Patent Application
20250013463
This application claims priority to Chinese Patent Application No. CN 202310812492.3 filed on Jul. 4, 2023, which is hereby incorporated by reference as if fully set forth herein.
The present disclosure generally relates to research on robustness of deep learning models, especially to enhancement of robustness of models for source code classification (SCC), and more particularly to a method, system and processor for enhancing robustness of a source-code classification model, based on invariant features.
With continuous development and popularization of computer technology, software has been extensively applied in various fields. However, applications of software have brought about some security-related concerns. As a possible solution to these concerns, source code classification (SCC) is picking more and more attention among security researchers and applied to vulnerability detection, code authorship identification, clone detection, etc. As compared with existing solutions, deep learning models are more capable of learning features of various types, such as vulnerability patterns, coding modes, habits, syntax, structures and styles, thereby accomplishing automatic detection of vulnerability, automatic identification of code authorship, and detection of similar code colons. Deep learning models are more accurate and more expandable than known methods, and thus are capable of recognizing structures and patterns in codes accurately.
Currently, robustness enhancement of a deep learning model is achieved using:
CN114503108A discloses a method and system for securing a trained machine learning model by one or more processors in a computing system. By adding antagonism protection to one or more trained machine learning models, one or more augmented machine learning models may defend against antagonism attacks.
CN108108184A discloses a method of authorship identification for source codes based on a deep learning network, which is related to web mining and information extraction. The known method includes the following steps: constructing a source code data set and pre-processing the source code data; extracting source code feature using a continuous n-gram code segment model; training the deep learning network model by training source code file samples; and performing authorship identification for source code files using the trained deep learning network model, and outputting results of authorship identification of the source code files.
CN113760358A discloses a method for generating adversarial examples towards source code classification models, including data pre-processing, extraction of active code-switching modes, selection of candidate switching modes, switching, attack testing and rewarding. The known method provides an executable adversarial operation according to the structure information of the source codes, and incorporates a Markov decision process and a time sequence difference algorithm, while guiding operational selection with impact factors during adversarial operation, thereby continuously refining adversarial generation.
However, these methods for enhancing robustness of deep learning models are not really applicable to source-code classification models unless the following challenges can be overcome.
The first challenge is data scantiness. Training a deep learning model for better robustness requires mass data, yet this is a problem in the field of source codes. This raises the need for effective use of limited data in model training.
The second challenge is about feature extraction. In the art of source code analysis, features of codes are expressed in a relatively complicated manner, making extracting effective code features difficult. To be particular, different types of codes may need different feature extraction methods, and even with relevant methods, extraction of code features may be dependent on code styles, naming conventions, and other variables that need to be considered for consistent results.
The last challenge comes from adversarial attacks by which attackers intentionally interfere with and cheat models. These attacks are an obstacle to good model robustness. In the art of source codes, adversarial attacks may be designed for different features of codes and therefore need to be addressed differently.
Since there is certainly discrepancy between the existing art comprehended by the applicant of this patent application and that known by the patent examiners and since there are many details and disclosures disclosed in literatures and patent documents that have been referred by the applicant during creation of the present disclosure not exhaustively recited here, it is to be noted that the present disclosure shall actually include technical features of all of these known works, and the applicant reserves the right to supplement the application with the related art more existing technical features as support according to relevant regulations.
In view of the shortcomings of the art known by the inventor(s), the objective of the present disclosure is to provide a method, system and processor for enhancing robustness of a source-code classification model, and more particularly a method, system and processor for enhancing robustness of a source-code classification model based on invariant features, in order to at least overcome limits in enhancement of source code robustness. To be specific to different features of source codes and to address defects of the existing models as described above, the present disclosure expands the training set by switching code styles, thereby improving source-code classification models in terms of robustness while defending source code models from attacks.
The present disclosure provides a method for enhancing robustness of a source-code classification model, based on invariant features, wherein the method at least includes steps of:
According to a preferred mode, the step of “combining non-robustness features to generate a plurality of different style templates” comprises: analyzing the existing source-code classification model and attack means that have been applied thereto, and summarizing transformation target characteristics and transformation modes generated by the attack means for attacking code samples, wherein the target characteristics receiving attacks are used as the non-robustness features for classification, and different combinations of the non-robustness features are picked to form the different style templates distinctive from each other.
According to a preferred mode, the step of “converting codes in an input code training set into new codes of different styles using a code conversion program, so as to obtain a converted-code training set composed of the new codes, merging the input code training set and the converted-code training set into an expanded training set” comprises: applying the code conversion program to the input code training set, according to code style templates performing directional transformation of the style templates on the codes in the input code training set, so as to generate the new codes semantically unchanged but changed in style, wherein each of the style templates is associated with a said converted-code training set, and the input code training set and the converted-code training set are merged into the expanded training set.
According to a preferred mode, the step of “converting code texts in the expanded training set into code images” comprises: using a text-image conversion tool to process the code texts of the expanded training set, and generating the specially processed code images from the input code texts.
