RMCBench: Benchmarking Large Language Models' Resistance to Malicious Code

TL;DR

This paper introduces RMCBench, a benchmark for evaluating large language models' resistance to generating malicious code, revealing current models' limited ability to refuse malicious prompts and providing insights for improving robustness.

Contribution

The paper presents the first benchmark for assessing LLMs' resistance to malicious code generation and provides an empirical study on 11 models' performance.

Findings

Average refusal rate of LLMs is 28.71% in resisting malicious code.

ChatGPT-4's refusal rate is only 35.73%.

Factors influencing resistance are analyzed with implications for robustness enhancement.

Abstract

The emergence of Large Language Models (LLMs) has significantly influenced various aspects of software development activities. Despite their benefits, LLMs also pose notable risks, including the potential to generate harmful content and being abused by malicious developers to create malicious code. Several previous studies have focused on the ability of LLMs to resist the generation of harmful content that violates human ethical standards, such as biased or offensive content. However, there is no research evaluating the ability of LLMs to resist malicious code generation. To fill this gap, we propose RMCBench, the first benchmark comprising 473 prompts designed to assess the ability of LLMs to resist malicious code generation. This benchmark employs two scenarios: a text-to-code scenario, where LLMs are prompted with descriptions to generate code, and a code-to-code scenario, where LLMs translate or complete existing malicious code. Based on RMCBench, we conduct an empirical study on 11 representative LLMs to assess their ability to resist malicious code generation. Our findings indicate that current LLMs have a limited ability to resist malicious code generation with an average refusal rate of 40.36% in text-to-code scenario and 11.52% in code-to-code scenario. The average refusal rate of all LLMs in RMCBench is only 28.71%; ChatGPT-4 has a refusal rate of only 35.73%. We also analyze the factors that affect LLMs' ability to resist malicious code generation and provide implications for developers to enhance model robustness.