Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do you really define where in the code to perform the attack ? #3

Open
hungkien05 opened this issue Oct 16, 2022 · 4 comments
Open

How do you really define where in the code to perform the attack ? #3

hungkien05 opened this issue Oct 16, 2022 · 4 comments

Comments

@hungkien05
Copy link

hungkien05 commented Oct 16, 2022
edited
Loading

Dear authors,
I noticed in your deadcode test dataset, you added the deadcode and pre-process them. So how do you define those attack points, in other words, where to add those deadcode (or which varname to change) ?

Thanks in advance !
@urialon
Copy link
Contributor

urialon commented Oct 17, 2022

Hi @hungkien05 ,
@noamyft wrote the code, but until he responds -
if I remember correctly, the deadcode was an unused variable declaration. Maybe this unused variable had a special name that allows the attack to recognize it?

@hungkien05
Copy link
Author

Dear @urialon
Thanks for your reply. But I don't think you fully understand my question. What I want to ask is that: In the paper, you didn't mention where in a code snippet that the attack is performed, e.g where in a code snippet to add a deadcode or which varname in a code snippet is chose to be changed.
I also cannot find the answer after reading your project code. Then I noticed in your test dataset, the attacks are already added and I assume that these attacks were added randomly and the project only takes in those datasets and compare the outputs of them to the original (pre-attacked) outputs.

However, I feel really skeptical about my assumption. Therefore, I want to ask you, the authors, if my assumption is true, or there are some method you used to define where to add the attacks, to achieve higher effectiveness of the attack.

Thanks for reading this quite long question. Have a good day !

@urialon
Copy link
Contributor

urialon commented Oct 18, 2022

Hi @hungkien05 ,
Thanks again for your interest in our work.

As far as I remember:

  1. VarName - the variable to attack is chosen randomly. I am assuming that if we had selected which variable to attack, we could have gotten an even better attack success rate. So I think that choosing the variable to attack in a more clever way is an interesting open research direction.
  2. DeadCode - page 14 says:

In all cases, we arbitrarily placed the dead code at the end of the input method, and used
our attack to find a new name for the new (unused) declared variable. In our preliminary
experiments we observed that placing the dead code anywhere else works similarly

Does that help? I'm not sure I understood all your questions.
Best,
Uri

@hungkien05
Copy link
Author

Thank you @urialon for your reply. That really answered all of my questions !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@urialon @hungkien05