Poisoned Source Code Detection in Code Models

Ehab Ghannoum; Mohammad Ghafari

arXiv:2502.13459·cs.CR·March 18, 2025

Poisoned Source Code Detection in Code Models

Ehab Ghannoum, Mohammad Ghafari

PDF

Open Access

TL;DR

This paper introduces CodeGarrison, a hybrid deep-learning approach that effectively detects poisoned source code samples, outperforming existing methods and demonstrating robustness against various poisoning techniques.

Contribution

The paper presents a novel hybrid deep-learning model, CodeGarrison, for detecting poisoned source code samples, significantly improving accuracy over prior techniques and enhancing robustness against unknown attacks.

Findings

01

CodeGarrison achieves 93.5% accuracy in detecting poisoned code.

02

It outperforms the state-of-the-art ONION method.

03

Demonstrates 85.6% accuracy against unknown poisoning attacks.

Abstract

Deep learning models have gained popularity for conducting various tasks involving source code. However, their black-box nature raises concerns about potential risks. One such risk is a poisoning attack, where an attacker intentionally contaminates the training set with malicious samples to mislead the model's predictions in specific scenarios. To protect source code models from poisoning attacks, we introduce CodeGarrison (CG), a hybrid deep-learning model that relies on code embeddings to identify poisoned code samples. We evaluated CG against the state-of-the-art technique ONION for detecting poisoned samples generated by DAMP, MHM, ALERT, as well as a novel poisoning technique named CodeFooler. Results showed that CG significantly outperformed ONION with an accuracy of 93.5%. We also tested CG's robustness against unknown attacks, achieving an average accuracy of 85.6% in…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Malware Detection Techniques · Software Engineering Research · Digital and Cyber Forensics

MethodsSparse Evolutionary Training