學術產出-Theses
Article View/Open
Publication Export
-
題名 程式預測預訓練模型的攻擊與防禦研究
Natural Attack and Defense for Pre-trained Models of Code Analysis作者 黃舜硯
Huang, Shun-Yen貢獻者 郁方
Yu, Fang
黃舜硯
Huang, Shun-Yen關鍵詞 預訓練模型
自然攻擊
側錄
CodeBERT
Natural Attack
Profile日期 2024 上傳時間 1-Feb-2024 10:56:56 (UTC+8) 摘要 預訓練程式碼分析模型透過惡意程式碼偵測等應用徹底改變了軟體工程。然而,它們的有效性受到了對抗性攻擊的威脅,例如 ALERT,它透過巧妙地修改輸入來操縱模型輸出。這篇論文提出了一種基於側錄的方法來識別針對 CodeBERT 的 ALERT 攻擊。我們利用動態程式追蹤來捕獲模型在處理原始樣本和對抗性樣本時的內部行為。這些追蹤記錄捕獲了關於函式調用的詳細資訊,包括它們的呼叫次數、返回值和執行時間。透過仔細比較這些追蹤記錄,我們希望識別出 ALERT攻擊的存在與否。 此外,我們利用神經網路進行訓練。該神經網路的訓練集分別正常的程式及惡意程式,其中正常有被攻擊及沒被攻擊過的,惡意程式亦然。我們訓練結果如下:在正常程式程式資料集中,兩種模型提取屬性實現了 62% 和 72.2% 的準確率,在惡意程式資料集中,兩種模型提取屬性實現了 70% 和 89.1% 的準確率,在混合程式資料集中,兩種模型提取屬性實現了 69.3% 和 71.6% 的準確率。這些發現證明了基於效能分析的技術在預訓練程式碼模型中偵測對抗性攻擊的潛力。這項研究為進一步探索和改進這些方法開闢了道路,最終有助於預訓練模型在關鍵軟體工程任務中的彈性提升。
Pre-trained code analysis models have revolutionized software engineering with applications like malicious code detection. However, their effectiveness is threatened by adversarial attacks like ALERT, which subtly alter inputs to manipulate model outputs. This paper presents a novel tracing-based approach to identify ALERT attacks targeting CodeBERT. We leverage dynamic program tracing to capture the model's internal behavior while processing both original and adversarial samples. These traces capture detailed information about function calls, including their counts, return values, and execution times. By meticulously comparing these traces, we aim to identify characteristic patterns indicative of ALERT manipulations, revealing the attack's presence. Further, we explore the use of a neural network trained on profiled data categorized as normal, malicious, and mixed. Our investigation yielded promising results: two key model attributes derived from the traces achieved an accuracy of 62% and 72.2% on normal code, 70% and 89.1% on malicious code, and 69.3% and 71.6% on the combined dataset. These findings demonstrate the potential of profiling-based techniques for detecting adversarial attacks in pre-trained code models. This research opens avenues for further exploration and refinement of such methods, ultimately contributing to the resilience of pre-trained models in critical software engineering tasks.參考文獻 [1] Z. Feng, D. Guo, D. Tang, N. Duan, X. Feng, M. Gong, L. Shou, B. Qin, T. Liu, D. Jiang, and M. Zhou, “CodeBERT: A pre-trained model for programming and natural languages,” in Findings of the Association for Computational Linguistics: EMNLP 2020. Online: Association for Computational Linguistics, Nov. 2020, pp. 1536–1547. [Online]. Available: https://aclanthology.org/2020.findings-emnlp.139 [2] B. Zhang and M. Becker, “Variability code analysis using the vital tool,” in Proceedings of the 6th International Workshop on Feature- Oriented Software Development, ser. FOSD ’14. New York, NY, USA: Association for Computing Machinery, 2014, p. 17–22. [Online]. Available: https://doi.org/10.1145/2660190.2662113 [3] T. Kamiya, “Introducing parameter sensitivity to dynamic code-clone anal- ysis methods,” in 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol. 3, 2016, pp. 19–20. [4] K. Cho, B. van Merrienboer, C. Gulcehre, D. Bahdanau, F. Bougares, H. Schwenk, and Y. Bengio, “Learning phrase representations us- ing rnn encoder-decoder for statistical machine translation,” 2014, cite arxiv:1406.1078Comment: EMNLP 2014. [Online]. Available: http://arxiv.org/abs/1406.1078 [5] U. Alon, O. Levy, and E. Yahav, “code2seq: Generating se- quences from structured representations of code,” in International Conference on Learning Representations, 2019. [Online]. Available: https://openreview.net/forum?id=H1gKYo09tX [6] K. Clark, M.