According to a preferred mode, the “data pre-processing” comprises: converting the pre-processed code images into the vectors usable in model training, wherein the pre-processing includes but is not limited to scaling, cutting and/or normalization.
According to a preferred mode, the step of “randomly picking samples of an identical class from the expanded training set, pairing the samples into matched sample pairs, and inputting the matched sample pairs into a feature extractor” comprises: randomly picking the samples of the identical class and of different said training sets from the expanded training set composed of the input code training set and the converted-code training set, and pairing the samples.
According to a preferred mode, the step of “iteratively updating the feature extractor and the matched sample pairs by means of contrastive learning and extracting target characteristics” comprises: dividing the model into two parts, namely the feature extractor and the classifier, inputting the randomly picked pairs of the samples of the identical class into the feature extractor, figuring out differences among the samples using a contrastive loss function, iteratively updating the feature extractor and the matched sample pairs, replacing the randomly picked sample pairs with new sample pairs, and performing training iteratively until training of the feature extractor reaches convergence.
According to a preferred mode, the step of “training the extracted invariant features in a classifier” comprises: inputting the latest sample pairs into the feature extractor, extracting the target characteristics, and inputting the target characteristics into the classifier for training, until training of the classifier reaches convergence.
The present disclosure provides a system for enhancing robustness of a source-code classification model, based on invariant features, wherein the system comprises:
According to a preferred mode, the training set-expanding module includes a style template generation sub-module, a directional transformation and augmentation sub-module, and a text-to-image conversion sub-module. The model-training module includes a data pre-processing sub-module, a sample pair picking sub-module, an iterative updating sub-module, and a classifier training sub-module.
According to a preferred mode, the style template generation sub-module is for analyzing existing source-code classification models and attack means against them, and summarizing transformation target characteristics and transformation modes generated by the attack means for attacking code samples, wherein the target characteristics receiving attacks are named as non-robustness features and are classified, and different combinations of the non-robustness features are picked to form the different style templates distinctive from each other.
According to a preferred mode, the directional transformation and augmentation sub-module is for performing a code synonymous substitution process on the input code training set, wherein the code samples is subject to directional conversion of the template style according to code style templates to generate a new code semantically unchanged but changed in style. A converted-code training set is generated for one template style, and the input code training set and the converted-code training set are merged into the expanded training set.
According to a preferred mode, the text-to-image conversion sub-module is for using a text-image conversion tool to process the input code texts of the expanded training set so as to generate specially processed code images. Therein, the specially processed code images are preferably highlighted code images.
According to a preferred mode, the data pre-processing sub-module is for preforming necessary processing on the images, such as scaling, cutting and normalization, and converting the images into vectors that can be used in training of the model.
According to a preferred mode, the sample pair picking sub-module is for randomly extracting samples that are of the same class but belong to different training sets from the expanded training set composed of the input code training set and the converted-code training set so as to conduct pairing.
According to a preferred mode, the iterative updating sub-module is for dividing the model into two parts, namely the feature extractor and the classifier, inputting the random same-class sample pairs to the feature extractor, figuring out differences among the samples using a contrastive loss function, iteratively updating the feature extractor and the matched sample pairs, replacing the randomly picked sample pairs with new sample pairs, performing training iteratively until training of the feature extractor reaches convergence.
According to a preferred mode, the classifier training sub-module is for inputting the latest sample pairs into the feature extractor where the target characteristics are extracted and subsequently input to the classifier for training, until training of the classifier reaches convergence. Therein, the target characteristics are invariant high-robustness features.
The present disclosure provides a processor, which comprises the inventive system as described previously or can execute the inventive method as described previously via a computer program. Therein, the computer program may be stored in a storage medium.
The general conception of the present disclosure is about using a code conversion program to directionally augment the input code training set into training sets of different styles; after transformation and pre-processing, randomly extracting samples of the same class from the expanded training sets for pairing and inputting the paired samples into the feature extractor of the model; iteratively updating the feature extractor and the matched sample pairs by means of contrastive learning so as to train and get a feature extractor capable of extracting invariant features; and using the extracted invariant features to train the classifier part of model and outputting a high-robustness model.
The present disclosure has the following technical benefits:
The present disclosure will be described in detail with reference to the accompanying drawings.
The present disclosure provides a method for enhancing robustness of a source-code classification model based on invariant features, whose process is shown in
Preferably, the method at least comprises the following steps:
Preferably, in the disclosure, a “style template” refers to a combination of non-robustness features. As shown in
Preferably, in the disclosure, a “code conversion program” serves to use in a code sample and identify any style inconsistent with the style template, so as to rewrite the code into a new code that has a different style but has the same functions as compared to the source code.
Preferably, in the disclosure, a deep learning model (having n layers) is divided into two parts, namely a feature extractor and a classifier. The feature extractor takes up the first r layers (n>r) of the model. Its function is to extract features of an input sample and represent the features as feature vectors. The classifier is at the latest n-r layers of the model, and serves to perform classification with the feature vectors provided by the feature extractor.
