{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T04:10:20Z","timestamp":1781755820606,"version":"3.54.5"},"reference-count":92,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2024,3,14]],"date-time":"2024-03-14T00:00:00Z","timestamp":1710374400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62072007, 62192733, 61832009, 62192731, 62152730, 62192730"],"award-info":[{"award-number":["62072007, 62192733, 61832009, 62192731, 62152730, 62192730"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Key Program of Hubei","award":["JD2023008"],"award-info":[{"award-number":["JD2023008"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2024,3,31]]},"abstract":"<jats:p>In the software engineering (SE) community, deep learning (DL) has recently been applied to many source code processing tasks, achieving state-of-the-art results. Due to the poor interpretability of DL models, their security vulnerabilities require scrutiny. Recently, researchers have identified an emergent security threat to DL models, namely,<jats:italic>poison attacks<\/jats:italic>. The attackers aim to inject insidious backdoors into DL models by poisoning the training data with poison samples. The backdoors mean that poisoned models work normally with clean inputs but produce targeted erroneous results with inputs embedded with specific triggers. By using triggers to activate backdoors, attackers can manipulate poisoned models in security-related scenarios (e.g., defect detection) and lead to severe consequences.<\/jats:p><jats:p>To verify the vulnerability of deep source code processing models to poison attacks, we present a poison attack approach for source code named<jats:sc>CodePoisoner<\/jats:sc>as a strong imaginary enemy.<jats:sc>CodePoisoner<\/jats:sc>can produce compilable and functionality-preserving poison samples and effectively attack deep source code processing models by poisoning the training data with poison samples. To defend against poison attacks, we further propose an effective poison detection approach named<jats:sc>CodeDetector<\/jats:sc>.<jats:sc>CodeDetector<\/jats:sc>can automatically identify poison samples in the training data. We apply<jats:sc>CodePoisoner<\/jats:sc>and<jats:sc>CodeDetector<\/jats:sc>to six deep source code processing models, including defect detection, clone detection, and code repair models. The results show that \u2776<jats:sc>CodePoisoner<\/jats:sc>conducts successful poison attacks with a high attack success rate (average: 98.3%, maximum: 100%). It validates that existing deep source code processing models have a strong vulnerability to poison attacks. \u2777<jats:sc>CodeDetector<\/jats:sc>effectively defends against multiple poison attack approaches by detecting (maximum: 100%) poison samples in the training data. We hope this work can help SE researchers and practitioners notice poison attacks and inspire the design of more advanced defense techniques.<\/jats:p>","DOI":"10.1145\/3630008","type":"journal-article","created":{"date-parts":[[2023,11,2]],"date-time":"2023-11-02T04:38:30Z","timestamp":1698899910000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Poison Attack and Poison Detection on Deep Source Code Processing Models"],"prefix":"10.1145","volume":"33","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5579-8852","authenticated-orcid":false,"given":"Jia","family":"Li \u2642","sequence":"first","affiliation":[{"name":"Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0198-2304","authenticated-orcid":false,"given":"Zhuo","family":"Li","sequence":"additional","affiliation":[{"name":"Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0324-4591","authenticated-orcid":false,"given":"Huangzhao","family":"Zhang","sequence":"additional","affiliation":[{"name":"Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5828-0186","authenticated-orcid":false,"given":"Ge","family":"Li","sequence":"additional","affiliation":[{"name":"Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1087-226X","authenticated-orcid":false,"given":"Zhi","family":"Jin","sequence":"additional","affiliation":[{"name":"Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; School of Computer Science, Peking University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0093-3292","authenticated-orcid":false,"given":"Xing","family":"Hu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Ningbo, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6302-3256","authenticated-orcid":false,"given":"Xin","family":"Xia","sequence":"additional","affiliation":[{"name":"Huawei, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,3,14]]},"reference":[{"key":"e_1_3_3_2_2","unstructured":"Wikipedia. 