CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning
This addresses ethical and security concerns for developers and researchers by providing a mechanism to safeguard code against exploitation in AI training, though it is an incremental application of existing data poisoning techniques to a new domain.
The authors tackled the problem of protecting open-source code from unauthorized use in training deep learning models like GitHub Copilot by developing CoProtector, a data poisoning-based prototype that significantly reduces model performance and stably reveals embedded watermark backdoors.
Github Copilot, trained on billions of lines of public code, has recently become the buzzword in the computer science research and practice community. Although it is designed to help developers implement safe and effective code with powerful intelligence, practitioners and researchers raise concerns about its ethical and security problems, e.g., should the copyleft licensed code be freely leveraged or insecure code be considered for training in the first place? These problems pose a significant impact on Copilot and other similar products that aim to learn knowledge from large-scale open-source code through deep learning models, which are inevitably on the rise with the fast development of artificial intelligence. To mitigate such impacts, we argue that there is a need to invent effective mechanisms for protecting open-source code from being exploited by deep learning models. Here, we design and implement a prototype, CoProtector, which utilizes data poisoning techniques to arm source code repositories for defending against such exploits. Our large-scale experiments empirically show that CoProtector is effective in achieving its purpose, significantly reducing the performance of Copilot-like deep learning models while being able to stably reveal the secretly embedded watermark backdoors.