Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual
Existing approaches to improving the robustness of source code models concentrate on recognizing adversarial samples rather than valid samples that fall outside of a given distribution, which we refer to as out-of-distribution (OOD) samples. Recognizing such OOD samples is the novel problem investigated in this paper. To this end, we propose to use an auxiliary dataset (out-of-distribution) such that, when trained together with the main dataset, they will enhance the model’s robustness. We adapt energy-bounded learning objective function to assign a higher score to in-distribution samples and a lower score to out-of-distribution samples in order to incorporate such out-of-distribution samples into the training process of source code models. In terms of OOD detection and adversarial samples detection, our evaluation results demonstrate a greater robustness for existing source code models to become more accurate at recognizing OOD data while being more resistant to adversarial attacks at the same time.
Thu 13 OctDisplayed time zone: Eastern Time (US & Canada) change
10:00 - 12:00 | Technical Session 23 - SecurityTool Demonstrations / Journal-first Papers / Late Breaking Results / Research Papers at Ballroom C East Chair(s): John-Paul Ore North Carolina State University | ||
10:00 10mDemonstration | V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities Tool Demonstrations Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology | ||
10:10 20mPaper | Automatic Detection of Java Cryptographic API Misuses: Are We There Yet? Journal-first Papers Ying Zhang Virginia Tech, USA, Md Mahir Asef Kabir Virginia Tech, Ya Xiao Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech DOI Pre-print | ||
10:30 10mDemonstration | A transformer-based IDE plugin for vulnerability detectionVirtual Tool Demonstrations Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal | ||
10:40 10mDemonstration | Quacky: Quantitative Access Control Permissiveness Analyzer Tool Demonstrations William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara | ||
10:50 10mPaper | Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual Late Breaking Results | ||
11:00 10mDemonstration | Xscope: Hunting for Cross-Chain Bridge AttacksVirtual Tool Demonstrations Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen | ||
11:10 20mResearch paper | Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase ApproachVirtual Research Papers Zhuo Zhang Chongqing University, Yan Lei Chongqing University, Meng Yan Chongqing University, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Jiachi Chen Sun Yat-Sen University, Shangwen Wang National University of Defense Technology, Xiaoguang Mao National University of Defense Technology | ||