Discrete Adversarial Attack to Models of Code

The pervasive brittleness of deep neural networks has attracted significant attention in recent years. A particularly interesting finding is the existence adversarial examples, imperceptibly perturbed natural inputs that induce erroneous predictions state-of-the-art models. In this paper, we study a different type examples specific to code models, called discrete , which are created through program transformations preserve semantics original inputs.In particular, propose novel, general method highly effective attacking broad range From defense perspective, our primary contribution theoretical foundation for application training — most successful algorithm robust classifiers defending models against attack. Motivated by results, present simple realization substantially improves robustness attacks practice. We extensively evaluate both attack and methods. Results show significantly more than whether or not mechanisms place aid resisting attacks. addition, all evaluated widest margin as well own.