SPLASH 2020
Sun 15 - Sat 21 November 2020 Online Conference
Wed 18 Nov 2020 13:00 - 13:20 at OOPSLA/ECOOP - W-4
Thu 19 Nov 2020 01:00 - 01:20 at OOPSLA/ECOOP - W-4

Neural models of code have shown impressive performance for tasks such as predicting method names and identifying certain kinds of bugs. In this paper, we show that these models are vulnerable to adversarial examples, and introduce a novel approach for attacking trained models of code with adversarial examples. The main idea is to force a given trained model to make an incorrect prediction as specified by the adversary, by introducing small perturbations that do not change the program’s semantics. To find such perturbations, we present a new technique for Discrete Adversarial Manipulation of Programs (DAMP). DAMP works by deriving the desired prediction with respect to the model’s inputs while holding the model weights constant, and following the gradients to slightly modify the input code.

We show that our DAMP attack is effective across three neural architectures: code2vec, GGNN, and GNN-FiLM, in both Java and C#. We show that DAMP has up to 89% success rate in changing a prediction to the adversary’s choice (“targeted attack”), and a success rate of up to 94% in changing a given prediction to any incorrect prediction (“non-targeted attack”). To defend a model against such attacks, we examine a variety of possible defenses empirically and discuss their trade-offs. We show that some of these defenses drop the success rate of the attacker drastically, with a minor penalty of 2% relative degradation in accuracy while not performing under attack.

Our code, data, and trained models are available at https://github.com/tech-srl/adversarial-examples .

Wed 18 Nov
Times are displayed in time zone: Central Time (US & Canada) change

13:00 - 14:20: W-4OOPSLA at OOPSLA/ECOOP +12h
13:00 - 13:20
Talk
OOPSLA
Noam YefetTechnion, Uri AlonTechnion, Eran YahavTechnion
Pre-print
13:20 - 13:40
Talk
OOPSLA
Manuel RiggerETH Zurich, Switzerland, Zhendong SuETH Zurich, Switzerland
Pre-print
13:40 - 14:00
Talk
OOPSLA
Yotam FeldmanTel Aviv University, Artem KhyzhaTel Aviv University, Constantin EneaIRIF, University Paris Diderot & CNRS, Adam MorrisonTel Aviv University, Aleksandar NanevskiIMDEA Software Institute, Noam RinetzkyTel Aviv University, Israel, Sharon ShohamTel Aviv university
14:00 - 14:20
Talk
OOPSLA
Vytautas AstrauskasETH Zurich, Switzerland, Christoph MathejaETH Zurich, Switzerland, Federico PoliETH Zurich, Switzerland, Peter MüllerETH Zurich, Alexander J. SummersThe University of British Columbia

Thu 19 Nov
Times are displayed in time zone: Central Time (US & Canada) change

01:00 - 02:20: W-4OOPSLA at OOPSLA/ECOOP
01:00 - 01:20
Talk
OOPSLA
Noam YefetTechnion, Uri AlonTechnion, Eran YahavTechnion
Pre-print
01:20 - 01:40
Talk
OOPSLA
Manuel RiggerETH Zurich, Switzerland, Zhendong SuETH Zurich, Switzerland
Pre-print
01:40 - 02:00
Talk
OOPSLA
Yotam FeldmanTel Aviv University, Artem KhyzhaTel Aviv University, Constantin EneaIRIF, University Paris Diderot & CNRS, Adam MorrisonTel Aviv University, Aleksandar NanevskiIMDEA Software Institute, Noam RinetzkyTel Aviv University, Israel, Sharon ShohamTel Aviv university
02:00 - 02:20
Talk
OOPSLA
Vytautas AstrauskasETH Zurich, Switzerland, Christoph MathejaETH Zurich, Switzerland, Federico PoliETH Zurich, Switzerland, Peter MüllerETH Zurich, Alexander J. SummersThe University of British Columbia