2023. Wikipedia. https:\/\/www.wikipedia.org"},{"key":"e_1_3_3_3_2","unstructured":"Google. 2023. Goole Translation. https:\/\/translate.google.com"},{"key":"e_1_3_3_4_2","unstructured":"GitHub. 2023. GitHub. https:\/\/github.com\/"},{"key":"e_1_3_3_5_2","unstructured":"Stack Overflow. 2023. Stack Overflow. https:\/\/stackoverflow.com"},{"key":"e_1_3_3_6_2","unstructured":"Jia Li. 2023. Replicate Package. https:\/\/github.com\/LJ2lijia\/CodeDetector"},{"key":"e_1_3_3_7_2","unstructured":"Black Dock. 2023. Black Dock. https:\/\/www.blackducksoftware.com\/"},{"key":"e_1_3_3_8_2","unstructured":"MicroSoft. 2023. GitHub Copilot. https:\/\/copilot.github.com"},{"key":"e_1_3_3_9_2","unstructured":"TreeSitter. 2023. TreeSitter. https:\/\/tree-sitter.github.io\/tree-sitter"},{"key":"e_1_3_3_10_2","unstructured":"MicroSoft. 2023. IntelliCode. https:\/\/visualstudio.microsoft.com\/services\/intellicode"},{"key":"e_1_3_3_11_2","article-title":"TrojanPuzzle: Covertly poisoning code-suggestion models","volume":"2301","author":"Aghakhani Hojjat","year":"2023","unstructured":"Hojjat Aghakhani, Wei Dai, Andre Manoel, Xavier Fernandes, Anant Kharkar, Christopher Kruegel, Giovanni Vigna, David Evans, Ben Zorn, and Robert Sim. 2023. TrojanPuzzle: Covertly poisoning code-suggestion models. CoRR abs\/2301.02344 (2023).","journal-title":"CoRR"},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/3212695"},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.1995.514697"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP.2019.8802997"},{"key":"e_1_3_3_15_2","article-title":"Automated correction for syntax errors in programming assignments using recurrent neural networks","author":"Bhatia Sahil","year":"2016","unstructured":"Sahil Bhatia and Rishabh Singh. 2016. Automated correction for syntax errors in programming assignments using recurrent neural networks. arXiv preprint arXiv:1603.06129 (2016).","journal-title":"arXiv preprint arXiv:1603.06129"},{"key":"e_1_3_3_16_2","article-title":"DP-InstaHide: Provably defusing poisoning and backdoor attacks with differentially private data augmentations","volume":"2103","author":"Borgnia Eitan","year":"2021","unstructured":"Eitan Borgnia, Jonas Geiping, Valeriia Cherepanova, Liam Fowl, Arjun Gupta, Amin Ghiasi, Furong Huang, Micah Goldblum, and Tom Goldstein. 2021. DP-InstaHide: Provably defusing poisoning and backdoor attacks with differentially private data augmentations. CoRR abs\/2103.02079 (2021).","journal-title":"CoRR"},{"key":"e_1_3_3_17_2","unstructured":"Tom Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared D. Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell Sandhini Agarwal Ariel Herbert-Voss Gretchen Krueger Tom Henighan Rewon Child Aditya Ramesh Daniel Ziegler Jeffrey Wu Clemens Winter Chris Hesse Mark Chen Eric Sigler Mateusz Litwin Scott Gray Benjamin Chess Jack Clark Christopher Berner Sam McCandlish Alec Radford Ilya Sutskever and Dario Amodei. 2020. Language models are few-shot learners. In Advances in Neural Information Processing Systems H. Larochelle M. Ranzato R. Hadsell M. F. Balcan and H. Lin (Eds.). Vol. 33. Curran Associates Inc. 1877\u20131901. https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2020\/file\/1457c0d6bfcb4967418bfb8ac142f64a-Paper.pdf"},{"key":"e_1_3_3_18_2","article-title":"CODIT: Code editing with tree-based neural models","author":"Chakraborty Saikat","year":"2020","unstructured":"Saikat Chakraborty, Yangruibo Ding, Miltiadis Allamanis, and Baishakhi Ray. 2020. CODIT: Code editing with tree-based neural models. IEEE Trans. Softw. Eng. 48, 4 (2020), 1385\u20131399.","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_3_19_2","volume-title":"AAAI Workshop on Artificial Intelligence Safety (SafeAI@ AAAI\u201919)","author":"Chen Bryant","year":"2019","unstructured":"Bryant Chen, Wilka Carvalho, Nathalie Baracaldo, Heiko Ludwig, Benjamin Edwards, Taesung Lee, Ian Molloy, and Biplav Srivastava. 2019. Detecting backdoor attacks on deep neural networks by activation clustering. In AAAI Workshop on Artificial Intelligence Safety (SafeAI@ AAAI\u201919)."