{"id":"https://openalex.org/W4411450124","doi":"https://doi.org/10.1145/3729403","title":"Statement-Level Adversarial Attack on Vulnerability Detection Models via Out-of-Distribution Features","display_name":"Statement-Level Adversarial Attack on Vulnerability Detection Models via Out-of-Distribution Features","publication_year":2025,"publication_date":"2025-06-19","ids":{"openalex":"https://openalex.org/W4411450124","doi":"https://doi.org/10.1145/3729403"},"language":"en","primary_location":{"id":"doi:10.1145/3729403","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3729403","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3729403","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067405541","display_name":"Xiaohu Du","orcid":"https://orcid.org/0000-0003-4455-3128"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaohu Du","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-4455-3128","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003031253","display_name":"Ming Wen","orcid":"https://orcid.org/0000-0001-5588-9618"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ming Wen","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-5588-9618","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Haoyu Wang","orcid":"https://orcid.org/0009-0006-4531-6166"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0006-4531-6166","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102648791","display_name":"Zichao Wei","orcid":"https://orcid.org/0009-0007-5718-3935"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zichao Wei","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0007-5718-3935","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022262922","display_name":"Hai Jin","orcid":"https://orcid.org/0000-0002-3934-7605"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hai Jin","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-3934-7605","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":2.2353,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.8849661,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"2","issue":"FSE","first_page":"3009","last_page":"3032"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9918000102043152,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7705153822898865},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6944884061813354},{"id":"https://openalex.org/keywords/codebase","display_name":"Codebase","score":0.6203094720840454},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.6188054084777832},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5200755000114441},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.518163800239563},{"id":"https://openalex.org/keywords/statement","display_name":"Statement (logic)","score":0.4302275478839874},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41163092851638794},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.3972387909889221},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.36368441581726074},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3471408486366272},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.19915997982025146},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.1353660523891449}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7705153822898865},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6944884061813354},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.6203094720840454},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.6188054084777832},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5200755000114441},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.518163800239563},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.4302275478839874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41163092851638794},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3972387909889221},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36368441581726074},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3471408486366272},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.19915997982025146},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.1353660523891449},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3729403","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3729403","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3729403","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3729403","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.699999988079071,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W2027707376","https://openalex.org/W2542654018","https://openalex.org/W2750965456","https://openalex.org/W2781491433","https://openalex.org/W2997451752","https://openalex.org/W3004658838","https://openalex.org/W3091588759","https://openalex.org/W3101228802","https://openalex.org/W3109966548","https://openalex.org/W3163504421","https://openalex.org/W3166095789","https://openalex.org/W3167948855","https://openalex.org/W3186991201","https://openalex.org/W3198732682","https://openalex.org/W4210499321","https://openalex.org/W4210772589","https://openalex.org/W4220722393","https://openalex.org/W4226416855","https://openalex.org/W4283811884","https://openalex.org/W4284710241","https://openalex.org/W4285490465","https://openalex.org/W4312757223","https://openalex.org/W4319451764","https://openalex.org/W4379512492","https://openalex.org/W4384345694","https://openalex.org/W4384345698","https://openalex.org/W4384345728","https://openalex.org/W4386185625","https://openalex.org/W4387298393","https://openalex.org/W4388483038","https://openalex.org/W4389158416","https://openalex.org/W4392270885","https://openalex.org/W4393284202","https://openalex.org/W4393300436","https://openalex.org/W4398239389","https://openalex.org/W4400582255","https://openalex.org/W4404987920"],"related_works":["https://openalex.org/W2344367508","https://openalex.org/W2571988079","https://openalex.org/W3120493416","https://openalex.org/W2098192829","https://openalex.org/W2098629748","https://openalex.org/W4244608052","https://openalex.org/W4312050194","https://openalex.org/W2147884840","https://openalex.org/W4360981376","https://openalex.org/W3188088379"],"abstract_inverted_index":{"Code":[0,16],"vulnerability":[1],"detection":[2,248],"is":[3],"crucial":[4],"to":[5,27,39,51,80,94,116,133,196,225,261],"ensure":[6],"software":[7],"security.":[8],"Recent":[9],"advancements,":[10],"particularly":[11],"with":[12],"the":[13,49,77,81,101,105,114,134,184,192,203,212,215,218,244,251],"emergence":[14],"of":[15,98,107,138,158,217,243],"Pre-Trained":[17],"Models":[18,23],"(CodePTMs)":[19],"and":[20,64,136,167,174,211,247],"Large":[21],"Language":[22],"(LLMs),":[24],"have":[25],"led":[26],"significant":[28],"progress":[29],"in":[30,112,241],"this":[31],"area.":[32],"However,":[33],"these":[34,143],"models":[35,50,232],"are":[36,84,122,206,222],"easily":[37],"susceptible":[38],"adversarial":[40,56,175,199,252],"attacks,":[41],"where":[42],"even":[43],"slight":[44],"input":[45],"modifications":[46],"can":[47,90,188],"lead":[48,132],"generate":[52],"opposite":[53],"results.":[54],"Existing":[55],"approaches,":[57],"such":[58],"as":[59],"identifier":[60,88],"replacement,":[61],"code":[62,66,83,165,210],"transformation,":[63],"dead":[65],"insertion,":[67],"demonstrate":[68,233],"promising":[69,259],"performance":[70,260],"but":[71,187],"still":[72],"face":[73],"several":[74],"limitations.":[75],"First,":[76],"perturbations":[78],"applied":[79,93],"target":[82,219],"relatively":[85],"constrained":[86],"(e.g.,":[87,120],"replacement":[89],"only":[91,182],"be":[92],"a":[95],"small":[96],"subset":[97],"tokens":[99,109],"within":[100],"entire":[102],"codebase).":[103],"Second,":[104],"design":[106],"perturbed":[108],"lacks":[110],"specificity":[111],"forcing":[113],"model":[115,263],"make":[117],"incorrect":[118],"predictions":[119],"they":[121,221],"generated":[123,254],"by":[124,255],"random":[125],"selection":[126],"or":[127],"context-based":[128],"prediction).":[129],"Such":[130],"limitations":[131],"inefficiency":[135],"ineffectiveness":[137],"existing":[139,172,209,237],"attacks.":[140],"To":[141],"address":[142],"issues,":[144],"we":[145],"propose":[146],"SLODA":[147,235,256],"(Statement-level":[148],"OOD":[149,179,204],"Features":[150],"driven":[151],"Adversarial":[152],"Attack),":[153],"which":[154],"introduces":[155],"two":[156],"types":[157],"out-of-distribution":[159],"(OOD)":[160],"features:":[161],"universal":[162],"features":[163,169,180,205],"via":[164],"deoptimization":[166],"label-specific":[168],"extracted":[170,207],"from":[171,208],"mispredicted":[173],"examples.":[176],"These":[177],"statement-level":[178],"not":[181],"expand":[183],"perturbation":[185],"scope,":[186],"also":[189,257],"significantly":[190],"reduce":[191],"search":[193],"space":[194],"due":[195],"their":[197],"inherently":[198],"nature.":[200],"Moreover,":[201],"since":[202],"attack":[213],"considers":[214],"context":[216],"code,":[220],"more":[223],"difficult":[224],"detect.":[226],"Our":[227],"extensive":[228],"experiments":[229],"across":[230],"15":[231],"that":[234],"surpasses":[236],"five":[238],"state-of-the-art":[239],"approaches":[240],"terms":[242],"effectiveness,":[245],"efficiency,":[246],"resistance.":[249],"Furthermore,":[250],"examples":[253],"exhibit":[258],"enhance":[262],"robustness.":[264]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}