-T. Luong, Q. V. Le, and C. D. Manning, “Electra: Pre-training text encoders as discriminators rather than generators,” in International Conference on Learning Representations, 2020. [Online]. Available: https://openreview.net/forum?id=r1xMH1BtvB [7] Z. Yang, J. Shi, J. He, and D. Lo, “Natural attack for pre-trained models of code,” in Proceedings of the 44th International Conference on Software Engineering, ser. ICSE ’22. New York, NY, USA: Association for Computing Machinery, 2022, p. 1482–1493. [Online]. Available: https://doi.org/10.1145/3510003.3510146 [8] Z. Dai, S. Liu, Q. Li, and K. Tang, “Saliency attack: Towards imperceptible black-box adversarial attack,” ACM Trans. Intell. Syst. Technol., vol. 14, no. 3, apr 2023. [Online]. Available: https://doi.org/10.1145/3582563 [9] H. Hussain, T. Duricic, E. Lex, D. Helic, M. Strohmaier, and R. Kern, “Structack: Structure-based adversarial attacks on graph neural networks,” in Proceedings of the 32nd ACM Conference on Hypertext and Social Media, ser. HT ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 111–120. [Online]. Available: https://doi.org/10.1145/3465336.3475110 [10] D. Z ̈ugner, O. Borchert, A. Akbarnejad, and S. G ̈unnemann, “Adversarial attacks on graph neural networks: Perturbations and their patterns,” ACM Trans. Knowl. Discov. Data, vol. 14, no. 5, jun 2020. [Online]. Available: https://doi.org/10.1145/3394520 [11] T. Sonnekalb, B. Gruner, C.-A. Brust, and P. M ̈ader, “Generalizability of code clone detection on codebert,” in Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, ser. ASE ’22. New York, NY, USA: Association for Computing Machinery, 2023. [Online]. Available: https://doi.org/10.1145/3551349.3561165 [12] X. Meng, J. M. Anderson, J. Mellor-Crummey, M. W. Krentel, B. P. Miller, and S. Milakovi ́c, “Parallel binary code analysis,” in Proceedings of the 26th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, ser. PPoPP ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 76–89. [Online]. Available: https://doi.org/10.1145/3437801.3441604 [13] J. Obert and T. Loffredo, “Efficient binary static code data flow analy- sis using unsupervised learning,” in 2021 4th International Conference on Artificial Intelligence for Industries (AI4I), 2021, pp. 89–90. [14] S. Sargsyan, V. Vardanyan, H. Aslanyan, M. Harutunyan, M. Mehrabyan, K. Sargsyan, H. Hovahannisyan, H. Movsisyan, J. Hakobyan, and S. Kur- mangaleev, “Genes isp: code analysis platform,” in 2020 Ivannikov Ispras Open Conference (ISPRAS), 2020, pp. 35–39. [15] Q. Ashfaq, R. Khan, and S. Farooq, “A comparative analysis of static code analysis tools that check java code adherence to java coding standards,” in 2019 2nd International Conference on Communication, Computing and Digital systems (C-CODE), 2019, pp. 98–103. [16] R. Paramitha and Y. D. W. Asnar, “Static code analysis tool for laravel framework based web application,” in 2021 International Conference on Data and Software Engineering (ICoDSE), 2021, pp. 1–6. [17] J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “BERT: Pre-training of deep bidirectional transformers for language understanding,” in Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers). Minneapolis, Minnesota: Association for Computational Linguistics, Jun. 2019, pp. 4171–4186. [Online]. Available: https://aclanthology.org/N19-1423 [18] T. B. Brown, B. Mann, N. Ryder, M. Subbiah, J. Kaplan, P. Dhariwal, A. Neelakantan, P. Shyam, G. Sastry, A. Askell, S. Agarwal, A. Herbert- Voss, G. Krueger, T. Henighan, R. Child, A. Ramesh, D. M. Ziegler, J. Wu, C. Winter, C. Hesse, M. Chen, E. Sigler, M. Litwin, S. Gray, B. Chess, J. Clark, C. Berner, S. McCandlish, A. Radford, I. Sutskever, and D. Amodei, “Language models are few-shot learners,” in Proceedings of the 34th International Conference on Neural Information Processing Systems, ser. NIPS’20. Red Hook, NY, USA: Curran Associates Inc., 2020. [19] S. Black, L. Gao, P. Wang, C. Leahy, and S. Biderman, “GPT-Neo: Large scale autoregressive language modeling with meshtensorflow,” Oct. 2021. [Online]. Available: https://doi.org/10.5281/zenodo.5551208 [20] C. Raffel, N. Shazeer, A. Roberts, K. Lee, S. Narang, M. Matena, Y. Zhou, W. Li, and P. J. Liu, “Exploring the limits of transfer learning with a unified text-to-text transformer,” J. Mach. Learn. Res., vol. 21, no. 1, jan 2020. [21] M. Lewis, Y. Liu, N. Goyal, M. Ghazvininejad, A. Mohamed, O. Levy, V. Stoyanov, and L. Zettlemoyer, “BART: Denoising sequence-to- sequence pre-training for natural language generation, translation, and comprehension,” in Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. Online: Association for Computational Linguistics, Jul. 2020, pp. 7871–7880. [Online]. Available: https://aclanthology.org/2020.acl-main.703 [22] M. A. Umer, C. M. Ahmed, M. T. Jilani, and A. P. Mathur, “Attack rules: An adversarial approach to generate attacks for industrial control systems using machine learning,” in Proceedings of the 2th Workshop on CPSIoT Security and Privacy, ser. CPSIoTSec ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 35–40. [Online]. Available: https://doi.org/10.1145/3462633.3483976 [23] J. Mu, B. Wang, Q. Li, K. Sun, M. Xu, and Z. Liu, “A hard label black-box adversarial attack against graph neural networks,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 108–125. [Online]. Available: https://doi.org/10.1145/3460120.3484796 [24] B. Wang and N. Z. Gong, “Attacking graph-based classification via manipulating the graph structure,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 2023–2040. [Online]. Available: https://doi.org/10.1145/3319535.3354206 [25] X. Lin, C. Zhou, H. Yang, J. Wu, H. Wang, Y. Cao, and B. Wang, “Ex- ploratory adversarial attacks on graph neural networks,” in 2020 IEEE International Conference on Data Mining (ICDM), 2020, pp. 1136–1141. [26] C. Guo, “An overview of adversarial sample attacks and defenses for graph neural networks,” in 2021 International Conference on Intelligent Comput- ing, Automation and Applications (ICAA), 2021, pp. 252–260. [27] Y. Xu, X. Wei, P. Dai, and X. Cao, “A2sc: Adversarial attacks on subspace clustering,” ACM Trans. Multimedia Comput. Commun. Appl., mar 2023, just Accepted. [Online]. Available: https://doi.org/10.1145/3587097 [28] S. Zhou, C. Liu, D. Ye, T. Zhu, W. Zhou, and P. S. Yu, “Adversarial attacks and defenses in deep learning: From a perspective of cybersecurity,” ACM Comput. Surv., vol. 55, no. 8, dec 2022. [Online]. Available: https://doi.org/10.1145/3547330 [29] M. D’Ambros, M. Lanza, and R. Robbes, “Evaluating defect prediction approaches: A benchmark and an extensive comparison,” Empirical Softw. Engg., vol. 17, no. 4–5, p. 531–577, aug 2012. [Online]. Available: https://doi.org/10.1007/s10664-011-9173-9 [30] T. Hall, S. Beecham, D. Bowes, D. Gray, and S. Counsell, “A systematic literature review on fault prediction performance in software engineering,” IEEE Trans. Softw. Eng., vol. 38, no. 6, p. 1276–1304, nov 2012. [Online]. Available: https://doi.org/10.1109/TSE.2011.103 [31] X. Yang, D. Lo, X. Xia, Y. Zhang, and J. Sun, “Deep learning for just-in-time defect prediction,” in Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security, ser. QRS ’15. USA: IEEE Computer Society, 2015, p. 17–26. [Online]. Available: https://doi.org/10.1109/QRS.2015.14 [32] S. Wang, T. Liu, and L. Tan, “Automatically learning semantic features for defect prediction,” in Proceedings of the 38th International Conference on Software Engineering, ser. ICSE ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 297–308. [Online]. Available: https://doi.org/10.1145/2884781.2884804 [33] Y. Shin and L. Williams, “An empirical model to predict security vulnerabilities using code complexity metrics,” in Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ser. ESEM ’08. New York, NY, USA: Association for Computing Machinery, 2008, p. 315–317. [Online]. Available: https://doi.org/10.1145/1414004.1414065 [34] I. Chowdhury and M. Zulkernine, “Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities,” Journal of Systems Architecture, vol. 57, no. 3, pp. 294–313, 2011, special Issue on Security and Dependability Assurance of Software Architectures. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1383762110000615 [35] Y. Shin, A. Meneely, L. Williams, and J. A. Osborne, “Evaluating com- plexity, code churn, and developer activity metrics as indicators of software vulnerabilities,” IEEE Transactions on Software Engineering, vol. 37, no. 6, pp. 772–787, 2011. [36] G. Apruzzese, M. Andreolini, L. Ferretti, M. Marchetti, and M. Colajanni, “Modeling realistic adversarial attacks against network intrusion detection systems,” Digital Threats, vol. 3, no. 3, feb 2022. [Online]. Available: https://doi.org/10.1145/3469659 [37] B. Li, J. Xu, S. Wu, S. Ding, J. Li, and F. Huang, “Detecting adversarial patch attacks through global-local consistency,” in Proceedings of the 1st In- ternational Workshop on Adversarial Learning for