},{"key":"e_1_3_3_20_2","volume-title":"International Conference on Learning Representations","author":"Chen Kangjie","year":"2021","unstructured":"Kangjie Chen, Yuxian Meng, Xiaofei Sun, Shangwei Guo, Tianwei Zhang, Jiwei Li, and Chun Fan. 2021. BadPre: Task-agnostic backdoor attacks to pre-trained NLP foundation models. In International Conference on Learning Representations."},{"key":"e_1_3_3_21_2","volume-title":"ICML Workshop on Adversarial Machine Learning","author":"Chen Xiaoyi","year":"2021","unstructured":"Xiaoyi Chen, Ahmed Salem, Michael Backes, Shiqing Ma, and Yang Zhang. 2021. BadNL: Backdoor attacks against NLP models. In ICML Workshop on Adversarial Machine Learning."},{"issue":"9","key":"e_1_3_3_22_2","first-page":"1943","article-title":"Sequencer: Sequence-to-sequence learning for end-to-end program repair","volume":"47","author":"Chen Zimin","year":"2019","unstructured":"Zimin Chen, Steve Kommrusch, Michele Tufano, Louis-No\u00ebl Pouchet, Denys Poshyvanyk, and Martin Monperrus. 2019. Sequencer: Sequence-to-sequence learning for end-to-end program repair. IEEE Trans. Softw. Eng. 47, 9 (2019), 1943\u20131959.","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/3436877"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/349214.349233"},{"key":"e_1_3_3_25_2","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1007\/3-540-45748-8_24","volume-title":"International Workshop on Peer-to-peer Systems","author":"Douceur John R.","year":"2002","unstructured":"John R. Douceur. 2002. The Sybil attack. In International Workshop on Peer-to-peer Systems. Springer, 251\u2013260."},{"key":"e_1_3_3_26_2","first-page":"1536","volume-title":"Findings of the Association for Computational Linguistics (EMNLP\u201920)","author":"Feng Zhangyin","year":"2020","unstructured":"Zhangyin Feng, Daya Guo, Duyu Tang, Nan Duan, Xiaocheng Feng, Ming Gong, Linjun Shou, Bing Qin, Ting Liu, Daxin Jiang, and Ming Zhou. 2020. CodeBERT: A pre-trained model for programming and natural languages. In Findings of the Association for Computational Linguistics (EMNLP\u201920). Association for Computational Linguistics, 1536\u20131547."},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","unstructured":"Leilei Gan Jiwei Li Tianwei Zhang Xiaoya Li Yuxian Meng Fei Wu Yi Yang Shangwei Guo and Chun Fan. 2022. Triggerless backdoor attack for NLP tasks with clean labels. In Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL\u201922) Marine Carpuat Marie-Catherine de Marneffe and Iv\u00e1n Vladimir Meza Ru\u00edz (Eds.). Association for Computational Linguistics 2942\u20132952. 10.18653\/V1\/2022.NAACL-MAIN.214","DOI":"10.18653\/V1\/2022.NAACL-MAIN.214"},{"key":"e_1_3_3_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"e_1_3_3_29_2","first-page":"746","volume-title":"35th IEEE\/ACM International Conference on Automated Software Engineering (ASE\u201920)","author":"Gros David","year":"2020","unstructured":"David Gros, Hariharan Sezhiyan, Prem Devanbu, and Zhou Yu. 2020. Code to comment \u201ctranslation\u201d: Data, metrics, baselining & evaluation. In 35th IEEE\/ACM International Conference on Automated Software Engineering (ASE\u201920). IEEE, 746\u2013757."},{"key":"e_1_3_3_30_2","article-title":"BadNets: Identifying vulnerabilities in the machine learning model supply chain","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. BadNets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017).","journal-title":"arXiv preprint arXiv:1708.06733"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v31i1.10742"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3196321.3196334"},{"key":"e_1_3_3_34_2","volume-title":"10th International Conference on Learning Representations (ICLR\u201922)","author":"Huang Kunzhe","year":"2022","unstructured":"Kunzhe Huang, Yiming Li, Baoyuan Wu, Zhan Qin, and Kui Ren. 2022. Backdoor defense via decoupling the training process. In 10th International Conference on Learning Representations (ICLR\u201922). OpenReview.net. Retrieved from https:\/\/openreview.net\/forum?id=TySnJ-0RdKI"},{"key":"e_1_3_3_35_2","article-title":"CodeSearchNet challenge: Evaluating the state of semantic code search","volume":"1909","author":"Husain Hamel","year":"2019","unstructured":"Hamel Husain, Ho-Hsiang Wu, Tiferet Gazit, Miltiadis Allamanis, and Marc Brockschmidt. 