Saved in:
Bibliographic Details
Main Authors: Ghannoum, Ehab, Ghafari, Mohammad
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.13459
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909538267955200
author Ghannoum, Ehab
Ghafari, Mohammad
author_facet Ghannoum, Ehab
Ghafari, Mohammad
contents Deep learning models have gained popularity for conducting various tasks involving source code. However, their black-box nature raises concerns about potential risks. One such risk is a poisoning attack, where an attacker intentionally contaminates the training set with malicious samples to mislead the model's predictions in specific scenarios. To protect source code models from poisoning attacks, we introduce CodeGarrison (CG), a hybrid deep-learning model that relies on code embeddings to identify poisoned code samples. We evaluated CG against the state-of-the-art technique ONION for detecting poisoned samples generated by DAMP, MHM, ALERT, as well as a novel poisoning technique named CodeFooler. Results showed that CG significantly outperformed ONION with an accuracy of 93.5%. We also tested CG's robustness against unknown attacks, achieving an average accuracy of 85.6% in identifying poisoned samples across the four attacks mentioned above.
format Preprint
id arxiv_https___arxiv_org_abs_2502_13459
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Poisoned Source Code Detection in Code Models
Ghannoum, Ehab
Ghafari, Mohammad
Cryptography and Security
Machine Learning
Deep learning models have gained popularity for conducting various tasks involving source code. However, their black-box nature raises concerns about potential risks. One such risk is a poisoning attack, where an attacker intentionally contaminates the training set with malicious samples to mislead the model's predictions in specific scenarios. To protect source code models from poisoning attacks, we introduce CodeGarrison (CG), a hybrid deep-learning model that relies on code embeddings to identify poisoned code samples. We evaluated CG against the state-of-the-art technique ONION for detecting poisoned samples generated by DAMP, MHM, ALERT, as well as a novel poisoning technique named CodeFooler. Results showed that CG significantly outperformed ONION with an accuracy of 93.5%. We also tested CG's robustness against unknown attacks, achieving an average accuracy of 85.6% in identifying poisoned samples across the four attacks mentioned above.
title Poisoned Source Code Detection in Code Models
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2502.13459