Multimedia, ser. ADVM ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 35–41. [Online]. Available: https://doi.org/10.1145/3475724.3483606 [38] J. Chen, H. Xu, J. Wang, Q. Xuan, and X. Zhang, “Adversarial detection on graph structured data,” in Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, ser. PPMLP’20. New York, NY, USA: Association for Computing Machinery, 2020, p. 37–41. [Online]. Available: https://doi.org/10.1145/3411501.3419424 [39] C. Ferrari, F. Becattini, L. Galteri, and A. D. Bimbo, “(compress and restore)n: A robust defense against adversarial attacks on image classification,” ACM Trans. Multimedia Comput. Commun. Appl., vol. 19, no. 1s, jan 2023. [Online]. Available: https://doi.org/10.1145/3524619 [40] N. Liu, M. Du, R. Guo, H. Liu, and X. Hu, “Adversarial attacks and defenses: An interpretation perspective,” SIGKDD Explor. Newsl., vol. 23, no. 1, p. 86–99, may 2021. [Online]. Available: https://doi.org/10.1145/3468507.3468519 [41] A. Pattanaik, Z. Tang, S. Liu, G. Bommannan, and G. Chowdhary, “Ro- bust deep reinforcement learning with adversarial attacks,” in Proceedings of the 17th International Conference on Autonomous Agents and MultiA- gent Systems, ser. AAMAS ’18. Richland, SC: International Foundation for Autonomous Agents and Multiagent Systems, 2018, p. 2040–2042. [42] I. Rosenberg, A. Shabtai, Y. Elovici, and L. Rokach, “Adversarial machine learning attacks and defense methods in the cyber security domain,” ACM Comput. Surv., vol. 54, no. 5, may 2021. [Online]. Available: https://doi.org/10.1145/3453158 [43] C. Zhang, Z. Wang, R. Mangal, M. Fredrikson, L. Jia, and C. Pasareanu, “Transfer attacks and defenses for large language models on coding tasks,” 2023. [44] C. D. Manning, P. Raghavan, and H. Sch ̈utze, Introduction to Information Retrieval. Cambridge, UK: Cambridge University Press, 2008. [Online]. Available: http://nlp.stanford.edu/IR-book/information- retrieval-book.html [45] A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, L. Kaiser, and I. Polosukhin, “Attention is all you need,” in Advances in Neural Information Processing Systems, 2017, pp. 5998–6008. [46] R. Agarwal, “Explaining bert simply using sketches,” Apr 2021. [Online]. Available: https://mlwhiz.medium.com/explaining-bert-simply- using-sketches-ba30f6f0c8cb [47] K. Clark, M.-T. Luong, Q. V. Le, and C. D. Manning, “Electra: Pre-training text encoders as discriminators rather than generators,” in 47 International Conference on Learning Representations, 2020. [Online]. Available: https://openreview.net/forum?id=r1xMH1BtvB [48] Y. Zhou, S. Liu, J. Siow, X. Du, and Y. Liu, Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks. Red Hook, NY, USA: Curran Associates Inc., 2019. [49] P. He, B. Li, X. Liu, J. Chen, and Y. Ma, “An empirical study on software defect prediction with a simplified metric set,” Information and Software Technology, vol. 59, pp. 170–190, mar 2015. [Online]. Available: https://doi.org/10.10162Fj.infsof.2014.11.006 [50] J. Demˇsar, T. Curk, A. Erjavec, ˇCrt Gorup, T. Hoˇcevar, M. Milutinoviˇc, M. Moˇzina, M. Polajnar, M. Toplak, A. Stariˇc, M. ˇStajdohar, L. Umek, L. ˇZagar, J. ˇZbontar, M. ˇZitnik, and B. Zupan, “Orange: Data mining toolbox in python,” Journal of Machine Learning Research, vol. 14, pp. 2349–2353, 2013. [Online]. Available: http://jmlr.org/papers/v14/demsar13a.html 描述 碩士
國立政治大學
資訊管理學系
110356040資料來源 http://thesis.lib.nccu.edu.tw/record/#G0110356040 資料類型 thesis dc.contributor.advisor 郁方 zh_TW dc.contributor.advisor Yu, Fang en_US dc.contributor.author (Authors) 黃舜硯 zh_TW dc.contributor.author (Authors) Huang, Shun-Yen en_US dc.creator (作者) 黃舜硯 zh_TW dc.creator (作者) Huang, Shun-Yen en_US dc.date (日期) 2024 en_US dc.date.accessioned 1-Feb-2024 10:56:56 (UTC+8) - dc.date.available 1-Feb-2024 10:56:56 (UTC+8) - dc.date.issued (上傳時間) 1-Feb-2024 10:56:56 (UTC+8) - dc.identifier (Other Identifiers) G0110356040 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/149470 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊管理學系 zh_TW dc.description (描述) 110356040 zh_TW dc.description.abstract (摘要) 預訓練程式碼分析模型透過惡意程式碼偵測等應用徹底改變了軟體工程。然而,它們的有效性受到了對抗性攻擊的威脅,例如 ALERT,它透過巧妙地修改輸入來操縱模型輸出。這篇論文提出了一種基於側錄的方法來識別針對 CodeBERT 的 ALERT 攻擊。