A Disguised Wolf Is More Harmful Than a Toothless Tiger: Adaptive Malicious Code Injection Backdoor Attack Leveraging User Behavior as Triggers

TL;DR

This paper introduces a game-theoretic framework to analyze malicious code injection attacks on large language models, revealing new dynamic backdoor attack strategies that threaten the security of code generation systems.

Contribution

It presents the first game-theoretic model for security in code generation, demonstrating how attackers can dynamically adjust malicious code injection based on user skill levels.

Findings

Attackers can use backdoor attacks to vary malicious code timing.

The model validates significant security threats in code generation models.

Experimental results confirm the effectiveness of the proposed attack strategies.

Abstract

In recent years, large language models (LLMs) have made significant progress in the field of code generation. However, as more and more users rely on these models for software development, the security risks associated with code generation models have become increasingly significant. Studies have shown that traditional deep learning robustness issues also negatively impact the field of code generation. In this paper, we first present the game-theoretic model that focuses on security issues in code generation scenarios. This framework outlines possible scenarios and patterns where attackers could spread malicious code models to create security threats. We also pointed out for the first time that the attackers can use backdoor attacks to dynamically adjust the timing of malicious code injection, which will release varying degrees of malicious code depending on the skill level of the user. Through extensive experiments on leading code generation models, we validate our proposed game-theoretic model and highlight the significant threats that these new attack scenarios pose to the safe use of code models.