HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors

Jingxiao Yang; Ping He; Tianyu Du; Sun Bing; Xuhong Zhang

arXiv:2601.05587·cs.CR·January 12, 2026

HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors

Jingxiao Yang, Ping He, Tianyu Du, Sun Bing, Xuhong Zhang

PDF

Open Access 1 Video

TL;DR

HogVul is a novel black-box adversarial framework that combines lexical and syntax perturbations using Particle Swarm Optimization to effectively evade LM-based vulnerability detectors, significantly improving attack success rates.

Contribution

This work introduces HogVul, a unified dual-channel optimization framework that enhances black-box adversarial code generation against vulnerability detectors by integrating lexical and syntax perturbations.

Findings

01

Achieves 26.05% higher attack success rate than baselines

02

Effectively explores a larger adversarial code space

03

Demonstrates the effectiveness of hybrid optimization strategies

Abstract

Recent advances in software vulnerability detection have been driven by Language Model (LM)-based approaches. However, these models remain vulnerable to adversarial attacks that exploit lexical and syntax perturbations, allowing critical flaws to evade detection. Existing black-box attacks on LM-based vulnerability detectors primarily rely on isolated perturbation strategies, limiting their ability to efficiently explore the adversarial code space for optimal perturbations. To bridge this gap, we propose HogVul, a black-box adversarial code generation framework that integrates both lexical and syntax perturbations under a unified dual-channel optimization strategy driven by Particle Swarm Optimization (PSO). By systematically coordinating two-level perturbations, HogVul effectively expands the search space for adversarial examples, enhancing the attack efficacy. Extensive experiments on…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors· underline

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques · Information and Cyber Security