我們利用動態程式追蹤來捕獲模型在處理原始樣本和對抗性樣本時的內部行為。這些追蹤記錄捕獲了關於函式調用的詳細資訊,包括它們的呼叫次數、返回值和執行時間。透過仔細比較這些追蹤記錄,我們希望識別出 ALERT攻擊的存在與否。 此外,我們利用神經網路進行訓練。該神經網路的訓練集分別正常的程式及惡意程式,其中正常有被攻擊及沒被攻擊過的,惡意程式亦然。我們訓練結果如下:在正常程式程式資料集中,兩種模型提取屬性實現了 62% 和 72.2% 的準確率,在惡意程式資料集中,兩種模型提取屬性實現了 70% 和 89.1% 的準確率,在混合程式資料集中,兩種模型提取屬性實現了 69.3% 和 71.6% 的準確率。這些發現證明了基於效能分析的技術在預訓練程式碼模型中偵測對抗性攻擊的潛力。這項研究為進一步探索和改進這些方法開闢了道路,最終有助於預訓練模型在關鍵軟體工程任務中的彈性提升。 zh_TW dc.description.abstract (摘要) Pre-trained code analysis models have revolutionized software engineering with applications like malicious code detection. However, their effectiveness is threatened by adversarial attacks like ALERT, which subtly alter inputs to manipulate model outputs. This paper presents a novel tracing-based approach to identify ALERT attacks targeting CodeBERT. We leverage dynamic program tracing to capture the model's internal behavior while processing both original and adversarial samples. These traces capture detailed information about function calls, including their counts, return values, and execution times. By meticulously comparing these traces, we aim to identify characteristic patterns indicative of ALERT manipulations, revealing the attack's presence. Further, we explore the use of a neural network trained on profiled data categorized as normal, malicious, and mixed. Our investigation yielded promising results: two key model attributes derived from the traces achieved an accuracy of 62% and 72.2% on normal code, 70% and 89.1% on malicious code, and 69.3% and 71.6% on the combined dataset. These findings demonstrate the potential of profiling-based techniques for detecting adversarial attacks in pre-trained code models. This research opens avenues for further exploration and refinement of such methods, ultimately contributing to the resilience of pre-trained models in critical software engineering tasks. en_US dc.description.tableofcontents 1 Introduction 4 2 Related Work 5 2.1 Code Analysis with AI tools 5 2.2 Attacks on AI Code Analysis Tools 6 2.3 Defense on Attacks 7 3 Methodology 12 3.1 Natural Attack craft altered code 13 3.2 Profiling CodeBERT 14 3.2.1 CodeBERT structure 14 3.2.2 Defect detection tasking on CodeBERT 15 3.2.3 Profiling 17 3.3 Information leakage 19 3.4 Detection rule derivation 22 3.4.1 Straight function approach 22 3.4.2 Neural Network Approach 24 4 EVALUATION 27 4.1 Dataset perturbation through Natural Attacks 27 4.2 Profiling-driven rule discovery 31 4.2.1 Normal code 31 4.2.2 Malicious java code 37 4.3 Can NN trained on a mixture of normal and malicious data detect altered examples? 41 5 Conclusion and Future work 42 6 References 43 zh_TW dc.format.extent 4155438 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0110356040 en_US dc.subject (關鍵詞) 預訓練模型 zh_TW dc.subject (關鍵詞) 自然攻擊 zh_TW dc.subject (關鍵詞) 側錄 zh_TW dc.subject (關鍵詞) CodeBERT en_US dc.subject (關鍵詞) Natural Attack en_US dc.subject (關鍵詞) Profile en_US dc.title (題名) 程式預測預訓練模型的攻擊與防禦研究 zh_TW dc.title (題名) Natural Attack and Defense for Pre-trained Models of Code Analysis en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] Z. Feng, D. Guo, D. Tang, N. Duan, X. Feng, M. Gong, L. Shou, B. Qin, T. Liu, D. Jiang, and M. Zhou, “CodeBERT: A pre-trained model for programming and natural languages,” in Findings of the Association for Computational Linguistics: EMNLP 2020. Online: Association for Computational Linguistics, Nov. 2020, pp. 1536–1547. [Online]. Available: https://aclanthology.org/2020.findings-emnlp.139 [2] B. Zhang and M. Becker, “Variability code analysis using the vital tool,” in Proceedings of the 6th International Workshop on Feature- Oriented Software Development, ser. FOSD ’14. New York, NY, USA: Association for Computing Machinery, 2014, p. 17–22. [Online]. Available: https://doi.org/10.1145/2660190.2662113 [3] T. Kamiya, “Introducing parameter sensitivity to dynamic code-clone anal- ysis methods,” in 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol. 3, 2016, pp. 19–20. [4] K. Cho, B. van Merrienboer, C. Gulcehre, D. Bahdanau, F. Bougares, H. Schwenk, and Y. Bengio, “Learning phrase representations us- ing rnn encoder-decoder for statistical machine translation,” 2014, cite arxiv:1406.1078Comment: EMNLP 2014. [Online]. Available: http://arxiv.org/abs/1406.1078 [5] U. Alon, O. Levy, and E. Yahav, “code2seq: Generating se- quences from structured representations of code,” in International Conference on Learning Representations, 2019. [Online]. Available: https://openreview.net/forum?id=H1gKYo09tX [6] K. Clark, M.