2019. CodeSearchNet challenge: Evaluating the state of semantic code search. CoRR abs\/1909.09436 (2019). arXiv:1909.09436 http:\/\/arxiv.org\/abs\/1909.09436","journal-title":"CoRR"},{"key":"e_1_3_3_36_2","doi-asserted-by":"publisher","unstructured":"Paras Jain Ajay Jain Tianjun Zhang Pieter Abbeel Joseph Gonzalez and Ion Stoica. 2021. Contrastive code representation learning. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing EMNLP 2021 Virtual Event\/Punta Cana Dominican Republic 7-11 November 2021 Marie-Francine Moens Xuanjing Huang Lucia Specia and Scott Wen-tau Yih (Eds.). Association for Computational Linguistics 5954\u20135971. 10.18653\/V1\/2021.EMNLP-MAIN.482","DOI":"10.18653\/V1\/2021.EMNLP-MAIN.482"},{"key":"e_1_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243757"},{"key":"e_1_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00107"},{"key":"e_1_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380342"},{"key":"e_1_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1181"},{"key":"e_1_3_3_41_2","doi-asserted-by":"crossref","first-page":"2793","DOI":"10.18653\/v1\/2020.acl-main.249","volume-title":"58th Annual Meeting of the Association for Computational Linguistics","author":"Kurita Keita","year":"2020","unstructured":"Keita Kurita, Paul Michel, and Graham Neubig. 2020. Weight poisoning attacks on pretrained models. In 58th Annual Meeting of the Association for Computational Linguistics. 2793\u20132806."},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597207"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678724"},{"key":"e_1_3_3_44_2","doi-asserted-by":"publisher","unstructured":"Jia Li Ge Li Yongmin Li and Zhi Jin. 2023. Enabling programming thinking in large language models toward code generation. CoRR abs\/2305.06599 (2023). 10.48550\/ARXIV.2305.06599 arXiv:2305.06599.","DOI":"10.48550\/ARXIV.2305.06599"},{"key":"e_1_3_3_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00179"},{"key":"e_1_3_3_46_2","doi-asserted-by":"publisher","unstructured":"Jia Li Yunfei Zhao Yongmin Li Ge Li and Zhi Jin. 2023. Towards Enhancing In-Context Learning for Code Generation. CoRR abs\/2303.17780 (2023). 10.48550\/ARXIV.2303.17780 arXiv:2303.17780","DOI":"10.48550\/ARXIV.2303.17780"},{"key":"e_1_3_3_47_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484576"},{"issue":"5","key":"e_1_3_3_48_2","first-page":"2088","article-title":"Invisible backdoor attacks on deep neural networks via steganography and regularization","volume":"18","author":"Li Shaofeng","year":"2020","unstructured":"Shaofeng Li, Minhui Xue, Benjamin Zi Hao Zhao, Haojin Zhu, and Xinpeng Zhang. 2020. Invisible backdoor attacks on deep neural networks via steganography and regularization. IEEE Trans. Depend. Secure Comput. 18, 5 (2020), 2088\u20132105.","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"e_1_3_3_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00035"},{"key":"e_1_3_3_50_2","first-page":"14900","volume-title":"Annual Conference on Neural Information Processing Systems (NeurIPS\u201921)","author":"Li Yige","year":"2021","unstructured":"Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2021. Anti-backdoor learning: Training clean models on poisoned data. In Annual Conference on Neural Information Processing Systems (NeurIPS\u201921), Marc\u2019Aurelio Ranzato, Alina Beygelzimer, Yann N. Dauphin, Percy Liang, and Jennifer Wortman Vaughan (Eds.). 14900\u201314912. Retrieved from https:\/\/proceedings.neurips.cc\/paper\/2021\/hash\/7d38b1e9bd793d3f45e0e212a729a93c-Abstract.html"},{"key":"e_1_3_3_51_2","volume-title":"9th International Conference on Learning Representations (ICLR\u201921)","author":"Li Yige","year":"2021","unstructured":"Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2021. Neural attention distillation: Erasing backdoor triggers from deep neural networks. In 9th International Conference on Learning Representations (ICLR\u201921). OpenReview.net. Retrieved from https:\/\/openreview.net\/forum?id=9l0K4OM-oXE"},{"key":"e_1_3_3_52_2","doi-asserted-by":"crossref","unstructured":"Zhen Li Deqing Zou Shouhuai Xu Hai Jin Yawei Zhu and Zhaoxuan Chen. 2021. SySeVR: A framework for using deep learning to detect software vulnerabilities. IEEE Transactions on Dependable and Secure Computing 19 4 (2021) 2244\u20132258.","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"e_1_3_3_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423362"},{"key":"e_1_3_3_54_2","unstructured":"Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2017. Trojaning attack on neural networks. In 25th Annual Network and Distributed System Security Symposium NDSS 2018 San Diego California USA February 18-21 2018. The Internet Society. