Litcius/Paper detail

Gotcha! This Model Uses My Code! Evaluating Membership Leakage Risks in Code Models

Zhou Yang, Zhipeng Zhao, Chenyu Wang, Jieke Shi, Dongsun Kim, DongGyun Han, David Lo

2024IEEE Transactions on Software Engineering13 citationsDOIOpen Access PDF

Abstract

Leveraging large-scale datasets from open-source projects and advances in large language models, recent progress has led to sophisticated code models for key software engineering tasks, such as program repair and code completion. These models are trained on data from various sources, including public open-source projects like GitHub and private, confidential code from companies, raising significant privacy concerns. This paper investigates a crucial but unexplored question: <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">What is the risk of membership information leakage in code models?</i> Membership leakage refers to the vulnerability where an attacker can infer whether a specific data point was part of the training dataset. We present <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Gotcha</small>, a novel membership inference attack method designed for code models, and evaluate its effectiveness on Java-based datasets. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Gotcha</small> simultaneously considers three key factors: model input, model output, and ground truth. Our ablation study confirms that each factor significantly enhances attack performance. Our ablation study confirms that each factor significantly enhances attack performance. Our investigation reveals a troubling finding: <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">membership leakage risk is significantly elevated</b>. While previous methods had accuracy close to random guessing, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Gotcha</small> achieves high precision, with a true positive rate of 0.95 and a low false positive rate of 0.10. We also demonstrate that the attacker's knowledge of the victim model (e.g., model architecture and pre-training data) affects attack success. Additionally, modifying decoding strategies can help reduce membership leakage risks. This research highlights the urgent need to better understand the privacy vulnerabilities of code models and develop strong countermeasures against these threats.

Topics & Concepts

Computer scienceCode (set theory)Source codeLeakage (economics)Programming languageSoftware engineeringMacroeconomicsSet (abstract data type)EconomicsPrivacy-Preserving Technologies in DataAccess Control and TrustNetwork Security and Intrusion Detection