-T. Luong, Q. V. Le, and C. D. Manning, “Electra: Pre-training text encoders as discriminators rather than generators,” in International Conference on Learning Representations, 2020. [Online]. Available: https://openreview.net/forum?id=r1xMH1BtvB [7] Z. Yang, J. Shi, J. He, and D. Lo, “Natural attack for pre-trained models of code,” in Proceedings of the 44th International Conference on Software Engineering, ser. ICSE ’22. New York, NY, USA: Association for Computing Machinery, 2022, p. 1482–1493. [Online]. Available: https://doi.org/10.1145/3510003.3510146 [8] Z. Dai, S. Liu, Q. Li, and K. Tang, “Saliency attack: Towards imperceptible black-box adversarial attack,” ACM Trans. Intell. Syst. Technol., vol. 14, no. 3, apr 2023. [Online]. Available: https://doi.org/10.1145/3582563 [9] H. Hussain, T. Duricic, E. Lex, D. Helic, M. Strohmaier, and R. Kern, “Structack: Structure-based adversarial attacks on graph neural networks,” in Proceedings of the 32nd ACM Conference on Hypertext and Social Media, ser. HT ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 111–120. [Online]. Available: https://doi.org/10.1145/3465336.3475110 [10] D. Z ̈ugner, O. Borchert, A. Akbarnejad, and S. G ̈unnemann, “Adversarial attacks on graph neural networks: Perturbations and their patterns,” ACM Trans. Knowl. Discov. Data, vol. 14, no. 5, jun 2020. [Online]. Available: https://doi.org/10.1145/3394520 [11] T. Sonnekalb, B. Gruner, C.-A. Brust, and P. M ̈ader, “Generalizability of code clone detection on codebert,” in Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, ser. ASE ’22. New York, NY, USA: Association for Computing Machinery, 2023. [Online]. Available: https://doi.org/10.1145/3551349.3561165 [12] X. Meng, J. M. Anderson, J. Mellor-Crummey, M. W. Krentel, B. P. Miller, and S. Milakovi ́c, “Parallel binary code analysis,” in Proceedings of the 26th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, ser. PPoPP ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 76–89. [Online]. Available: https://doi.org/10.1145/3437801.3441604 [13] J. Obert and T. Loffredo, “Efficient binary static code data flow analy- sis using unsupervised learning,” in 2021 4th International Conference on Artificial Intelligence for Industries (AI4I), 2021, pp. 89–90. [14] S. Sargsyan, V. Vardanyan, H. Aslanyan, M. Harutunyan, M. Mehrabyan, K. Sargsyan, H. Hovahannisyan, H. Movsisyan, J. Hakobyan, and S. Kur- mangaleev, “Genes isp: code analysis platform,” in 2020 Ivannikov Ispras Open Conference (ISPRAS), 2020, pp. 35–39. [15] Q. Ashfaq, R. Khan, and S. Farooq, “A comparative analysis of static code analysis tools that check java code adherence to java coding standards,” in 2019 2nd International Conference on Communication, Computing and Digital systems (C-CODE), 2019, pp. 98–103. [16] R. Paramitha and Y. D. W. Asnar, “Static code analysis tool for laravel framework based web application,” in 2021 International Conference on Data and Software Engineering (ICoDSE), 2021, pp. 1–6. [17] J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “BERT: Pre-training of deep bidirectional transformers for language understanding,” in Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers). Minneapolis, Minnesota: Association for Computational Linguistics, Jun. 2019, pp. 4171–4186. [Online]. Available: https://aclanthology.org/N19-1423 [18] T. B. Brown, B. Mann, N. Ryder, M. Subbiah, J. Kaplan, P. Dhariwal, A. Neelakantan, P. Shyam, G. Sastry, A. Askell, S. Agarwal, A. Herbert- Voss, G. Krueger, T. Henighan, R. Child, A. Ramesh, D. M. Ziegler, J. Wu, C. Winter, C. Hesse, M. Chen, E. Sigler, M. Litwin, S. Gray, B. Chess, J. Clark, C. Berner, S. McCandlish, A. Radford, I. Sutskever, and D. Amodei, “Language models are few-shot learners,” in Proceedings of the 34th International Conference on Neural Information Processing Systems, ser. NIPS’20. Red Hook, NY, USA: Curran Associates Inc., 