Measuring Impacts of Poisoning on Model Parameters and Embeddings for Large Language Models of Code

TL;DR

This paper investigates how to detect backdoor attacks in large language models of code by analyzing model parameters and embeddings, revealing patterns in context embeddings that can indicate poisoning.

Contribution

It introduces a white-box detection method analyzing attention weights, biases, and embeddings to identify backdoors in code models, highlighting the significance of context embeddings.

Findings

Noticeable patterns in poisoned samples' context embeddings

Attention weights and biases show no significant differences

Provides insights for white-box backdoor detection in code LLMs

Abstract

Large language models (LLMs) have revolutionized software development practices, yet concerns about their safety have arisen, particularly regarding hidden backdoors, aka trojans. Backdoor attacks involve the insertion of triggers into training data, allowing attackers to manipulate the behavior of the model maliciously. In this paper, we focus on analyzing the model parameters to detect potential backdoor signals in code models. Specifically, we examine attention weights and biases, and context embeddings of the clean and poisoned CodeBERT and CodeT5 models. Our results suggest noticeable patterns in context embeddings of poisoned samples for both the poisoned models; however, attention weights and biases do not show any significant differences. This work contributes to ongoing efforts in white-box detection of backdoor signals in LLMs of code through the analysis of parameters and embeddings.