A Small Leak Sinks All: Exploring the Transferable Vulnerability of Source Code Models

TL;DR

This paper investigates the transferable vulnerabilities of source code models, including traditional SCMs and LLM-based models, proposing a novel attack method that reveals significant security risks and highlights key points for future defenses.

Contribution

It introduces HABITAT, a victim-agnostic approach for generating adversarial samples, and provides an intrinsic transferability analysis linking traditional SCMs and LLM4Code vulnerabilities.

Findings

Adversarial samples achieve up to 64% success against LLM4Code.

HABITAT surpasses state-of-the-art attack success rates by over 15%.

Identifies key factors influencing vulnerability transferability.

Abstract

Source Code Model learn the proper embeddings from source codes, demonstrating significant success in various software engineering or security tasks. The recent explosive development of LLM extends the family of SCMs,bringing LLMs for code that revolutionize development workflows. Investigating different kinds of SCM vulnerability is the cornerstone for the security and trustworthiness of AI-powered software ecosystems, however, the fundamental one, transferable vulnerability, remains critically underexplored. Existing studies neither offer practical ways, i.e. require access to the downstream classifier of SCMs, to produce effective adversarial samples for adversarial defense, nor give heed to the widely used LLM4Code in modern software development platforms and cloud-based integrated development environments. Therefore, this work systematically studies the intrinsic vulnerability transferability of both traditional SCMs and LLM4Code, and proposes a victim-agnostic approach to generate practical adversarial samples. We design HABITAT, consisting of a tailored perturbation-inserting mechanism and a hierarchical Reinforcement Learning framework that adaptively selects optimal perturbations without requiring any access to the downstream classifier of SCMs. Furthermore, an intrinsic transferability analysis of SCM vulnerabilities is conducted, revealing the potential vulnerability correlation between traditional SCMs and LLM4Code, together with fundamental factors that govern the success rate of victim-agnostic transfer attacks. These findings of SCM vulnerabilities underscore the critical focal points for developing robust defenses in the future. Experimental evaluation demonstrates that our constructed adversarial examples crafted based on traditional SCMs achieve up to 64% success rates against LLM4Code, surpassing the state-of-the-art by over 15%.