SHIELD: Thwarting Code Authorship Attribution

TL;DR

This paper introduces SHIELD, a framework for testing the robustness of code authorship attribution methods against adversarial attacks, revealing significant vulnerabilities in current techniques.

Contribution

It defines four attack strategies and demonstrates their effectiveness against six state-of-the-art authorship attribution methods using real-world data.

Findings

Non-targeted attacks succeed with over 98.5% success rate.

Targeted attacks can impersonate authors with 66-88% success.

Current attribution methods are highly vulnerable to adversarial perturbations.

Abstract

Authorship attribution has become increasingly accurate, posing a serious privacy risk for programmers who wish to remain anonymous. In this paper, we introduce SHIELD to examine the robustness of different code authorship attribution approaches against adversarial code examples. We define four attacks on attribution techniques, which include targeted and non-targeted attacks, and realize them using adversarial code perturbation. We experiment with a dataset of 200 programmers from the Google Code Jam competition to validate our methods targeting six state-of-the-art authorship attribution methods that adopt a variety of techniques for extracting authorship traits from source-code, including RNN, CNN, and code stylometry. Our experiments demonstrate the vulnerability of current authorship attribution methods against adversarial attacks. For the non-targeted attack, our experiments demonstrate the vulnerability of current authorship attribution methods against the attack with an attack success rate exceeds 98.5\% accompanied by a degradation of the identification confidence that exceeds 13\%. For the targeted attacks, we show the possibility of impersonating a programmer using targeted-adversarial perturbations with a success rate ranging from 66\% to 88\% for different authorship attribution techniques under several adversarial scenarios.