers (<em>IDBA</em>) in Large Language Models for Code.</div></div><div><h3>Method:</h3><div>We overlay a set of malicious code segments onto the code segment with dynamic triggers, convert the output state of the input code into a random walk graph neural network, calculate the expected value of the final state through particle filtering, and thus detect the existence of a backdoor attack.</div></div><div><h3>Results:</h3><div>Empirical studies are conducted on Codebert, GraphCodebert, and CodeT5 for vulnerability and code clone detection tasks. Our results show that <em>IDBA</em> achieves an average detection rate of 73.75% and 68.12% for vulnerability and code clone detection tasks, respectively.</div></div><div><h3>Conclusion:</h3><div>Detecting backdoor attacks using <em>IDBA</em> on code models allows for the early identification of potential backdoor threats after model deployment, enhancing the security of code models.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"180 ","pages":"Article 107661"},"PeriodicalIF":3.8000,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584924002660","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Context:

Large Language Models are becoming integral to software development. They are trained on open data from platforms like GitHub, making them vulnerable to poisoning attacks. Research shows that backdoor attacks with traditional static triggers using fixed code patterns are relatively easy to detect. The novel attack approach uses specific Syntax Tree structures as triggers, offering greater stealthiness while maintaining explicit code structures. This method poses new challenges for backdoor detection.

Objective:

We propose an Input-D enoising-based defense against stealthy Backdoor Attacks with dynamic triggers (IDBA) in Large Language Models for Code.

Method:

We overlay a set of malicious code segments onto the code segment with dynamic triggers, convert the output state of the input code into a random walk graph neural network, calculate the expected value of the final state through particle filtering, and thus detect the existence of a backdoor attack.

Results:

Empirical studies are conducted on Codebert, GraphCodebert, and CodeT5 for vulnerability and code clone detection tasks. Our results show that IDBA achieves an average detection rate of 73.75% and 68.12% for vulnerability and code clone detection tasks, respectively.

Conclusion:

Detecting backdoor attacks using IDBA on code models allows for the early identification of potential backdoor threats after model deployment, enhancing the security of code models.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.