TY - GEN
T1 - Generating adversarial examples for holding robustness of source code processing models
AU - Zhang, Huangzhao
AU - Li, Zhuo
AU - Li, Ge
AU - Ma, Lei
AU - Liu, Yang
AU - Jin, Zhi
N1 - Funding Information:
This research is supported by the National Key R&D Program under Grant No.2018YFB1003904, the National Natural Science Foundation of China under Grant No.61832009, the JSPS KAKENHI Grant No.19K24348, 19H04086, and Qdai-jump Research Program No.01277.
Publisher Copyright:
Copyright © 2020, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.
PY - 2020
Y1 - 2020
N2 - Automated processing, analysis, and generation of source code are among the key activities in software and system life-cycle. To this end, while deep learning (DL) exhibits a certain level of capability in handling these tasks, the current state-of-the-art DL models still suffer from non-robust issues and can be easily fooled by adversarial attacks. Different from adversarial attacks for image, audio, and natural languages, the structured nature of programming languages brings new challenges. In this paper, we propose a Metropolis-Hastings sampling-based identifier renaming technique, named Metropolis-Hastings Modifier (MHM), which generates adversarial examples for DL models specialized for source code processing. Our in-depth evaluation on a functionality classification benchmark demonstrates the effectiveness of MHM in generating adversarial examples of source code. The higher robustness and performance enhanced through our adversarial training with MHM further confirms the usefulness of DL models-based method for future fully automated source code processing.
AB - Automated processing, analysis, and generation of source code are among the key activities in software and system life-cycle. To this end, while deep learning (DL) exhibits a certain level of capability in handling these tasks, the current state-of-the-art DL models still suffer from non-robust issues and can be easily fooled by adversarial attacks. Different from adversarial attacks for image, audio, and natural languages, the structured nature of programming languages brings new challenges. In this paper, we propose a Metropolis-Hastings sampling-based identifier renaming technique, named Metropolis-Hastings Modifier (MHM), which generates adversarial examples for DL models specialized for source code processing. Our in-depth evaluation on a functionality classification benchmark demonstrates the effectiveness of MHM in generating adversarial examples of source code. The higher robustness and performance enhanced through our adversarial training with MHM further confirms the usefulness of DL models-based method for future fully automated source code processing.
UR - http://www.scopus.com/inward/record.url?scp=85098363954&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098363954&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85098363954
T3 - AAAI 2020 - 34th AAAI Conference on Artificial Intelligence
SP - 1169
EP - 1176
BT - AAAI 2020 - 34th AAAI Conference on Artificial Intelligence
PB - AAAI Press
T2 - 34th AAAI Conference on Artificial Intelligence, AAAI 2020
Y2 - 7 February 2020 through 12 February 2020
ER -