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2018\/02\/ndss2018_03A-5_Liu_paper.pdf"},{"key":"e_1_3_3_55_2","doi-asserted-by":"publisher","unstructured":"Zhenguang Liu Peng Qian Xiaoyang Wang Yuan Zhuang Lin Qiu and Xun Wang. 2023. Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Transactions on Knowledge and Data Engineering 35 2 (2023) 1296\u20131310. 10.1109\/TKDE.2021.3095196","DOI":"10.1109\/TKDE.2021.3095196"},{"key":"e_1_3_3_56_2","unstructured":"Shuai Lu Daya Guo Shuo Ren Junjie Huang Alexey Svyatkovskiy Ambrosio Blanco Colin B. Clement Dawn Drain Daxin Jiang Duyu Tang Ge Li Lidong Zhou Linjun Shou Long Zhou Michele Tufano Ming Gong Ming Zhou Nan Duan Neel Sundaresan Shao Kun Deng Shengyu Fu and Shujie Liu. 2021. CodeXGLUE: A machine learning benchmark dataset for code understanding and generation. In 35th Conference on Neural Information Processing Systems Datasets and Benchmarks Track (Round 1)."},{"key":"e_1_3_3_57_2","first-page":"34","article-title":"This POODLE bites: Exploiting the SSL 3.0 fallback","volume":"21","author":"M\u00f6ller Bodo","year":"2014","unstructured":"Bodo M\u00f6ller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: Exploiting the SSL 3.0 fallback. Secur. Advis. 21 (2014), 34\u201358.","journal-title":"Secur. Advis."},{"key":"e_1_3_3_58_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9528-y"},{"key":"e_1_3_3_59_2","first-page":"3611","volume-title":"31st USENIX Security Symposium (USENIX Security\u201922)","author":"Pan Xudong","year":"2022","unstructured":"Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, and Min Yang. 2022. Hidden trigger backdoor attack on NLP models via linguistic style manipulation. In 31st USENIX Security Symposium (USENIX Security\u201922). 3611\u20133628."},{"key":"e_1_3_3_60_2","unstructured":"Andrea Paudice Luis Mu\u00f1oz-Gonz\u00e1lez Andras Gyorgy and Emil C. Lupu. 2018. Detection of adversarial training examples in poisoning attacks through anomaly detection. CoRR abs\/1802.03041 (2018). arXiv:1802.03041 http:\/\/arxiv.org\/abs\/1802.03041"},{"key":"e_1_3_3_61_2","first-page":"5","volume-title":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","author":"Paudice Andrea","year":"2018","unstructured":"Andrea Paudice, Luis Mu\u00f1oz-Gonz\u00e1lez, and Emil C. Lupu. 2018. Label sanitization against label flipping poisoning attacks. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 5\u201315."},{"key":"e_1_3_3_62_2","unstructured":"L. Prechelt G. Malpohl and M. Philippsen. 2000. JPlag: Finding plagiarisms among a set of programs. Technical Report. University of Karlsruhe Department of Informatics."},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.emnlp-main.752"},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.acl-long.37"},{"key":"e_1_3_3_65_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.acl-long.377"},{"key":"e_1_3_3_66_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330219"},{"key":"e_1_3_3_67_2","first-page":"1559","volume-title":"30th USENIX Security Symposium (USENIX Security\u201921)","author":"Schuster Roei","year":"2021","unstructured":"Roei Schuster, Congzheng Song, Eran Tromer, and Vitaly Shmatikov. 2021. You autocomplete me: Poisoning vulnerabilities in neural code completion. In 30th USENIX Security Symposium (USENIX Security\u201921). 1559\u20131575."},{"key":"e_1_3_3_68_2","article-title":"Poison frogs! Targeted clean-label poisoning attacks on neural networks","volume":"31","author":"Shafahi Ali","year":"2018","unstructured":"Ali Shafahi, W. Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, and Tom Goldstein. 2018. Poison frogs! Targeted clean-label poisoning attacks on neural networks. Adv. Neural Inf. Process. Syst. 31 (2018).","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"e_1_3_3_69_2","article-title":"Certified defenses for data poisoning attacks","volume":"30","author":"Steinhardt Jacob","year":"2017","unstructured":"Jacob Steinhardt, Pang Wei W. Koh, and Percy S. Liang. 