2020. [19] S. Black, L. Gao, P. Wang, C. Leahy, and S. Biderman, “GPT-Neo: Large scale autoregressive language modeling with meshtensorflow,” Oct. 2021. [Online]. Available: https://doi.org/10.5281/zenodo.5551208 [20] C. Raffel, N. Shazeer, A. Roberts, K. Lee, S. Narang, M. Matena, Y. Zhou, W. Li, and P. J. Liu, “Exploring the limits of transfer learning with a unified text-to-text transformer,” J. Mach. Learn. Res., vol. 21, no. 1, jan 2020. [21] M. Lewis, Y. Liu, N. Goyal, M. Ghazvininejad, A. Mohamed, O. Levy, V. Stoyanov, and L. Zettlemoyer, “BART: Denoising sequence-to- sequence pre-training for natural language generation, translation, and comprehension,” in Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. Online: Association for Computational Linguistics, Jul. 2020, pp. 7871–7880. [Online]. Available: https://aclanthology.org/2020.acl-main.703 [22] M. A. Umer, C. M. Ahmed, M. T. Jilani, and A. P. Mathur, “Attack rules: An adversarial approach to generate attacks for industrial control systems using machine learning,” in Proceedings of the 2th Workshop on CPSIoT Security and Privacy, ser. CPSIoTSec ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 35–40. [Online]. Available: https://doi.org/10.1145/3462633.3483976 [23] J. Mu, B. Wang, Q. Li, K. Sun, M. Xu, and Z. Liu, “A hard label black-box adversarial attack against graph neural networks,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 108–125. [Online]. Available: https://doi.org/10.1145/3460120.3484796 [24] B. Wang and N. Z. Gong, “Attacking graph-based classification via manipulating the graph structure,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 2023–2040. [Online]. Available: https://doi.org/10.1145/3319535.3354206 [25] X. Lin, C. Zhou, H. Yang, J. Wu, H. Wang, Y. Cao, and B. Wang, “Ex- ploratory adversarial attacks on graph neural networks,” in 2020 IEEE International Conference on Data Mining (ICDM), 2020, pp. 1136–1141. [26] C. Guo, “An overview of adversarial sample attacks and defenses for graph neural networks,” in 2021 International Conference on Intelligent Comput- ing, Automation and Applications (ICAA), 2021, pp. 252–260. [27] Y. Xu, X. Wei, P. Dai, and X. Cao, “A2sc: Adversarial attacks on subspace clustering,” ACM Trans. Multimedia Comput. Commun. Appl., mar 2023, just Accepted. [Online]. Available: https://doi.org/10.1145/3587097 [28] S. Zhou, C. Liu, D. Ye, T. Zhu, W. Zhou, and P. S. Yu, “Adversarial attacks and defenses in deep learning: From a perspective of cybersecurity,” ACM Comput. Surv., vol. 55, no. 8, dec 2022. [Online]. Available: https://doi.org/10.1145/3547330 [29] M. D’Ambros, M. Lanza, and R. Robbes, “Evaluating defect prediction approaches: A benchmark and an extensive comparison,” Empirical Softw. Engg., vol. 17, no. 4–5, p. 531–577, aug 2012. [Online]. Available: https://doi.org/10.1007/s10664-011-9173-9 [30] T. Hall, S. Beecham, D. Bowes, D. Gray, and S. Counsell, “A systematic literature review on fault prediction performance in software engineering,” IEEE Trans. Softw. Eng., vol. 38, no. 6, p. 1276–1304, nov 2012. [Online]. Available: https://doi.org/10.1109/TSE.2011.103 [31] X. Yang, D. Lo, X. Xia, Y. Zhang, and J. Sun, “Deep learning for just-in-time defect prediction,” in Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security, ser. QRS ’15. USA: IEEE Computer Society, 2015, p. 17–26. [Online]. Available: https://doi.org/10.1109/QRS.2015.14 [32] S. Wang, T. Liu, and L. Tan, “Automatically learning semantic features for defect prediction,” in Proceedings of the 38th International Conference on Software Engineering, ser. ICSE ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 297–308. [Online]. Available: https://doi.org/10.1145/2884781.2884804 [33] Y. Shin and L. Williams, “An empirical model to predict security vulnerabilities using code complexity metrics,” in Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ser. ESEM ’08. New York, NY, USA: Association for Computing Machinery, 2008, p. 315–317. [Online]. Available: https://doi.org/10.1145/1414004.1414065 [34] I. Chowdhury and M. Zulkernine, “Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities,” Journal of Systems Architecture, vol. 57, no. 3, pp. 294–313, 2011, special Issue on Security and Dependability Assurance of Software Architectures. