FDI: Attack Neural Code Generation Systems through User Feedback Channel

Zhensu Sun; Xiaoning Du; Xiapu Luo; Fu Song; David Lo; Li Li

doi:10.1145/3650212.3680300

FDI: Attack Neural Code Generation Systems through User Feedback Channel

Zhensu Sun
, Xiaoning Du
, Xiapu Luo
, Fu Song
, David Lo
, Li Li

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

4 Citations (Scopus)

Abstract

Neural code generation systems have recently attracted increasing attention to improve developer productivity and speed up software development. Typically, these systems maintain a pre-trained neural model and make it available to general users as a service (e.g., through remote APIs) and incorporate a feedback mechanism to extensively collect and utilize the users' reaction to the generated code, i.e., user feedback. However, the security implications of such feedback have not yet been explored. With a systematic study of current feedback mechanisms, we find that feedback makes these systems vulnerable to feedback data injection (FDI) attacks. We discuss the methodology of FDI attacks and present a pre-attack profiling strategy to infer the attack constraints of a targeted system in the black-box setting. We demonstrate two proof-of-concept examples utilizing the FDI attack surface to implement prompt injection attacks and backdoor attacks on practical neural code generation systems. The attacker may stealthily manipulate a neural code generation system to generate code with vulnerabilities, attack payload, and malicious and spam messages. Our findings reveal the security implications of feedback mechanisms in neural code generation systems, paving the way for increasing their security.

Original language	English
Title of host publication	Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis
Editors	Maria Christakis, Michael Pradel
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	528-540
Number of pages	13
ISBN (Electronic)	9798400706127
DOIs	https://doi.org/10.1145/3650212.3680300
Publication status	Published - 2024
Event	International Symposium on Software Testing and Analysis 2024 - Vienna, Austria Duration: 16 Sept 2024 → 20 Sept 2024 Conference number: 33rd https://dl.acm.org/doi/proceedings/10.1145/3650212 (Proceedings) https://conf.researchr.org/home/issta-2024 (Website)

Conference

Conference	International Symposium on Software Testing and Analysis 2024
Abbreviated title	ISSTA 2024
Country/Territory	Austria
City	Vienna
Period	16/09/24 → 20/09/24
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3650212 (Proceedings) https://conf.researchr.org/home/issta-2024 (Website)

Keywords

Code Generation
Data Poisoning
User Feedback

Access to Document

10.1145/3650212.3680300

Cite this

@inproceedings{08ebb613b94347f2a5b80eb1b586ef89,

title = "FDI: Attack Neural Code Generation Systems through User Feedback Channel",

abstract = "Neural code generation systems have recently attracted increasing attention to improve developer productivity and speed up software development. Typically, these systems maintain a pre-trained neural model and make it available to general users as a service (e.g., through remote APIs) and incorporate a feedback mechanism to extensively collect and utilize the users' reaction to the generated code, i.e., user feedback. However, the security implications of such feedback have not yet been explored. With a systematic study of current feedback mechanisms, we find that feedback makes these systems vulnerable to feedback data injection (FDI) attacks. We discuss the methodology of FDI attacks and present a pre-attack profiling strategy to infer the attack constraints of a targeted system in the black-box setting. We demonstrate two proof-of-concept examples utilizing the FDI attack surface to implement prompt injection attacks and backdoor attacks on practical neural code generation systems. The attacker may stealthily manipulate a neural code generation system to generate code with vulnerabilities, attack payload, and malicious and spam messages. Our findings reveal the security implications of feedback mechanisms in neural code generation systems, paving the way for increasing their security.",

keywords = "Code Generation, Data Poisoning, User Feedback",

author = "Zhensu Sun and Xiaoning Du and Xiapu Luo and Fu Song and David Lo and Li Li",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.; International Symposium on Software Testing and Analysis 2024, ISSTA 2024 ; Conference date: 16-09-2024 Through 20-09-2024",

year = "2024",

doi = "10.1145/3650212.3680300",

language = "English",

pages = "528--540",

editor = "Maria Christakis and Michael Pradel",

booktitle = "Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

url = "https://dl.acm.org/doi/proceedings/10.1145/3650212, https://conf.researchr.org/home/issta-2024",

}

Sun, Z, Du, X, Luo, X, Song, F, Lo, D & Li, L 2024, FDI: Attack Neural Code Generation Systems through User Feedback Channel. in M Christakis & M Pradel (eds), Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery (ACM), New York NY USA, pp. 528-540, International Symposium on Software Testing and Analysis 2024, Vienna, Austria, 16/09/24. https://doi.org/10.1145/3650212.3680300

FDI: Attack Neural Code Generation Systems through User Feedback Channel. / Sun, Zhensu; Du, Xiaoning; Luo, Xiapu et al.
Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. ed. / Maria Christakis; Michael Pradel. New York NY USA: Association for Computing Machinery (ACM), 2024. p. 528-540.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - FDI

T2 - International Symposium on Software Testing and Analysis 2024

AU - Sun, Zhensu

AU - Du, Xiaoning

AU - Luo, Xiapu

AU - Song, Fu

AU - Lo, David

AU - Li, Li

N1 - Conference code: 33rd

PY - 2024

Y1 - 2024

N2 - Neural code generation systems have recently attracted increasing attention to improve developer productivity and speed up software development. Typically, these systems maintain a pre-trained neural model and make it available to general users as a service (e.g., through remote APIs) and incorporate a feedback mechanism to extensively collect and utilize the users' reaction to the generated code, i.e., user feedback. However, the security implications of such feedback have not yet been explored. With a systematic study of current feedback mechanisms, we find that feedback makes these systems vulnerable to feedback data injection (FDI) attacks. We discuss the methodology of FDI attacks and present a pre-attack profiling strategy to infer the attack constraints of a targeted system in the black-box setting. We demonstrate two proof-of-concept examples utilizing the FDI attack surface to implement prompt injection attacks and backdoor attacks on practical neural code generation systems. The attacker may stealthily manipulate a neural code generation system to generate code with vulnerabilities, attack payload, and malicious and spam messages. Our findings reveal the security implications of feedback mechanisms in neural code generation systems, paving the way for increasing their security.

AB - Neural code generation systems have recently attracted increasing attention to improve developer productivity and speed up software development. Typically, these systems maintain a pre-trained neural model and make it available to general users as a service (e.g., through remote APIs) and incorporate a feedback mechanism to extensively collect and utilize the users' reaction to the generated code, i.e., user feedback. However, the security implications of such feedback have not yet been explored. With a systematic study of current feedback mechanisms, we find that feedback makes these systems vulnerable to feedback data injection (FDI) attacks. We discuss the methodology of FDI attacks and present a pre-attack profiling strategy to infer the attack constraints of a targeted system in the black-box setting. We demonstrate two proof-of-concept examples utilizing the FDI attack surface to implement prompt injection attacks and backdoor attacks on practical neural code generation systems. The attacker may stealthily manipulate a neural code generation system to generate code with vulnerabilities, attack payload, and malicious and spam messages. Our findings reveal the security implications of feedback mechanisms in neural code generation systems, paving the way for increasing their security.

KW - Code Generation

KW - Data Poisoning

KW - User Feedback

UR - https://www.scopus.com/pages/publications/85205530457

U2 - 10.1145/3650212.3680300

DO - 10.1145/3650212.3680300

M3 - Conference Paper

AN - SCOPUS:85205530457

SP - 528

EP - 540

BT - Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

A2 - Christakis, Maria

A2 - Pradel, Michael

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 16 September 2024 through 20 September 2024

ER -

FDI: Attack Neural Code Generation Systems through User Feedback Channel

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this