A Survey on Adversarial Machine Learning for Code Data: Realistic Threats, Countermeasures, and Interpretations

TL;DR

This survey comprehensively analyzes security vulnerabilities of Code Language Models (CLMs), categorizing attack types, examining countermeasures, and highlighting future research directions to enhance their reliability in real-world applications.

Contribution

It provides the most extensive review of adversarial attacks on CLMs, categorizes threats based on the CIA triad, and introduces novel perspectives on explainable AI and interconnected risks.

Findings

Identified 79 relevant papers on adversarial ML for CLMs.

Categorized attacks into poisoning, evasion, and privacy types.

Discussed countermeasures and future research challenges.

Abstract

Code Language Models (CLMs) have achieved tremendous progress in source code understanding and generation, leading to a significant increase in research interests focused on applying CLMs to real-world software engineering tasks in recent years. However, in realistic scenarios, CLMs are exposed to potential malicious adversaries, bringing risks to the confidentiality, integrity, and availability of CLM systems. Despite these risks, a comprehensive analysis of the security vulnerabilities of CLMs in the extremely adversarial environment has been lacking. To close this research gap, we categorize existing attack techniques into three types based on the CIA triad: poisoning attacks (integrity \& availability infringement), evasion attacks (integrity infringement), and privacy attacks (confidentiality infringement). We have collected so far the most comprehensive (79) papers related to adversarial machine learning for CLM from the research fields of artificial intelligence, computer security, and software engineering. Our analysis covers each type of risk, examining threat model categorization, attack techniques, and countermeasures, while also introducing novel perspectives on eXplainable AI (XAI) and exploring the interconnections between different risks. Finally, we identify current challenges and future research opportunities. This study aims to provide a comprehensive roadmap for both researchers and practitioners and pave the way towards more reliable CLMs for practical applications.