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1383762110000615 [35] Y. Shin, A. Meneely, L. Williams, and J. A. Osborne, “Evaluating com- plexity, code churn, and developer activity metrics as indicators of software vulnerabilities,” IEEE Transactions on Software Engineering, vol. 37, no. 6, pp. 772–787, 2011. [36] G. Apruzzese, M. Andreolini, L. Ferretti, M. Marchetti, and M. Colajanni, “Modeling realistic adversarial attacks against network intrusion detection systems,” Digital Threats, vol. 3, no. 3, feb 2022. [Online]. Available: https://doi.org/10.1145/3469659 [37] B. Li, J. Xu, S. Wu, S. Ding, J. Li, and F. Huang, “Detecting adversarial patch attacks through global-local consistency,” in Proceedings of the 1st In- ternational Workshop on Adversarial Learning for Multimedia, ser. ADVM ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 35–41. [Online]. Available: https://doi.org/10.1145/3475724.3483606 [38] J. Chen, H. Xu, J. Wang, Q. Xuan, and X. Zhang, “Adversarial detection on graph structured data,” in Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, ser. PPMLP’20. New York, NY, USA: Association for Computing Machinery, 2020, p. 37–41. [Online]. Available: https://doi.org/10.1145/3411501.3419424 [39] C. Ferrari, F. Becattini, L. Galteri, and A. D. Bimbo, “(compress and restore)n: A robust defense against adversarial attacks on image classification,” ACM Trans. Multimedia Comput. Commun. Appl., vol. 19, no. 1s, jan 2023. [Online]. Available: https://doi.org/10.1145/3524619 [40] N. Liu, M. Du, R. Guo, H. Liu, and X. Hu, “Adversarial attacks and defenses: An interpretation perspective,” SIGKDD Explor. Newsl., vol. 23, no. 1, p. 86–99, may 2021. [Online]. Available: https://doi.org/10.1145/3468507.3468519 [41] A. Pattanaik, Z. Tang, S. Liu, G. Bommannan, and G. Chowdhary, “Ro- bust deep reinforcement learning with adversarial attacks,” in Proceedings of the 17th International Conference on Autonomous Agents and MultiA- gent Systems, ser. AAMAS ’18. Richland, SC: International Foundation for Autonomous Agents and Multiagent Systems, 2018, p. 2040–2042. [42] I. Rosenberg, A. Shabtai, Y. Elovici, and L. Rokach, “Adversarial machine learning attacks and defense methods in the cyber security domain,” ACM Comput. Surv., vol. 54, no. 5, may 2021. [Online]. Available: https://doi.org/10.1145/3453158 [43] C. Zhang, Z. Wang, R. Mangal, M. Fredrikson, L. Jia, and C. Pasareanu, “Transfer attacks and defenses for large language models on coding tasks,” 2023. [44] C. D. Manning, P. Raghavan, and H. Sch ̈utze, Introduction to Information Retrieval. Cambridge, UK: Cambridge University Press, 2008. [Online]. Available: http://nlp.stanford.edu/IR-book/information- retrieval-book.html [45] A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, L. Kaiser, and I. Polosukhin, “Attention is all you need,” in Advances in Neural Information Processing Systems, 2017, pp. 5998–6008. [46] R. Agarwal, “Explaining bert simply using sketches,” Apr 2021. [Online]. Available: https://mlwhiz.medium.com/explaining-bert-simply- using-sketches-ba30f6f0c8cb [47] K. Clark, M.-T. Luong, Q. V. Le, and C. D. Manning, “Electra: Pre-training text encoders as discriminators rather than generators,” in 47 International Conference on Learning Representations, 2020. [Online]. Available: https://openreview.net/forum?id=r1xMH1BtvB [48] Y. Zhou, S. Liu, J. Siow, X. Du, and Y. Liu, Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks. Red Hook, NY, USA: Curran Associates Inc., 2019. [49] P. He, B. Li, X. Liu, J. Chen, and Y. Ma, “An empirical study on software defect prediction with a simplified metric set,” Information and Software Technology, vol. 59, pp. 170–190, mar 2015. [Online]. Available: https://doi.org/10.10162Fj.infsof.2014.11.006 [50] J. Demˇsar, T. Curk, A. Erjavec, ˇCrt Gorup, T. Hoˇcevar, M. Milutinoviˇc, M. Moˇzina, M. Polajnar, M. Toplak, A. Stariˇc, M. ˇStajdohar, L. Umek, L. ˇZagar, J. ˇZbontar, M. ˇZitnik, and B. Zupan, “Orange: Data mining toolbox in python,” Journal of Machine Learning Research, vol. 14, pp. 2349–2353, 2013. [Online]. Available: http://jmlr.org/papers/v14/demsar13a.html zh_TW