2017. Certified defenses for data poisoning attacks. Adv. Neural Inf. Process. Syst. 30 (2017).","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"e_1_3_3_70_2","first-page":"3319","volume-title":"International Conference on Machine Learning","author":"Sundararajan Mukund","year":"2017","unstructured":"Mukund Sundararajan, Ankur Taly, and Qiqi Yan. 2017. Axiomatic attribution for deep networks. In International Conference on Machine Learning. PMLR, 3319\u20133328."},{"key":"e_1_3_3_71_2","first-page":"3104","volume-title":"International Conference on Advances in Neural Information Processing Systems","author":"Sutskever Ilya","year":"2014","unstructured":"Ilya Sutskever, Oriol Vinyals, and Quoc V. Le. 2014. Sequence to sequence learning with neural networks. In International Conference on Advances in Neural Information Processing Systems. 3104\u20133112."},{"key":"e_1_3_3_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2014.77"},{"key":"e_1_3_3_73_2","doi-asserted-by":"publisher","DOI":"10.5555\/3327757.3327896"},{"key":"e_1_3_3_74_2","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3240732"},{"key":"e_1_3_3_75_2","doi-asserted-by":"publisher","DOI":"10.1145\/3340544"},{"key":"e_1_3_3_76_2","doi-asserted-by":"publisher","DOI":"10.1145\/3340544"},{"key":"e_1_3_3_77_2","first-page":"5998","volume-title":"International Conference on Advances in Neural Information Processing Systems","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In International Conference on Advances in Neural Information Processing Systems. 5998\u20136008."},{"key":"e_1_3_3_78_2","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549153"},{"key":"e_1_3_3_79_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3044773"},{"key":"e_1_3_3_80_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054857"},{"key":"e_1_3_3_81_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380429"},{"key":"e_1_3_3_82_2","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2017\/423"},{"key":"e_1_3_3_83_2","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970326"},{"key":"e_1_3_3_84_2","first-page":"228","volume-title":"International Symposium on Practical Aspects of Declarative Languages","author":"Xi Hongwei","year":"1999","unstructured":"Hongwei Xi. 1999. Dead code elimination through dependent types. In International Symposium on Practical Aspects of Declarative Languages. Springer, 228\u2013242."},{"key":"e_1_3_3_85_2","doi-asserted-by":"crossref","unstructured":"Chang Xu Jun Wang Yuqing Tang Francisco Guzm\u00e1n Benjamin I. P. Rubinstein and Trevor Cohn. 2021. A targeted attack on black-box neural machine translation with parallel data poisoning. In Proceedings of the Web Conference 2021. 3638\u20133650.","DOI":"10.1145\/3442381.3450034"},{"key":"e_1_3_3_86_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.acl-long.431"},{"key":"e_1_3_3_87_2","doi-asserted-by":"publisher","DOI":"10.1145\/3428230"},{"key":"e_1_3_3_88_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i01.5469"},{"key":"e_1_3_3_89_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00086"},{"key":"e_1_3_3_90_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464809"},{"key":"e_1_3_3_91_2","doi-asserted-by":"publisher","DOI":"10.1145\/3374664.3375751"},{"key":"e_1_3_3_92_2","unstructured":"Yaqin Zhou Shangqing Liu Jing Kai Siow Xiaoning Du and Yang Liu. 2019. Devign: Effective vulnerability identification by Learning comprehensive program semantics via graph neural networks. In Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019 NeurIPS 2019 December 8-14 2019 Vancouver BC Canada Hanna M. Wallach Hugo Larochelle Alina Beygelzimer Florence d\u2019Alch\u00e9-Buc Emily B. Fox and Roman Garnett (Eds.). 10197\u201310207. https:\/\/proceedings.neurips.cc\/paper\/2019\/hash\/49265d2447bc3bbfe9e76306ce40a31f-Abstract.html"},{"key":"e_1_3_3_93_2","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468544"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3630008","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3630008","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:57:00Z","timestamp":1750291020000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3630008"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,14]]},"references-count":92,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,3,31]]}},"alternative-id":["10.1145\/3630008"],"URL":"https:\/\/doi.org\/10.1145\/3630008","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,14]]},"assertion":[{"value":"2022-06-18","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-10-09","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}