SHIELD: Thwarting Code Authorship Attribution
This addresses privacy concerns for programmers seeking anonymity by exposing vulnerabilities in attribution techniques, representing an incremental advance in adversarial robustness for code.
The paper tackles the privacy risk of accurate code authorship attribution by introducing SHIELD, which demonstrates that adversarial attacks can thwart state-of-the-art attribution methods with high success rates, such as exceeding 98.5% for non-targeted attacks and up to 88% for targeted impersonation.
Authorship attribution has become increasingly accurate, posing a serious privacy risk for programmers who wish to remain anonymous. In this paper, we introduce SHIELD to examine the robustness of different code authorship attribution approaches against adversarial code examples. We define four attacks on attribution techniques, which include targeted and non-targeted attacks, and realize them using adversarial code perturbation. We experiment with a dataset of 200 programmers from the Google Code Jam competition to validate our methods targeting six state-of-the-art authorship attribution methods that adopt a variety of techniques for extracting authorship traits from source-code, including RNN, CNN, and code stylometry. Our experiments demonstrate the vulnerability of current authorship attribution methods against adversarial attacks. For the non-targeted attack, our experiments demonstrate the vulnerability of current authorship attribution methods against the attack with an attack success rate exceeds 98.5\% accompanied by a degradation of the identification confidence that exceeds 13\%. For the targeted attacks, we show the possibility of impersonating a programmer using targeted-adversarial perturbations with a success rate ranging from 66\% to 88\% for different authorship attribution techniques under several adversarial scenarios.