CodeAttack: Code-Based Adversarial Attacks for Pre-trained Programming Language Models
This work addresses the robustness of AI models in software engineering, showing they are susceptible to code-specific attacks, which is an incremental but important step for security in automated coding tasks.
The paper tackles the vulnerability of pre-trained programming language models to adversarial attacks by proposing CodeAttack, a black-box attack model that uses code structure to generate adversarial samples, resulting in significant performance drops across multiple tasks and outperforming existing NLP attack models.
Pre-trained programming language (PL) models (such as CodeT5, CodeBERT, GraphCodeBERT, etc.,) have the potential to automate software engineering tasks involving code understanding and code generation. However, these models operate in the natural channel of code, i.e., they are primarily concerned with the human understanding of the code. They are not robust to changes in the input and thus, are potentially susceptible to adversarial attacks in the natural channel. We propose, CodeAttack, a simple yet effective black-box attack model that uses code structure to generate effective, efficient, and imperceptible adversarial code samples and demonstrates the vulnerabilities of the state-of-the-art PL models to code-specific adversarial attacks. We evaluate the transferability of CodeAttack on several code-code (translation and repair) and code-NL (summarization) tasks across different programming languages. CodeAttack outperforms state-of-the-art adversarial NLP attack models to achieve the best overall drop in performance while being more efficient, imperceptible, consistent, and fluent. The code can be found at https://github.com/reddy-lab-code-research/CodeAttack.