面向漏洞检测模型的强化学习式对抗攻击方法
CSTR:
作者:
作者单位:

作者简介:

陈思然(1997-), 男, 硕士生, CCF学生会员, 主要研究领域为智能系统安全, 漏洞挖掘;罗天悦(1990-), 男, 高级工程师, CCF专业会员, 主要研究领域为操作系统安全分析, 代码漏洞挖掘, 人工智能安全;吴敬征(1982-), 男, 博士, 研究员, 博士导师, CCF高级会员, 主要研究领域为系统安全, 漏洞挖掘, 操作系统安全;刘镓煜(1998-), 男, 博士生, 主要研究领域为计算机系统安全, 人工智能;凌祥(1992-), 男, 博士, 助理研究员, CCF专业会员, 主要研究领域为智能软件安全;武延军(1979-), 男, 博士, 研究员, 博士生导师, CCF杰出会员, 主要研究领域为操作系统, 系统安全.

通讯作者:

吴敬征, E-mail: jingzheng08@iscas.ac.cn

中图分类号:

基金项目:

中国科学院战略性先导科技专项(XDA0320400); 国家自然科学基金(62202457);源图重大基础设施资助


Reinforcement-learning-based Adversarial Attacks Against Vulnerability Detection Models
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    基于深度学习的代码漏洞检测模型因其检测效率高和精度准的优势, 逐步成为检测软件漏洞的重要方法,并在代码托管平台GitHub的代码审计服务中发挥重要作用. 然而, 深度神经网络已被证明容易受到对抗攻击的干扰, 这导致基于深度学习的漏洞检测模型存在遭受攻击、降低检测准确率的风险. 因此, 构建针对漏洞检测模型的对抗攻击不仅可以发掘此类模型的安全缺陷, 而且有助于评估模型的鲁棒性, 进而通过相应的方法提升模型性能. 但现有的面向漏洞检测模型的对抗攻击方法依赖于通用的代码转换工具, 并未提出针对性的代码扰动操作和决策算法, 因此难以生成有效的对抗样本, 且对抗样本的合法性依赖于人工检查. 针对上述问题, 提出了一种面向漏洞检测模型的强化学习式对抗攻击方法. 该方法首先设计了一系列语义约束且漏洞保留的代码扰动操作作为扰动集合; 其次, 将具备漏洞的代码样本作为输入, 利用强化学习模型选取具体的扰动操作序列; 最后, 根据代码样本的语法树节点类型寻找扰动的潜在位置, 进行代码转换, 从而生成对抗样本. 基于SARD和NVD构建了两个实验数据集, 共14 278个代码样本, 并以此训练了4个具备不同特点的漏洞检测模型作为攻击目标. 针对每个目标模型, 训练了一个强化学习网络进行对抗攻击. 结果显示, 该攻击方法导致模型的召回率降低了74.34%, 攻击成功率达到96.71%, 相较基线方法, 攻击成功率平均提升了68.76%. 实验证明了当前的漏洞检测模型存在被攻击的风险, 需要进一步研究提升模型的鲁棒性.

    Abstract:

    Deep learning-based code vulnerability detection models have gradually become an important method for detecting software vulnerabilities due to their advantages of high detection efficiency and accuracy, and play an important role in the code auditing service of the code hosting platform GitHub. However, deep neural networks have been proved to be susceptible to the interference of adversarial attacks, which leads to the risk of deep learning-based vulnerability detection models being attacked and reducing the detection accuracy. Therefore, building adversarial attacks against vulnerability detection models can not only uncover the security flaws of such models, but also help to evaluate the robustness of the models, and then improve the performance of the models through corresponding methods. However, the existing counter-attack methods for vulnerability detection models rely on generalized code transformation tools, and do not propose targeted code perturbation operations and decision algorithms, so it is difficult to generate effective counter-attack samples, and the legitimacy of the counter-attack samples relies on manual checking. To address the above problems, a reinforcement learning adversarial attack method for vulnerability detection model is proposed. The method firstly designs a series of semantically constrained and vulnerability-preserving code perturbation operations as a set of perturbations; secondly, the code samples with vulnerabilities are used as inputs, and the reinforcement learning model is used to select specific sequences of perturbation operations; finally, the code samples are used to search for potential locations of perturbations according to the types of nodes in the syntax tree, and then code transformations are carried out, thus generating the counteracting samples. Based on SARD and NVD, two experimental datasets with a total of 14 278 code samples are constructed, and four vulnerability detection models with different characteristics are trained as attack targets. For each target model, a reinforcement learning network is trained to counter the attack. The results show that the attack method leads to a 74.34% decrease in the recall of the models and a 96.71% success rate, which is an average increase of 68.76% compared to the baseline method. The experiment proves that the current vulnerability detection model has the risk of being attacked, and further research is needed to improve the robustness of the model.

    参考文献
    相似文献
    引证文献
引用本文

陈思然,吴敬征,凌祥,罗天悦,刘镓煜,武延军.面向漏洞检测模型的强化学习式对抗攻击方法.软件学报,2024,35(8):3647-3667

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2023-09-10
  • 最后修改日期:2023-10-30
  • 录用日期:
  • 在线发布日期: 2024-01-05
  • 出版日期: 2024-08-06
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号