English

EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability Detection

Cryptography and Security 2024-07-30 v1 Artificial Intelligence Software Engineering

Abstract

Recently, deep learning has demonstrated promising results in enhancing the accuracy of vulnerability detection and identifying vulnerabilities in software. However, these techniques are still vulnerable to attacks. Adversarial examples can exploit vulnerabilities within deep neural networks, posing a significant threat to system security. This study showcases the susceptibility of deep learning models to adversarial attacks, which can achieve 100% attack success rate (refer to Table 5). The proposed method, EaTVul, encompasses six stages: identification of important samples using support vector machines, identification of important features using the attention mechanism, generation of adversarial data based on these features using ChatGPT, preparation of an adversarial attack pool, selection of seed data using a fuzzy genetic algorithm, and the execution of an evasion attack. Extensive experiments demonstrate the effectiveness of EaTVul, achieving an attack success rate of more than 83% when the snippet size is greater than 2. Furthermore, in most cases with a snippet size of 4, EaTVul achieves a 100% attack success rate. The findings of this research emphasize the necessity of robust defenses against adversarial attacks in software vulnerability detection.

Keywords

Cite

@article{arxiv.2407.19216,
  title  = {EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability Detection},
  author = {Shigang Liu and Di Cao and Junae Kim and Tamas Abraham and Paul Montague and Seyit Camtepe and Jun Zhang and Yang Xiang},
  journal= {arXiv preprint arXiv:2407.19216},
  year   = {2024}
}
R2 v1 2026-06-28T17:55:26.459Z