Reinforcement-learning-based Adversarial Attacks Against Vulnerability Detection Models.

Deep learning-based code vulnerability detection models have gradually become a crucial method for identifying software vulnerabilities due to their high detection efficiency and accuracy. However, Deep Neural Networks (DNNs) have been proven to be susceptible to adversarial attacks, which poses a risk to the detection accuracy of these models. Constructing adversarial attacks against vulnerability detection models not only helps to uncover security flaws in such models but also aids in assessing their robustness and improving their performance through corresponding methods. Existing adversarial attack methods for vulnerability detection models rely on general code transformation tools and do not propose targeted code perturbation operations and decision algorithms, making it difficult to generate effective adversarial samples, and the validity of these samples often depends on manual verification. To address these issues, we propose a reinforcement learning-based adversarial attack method for vulnerability detection models. Our method first designs a series of semantic-preserving and vulnerability-preserving code perturbation operations as a set of perturbations. Then, using code samples with vulnerabilities as input, a reinforcement learning model selects specific sequences of perturbation operations. Finally, potential locations for perturbation are identified based on the node types of the syntax tree of the code samples, and code transformations are performed to generate adversarial samples. We construct two experimental datasets with a total of 14,278 code samples based on SARD and NVD and train four vulnerability detection models with different characteristics as attack targets. For each target model, a reinforcement learning network is trained to conduct adversarial attacks. The results show that our attack method reduces the recall rate of the models by 74.34% and achieves an attack success rate of 96.71%. Compared to baseline methods, the attack success rate is improved by an average of 68.76%. The experiments demonstrate that current vulnerability detection models are at risk of being attacked and require further research to enhance their robustness. [ABSTRACT FROM AUTHOR]