White-box structure analysis of pre-trained language models of code for effective attacking

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information and Software Technology Pub Date : 2025-03-26 DOI:10.1016/j.infsof.2025.107730

Chongyang Liu, Xiaoning Ren, Yinxing Xue

{"title":"White-box structure analysis of pre-trained language models of code for effective attacking","authors":"Chongyang Liu, Xiaoning Ren, Yinxing Xue","doi":"10.1016/j.infsof.2025.107730","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><div>Pre-trained language models of code (PLMs-C for short) have dramatically improved the state-of-the-art on various programming language processing tasks.</div></div><div><h3>Objective:</h3><div>Due to these well-performed models being easily disturbed by slight perturbations, several black-box approaches have been proposed for attacking them. However, these studies have presented two challenges: (1) black-box attacks lack interpretability in generating adversarial examples and are inefficient in attacking; (2) white-box analysis methods in natural language processing (NLP) have not yet been applied to PLMs-C, incurring a gap in this field.</div></div><div><h3>Methods:</h3><div>To address these challenges, we make the first attempt to perform a white-box structure analysis for PLMs-C, followed by a grey-box attack for PLMs-C named <span>MindAC</span> based on derived linguistic structures. Specifically, referring to the probing tasks for analyzing the linguistic property of text in NLP, we first design eight novel probing tasks for code to perform white-box structure analysis. We derive three types of linguistic structures from PLMs-C named <em>SurStruct</em>, <em>SyntStruct</em>, and <em>SemStrcut</em> which correspond to the surface, syntactic and semantic structures of code, respectively. Subsequently, <span>MindAC</span> perturbs the code snippets through variable replacement, variable redefinition, and equivalent transformation of loop statements. Besides, in linguistic structures, <span>MindAC</span> introduces the angular distance of hidden output (<em>ADHO</em>) and the Euclidean distance of attention output (<em>EDAO</em>) to guide the generation of adversarial examples.</div></div><div><h3>Results:</h3><div>Our experiments reveal that: (1) for the first time, it has been demonstrated that PLMs-C possess three linguistic structures; (2) <span>MindAc</span> outperforms the state-of-the-art baselines on attack success rate by 2.47% <span><math><mo>∼</mo></math></span> 25.45%, reduces the execution time by 25 m <span><math><mo>∼</mo></math></span> 36h16 m, and achieves a significantly lower number of queries. Furthermore, we perform adversarial fine-tuning on the training sets and recover the <em>Accuracy</em> and <em>F1</em> of the victim models by at least 57.76% and 60.13%, respectively.</div></div><div><h3>Conclusion:</h3><div>The results show that based on the derived linguistic structures, the proposed <span>MindAC</span> is more interpretable, effective, and efficient in attacking the PLMs-C compared with the state-of-the-art baselines. Besides, the generated adversarial examples can help to enhance the robustness of PLMs-C.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"183 ","pages":"Article 107730"},"PeriodicalIF":3.8000,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584925000692","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Context:

Pre-trained language models of code (PLMs-C for short) have dramatically improved the state-of-the-art on various programming language processing tasks.

Objective:

Due to these well-performed models being easily disturbed by slight perturbations, several black-box approaches have been proposed for attacking them. However, these studies have presented two challenges: (1) black-box attacks lack interpretability in generating adversarial examples and are inefficient in attacking; (2) white-box analysis methods in natural language processing (NLP) have not yet been applied to PLMs-C, incurring a gap in this field.

Methods:

To address these challenges, we make the first attempt to perform a white-box structure analysis for PLMs-C, followed by a grey-box attack for PLMs-C named MindAC based on derived linguistic structures. Specifically, referring to the probing tasks for analyzing the linguistic property of text in NLP, we first design eight novel probing tasks for code to perform white-box structure analysis. We derive three types of linguistic structures from PLMs-C named SurStruct, SyntStruct, and SemStrcut which correspond to the surface, syntactic and semantic structures of code, respectively. Subsequently, MindAC perturbs the code snippets through variable replacement, variable redefinition, and equivalent transformation of loop statements. Besides, in linguistic structures, MindAC introduces the angular distance of hidden output (ADHO) and the Euclidean distance of attention output (EDAO) to guide the generation of adversarial examples.

Results:

Our experiments reveal that: (1) for the first time, it has been demonstrated that PLMs-C possess three linguistic structures; (2) MindAc outperforms the state-of-the-art baselines on attack success rate by 2.47%

\sim

25.45%, reduces the execution time by 25 m

\sim

36h16 m, and achieves a significantly lower number of queries. Furthermore, we perform adversarial fine-tuning on the training sets and recover the Accuracy and F1 of the victim models by at least 57.76% and 60.13%, respectively.

Conclusion:

The results show that based on the derived linguistic structures, the proposed MindAC is more interpretable, effective, and efficient in attacking the PLMs-C compared with the state-of-the-art baselines. Besides, the generated adversarial examples can help to enhance the robustness of PLMs-C.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.