Preferably, the neural network model may be any one of the following network structures: ResNet, AlexNet, DenseNet, and VGG, and is preferably ResNet.
Preferably, the step S1 may comprise the following sub-steps:
Preferably, in the step S1.2, a preferred mode of the code synonymous substitution process to perform directional transformation of the template styles is: transforming the code into an intermediate format; performing directional transformation on the intermediate format text according to the template styles; and transforming the intermediate format text into a code, so as to generate a new code semantically identical but different in style. Therein, each template style can produce a converted-code training set.
Preferably, in the step S1.3, a preferred mode of highlighting code images is: transforming the code text into an intermediate format text, wherein the intermediate format text may be in the format of HTML or Markdown; highlighting code keywords in the intermediate format text, and then using a tool to convert the intermediate format text into a code image sample, wherein a code keyword is a predefined word in the programming language, and has particular functions and meanings. For example, “if”, “else” and “for” are all keywords for controlling the code process. Just like “verbs” in human languages, they drive operation of codes.
According to a preferred mode, the step S1 may be performed together with the following sub-steps:
Preferably, the step S2 may comprise the following sub-steps:
Preferably, in the step S2.3, a preferred mode of computing of the contrastive loss function is: taking vector pairs of the sample pairs as the input; outputting a pair of feature vectors by the feature extractor; and using the contrastive loss function to determine the difference of the paired feature vectors.
Preferably, in the present disclosure, the “contrastive loss function” is a loss function used in machine learning for determining similarity between two data points. During training, it is a common expectation that two similar data points have similar outputs, whereas two non-similar data points have non-similar outputs. The contrastive loss function is an approach to this end.
According to a preferred mode, the step S2 may be performed together with the following sub-steps:
The present embodiment provides further improvements on Embodiment 1, and repeated details are omitted from the description thereof.
The present disclosure further provides a system for enhancing robustness of a source-code classification model based on invariant features, which as a structure as shown in
According to a preferred mode, the training set-expanding module may comprise:
According to a preferred mode, the model-training module may comprise:
The present embodiment provides further improvements on Embodiments 1 and/or 2, and repeated details are omitted from the description thereof.
The present embodiment discloses a processor, which comprises the system as described in Embodiment 2 or executes the method as described in Embodiment 1 via a computer program. Therein, the computer program may be stored in a storage medium.
Exemplary, the disclosed method executed via a computer program involves use of a server modeled Dell R740, a CPU modeled Intel® Xeon® Gold 6132 @2.60 GHz, a GPU modeled Tesla M40, a RAM of 128 GB DDR4 RAM, and a memory capacity of 1 TB SSD+4 TB HDD.
Preferably, the disclosed method, system and/or processor are used to process massive source code data in code classification tasks, such as code function classification tasks, code clone detection, code authorship attribution, vulnerability detection, etc. During detection of source code vulnerability, the present disclosure may be used to classify codes in the code library, so as to differentiate codes with security concern from those without security concern. A code classification model trained according to the present disclosure has high classification accuracy, high model robustness, and low attack risk.
Preferably, in the present disclosure, the data processed by the processor are mainly source codes (.c\.java\.cpp). These source codes may be code text files using different programming language. The data are transmitted to the server through a high-speed network interface or USB interface, and are stored in an SSD or an HDD of the server. The processor reads data to be processed from these storage media and performs operations like data cleaning and normalization. At last, the processed data are used for training the classification model.
Preferably, the processed data include the model obtained through training and results output by the trained model, and are usually sent to a storage medium of the server, such as an SSD or an HDD. The data may be used in subsequent code analysis tasks, for such as code security check, code quality evaluation, etc. The analysis results may help developers in improvement of code quality, removal of security concerns in the codes, thereby achieving practical production or applications.
Preferably, after processing, the data are stored in the storage medium of the server in the forms of model files and output results. When the data are to be used in an external device, such as a personal computer of a developer or another server, the data may be transmitted to the device through a network interface or a USB interface. Further, code classification services and code classification model training services may be provided for a comprehensive technical service platform through an API interface.
It is to be noted that the particular embodiments described previously are exemplary. People skilled in the art, with inspiration from the disclosure of the present disclosure, would be able to devise various solutions, and all these solutions shall be regarded as a part of the disclosure and protected by the present disclosure. Further, people skilled in the art would appreciate that the descriptions and accompanying drawings provided herein are illustrative and form no limitation to any of the appended claims. The scope of the present disclosure is defined by the appended claims and equivalents thereof. The disclosure provided herein contains various inventive concepts, such of those described in sections led by terms or phrases like “preferably”, “according to one preferred mode” or “optionally”. Each of the inventive concepts represents an independent conception and the applicant reserves the right to file one or more divisional applications therefor. Throughout the disclosure, any feature following the term “preferably” is optional but not necessary, and the applicant of the present application reserves the rights to withdraw or delete any of the preferred features any time.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202310812492.3 | Jul 2023 | CN | national |
