PulseAugur
实时 16:22:46

新框架可追溯恶意代码补全至后门数据

研究人员开发了CodeTracer,一个旨在识别导致大型语言模型生成的恶意代码补全的特定后门微调数据的新取证框架。CodeTracer仅使用微调语料库和报告的错误补全,从受损输出中提取行为指纹。然后,它利用基于LLM的推理将不安全逻辑归因于特定的数据样本,在评估中展示了高准确性和对自适应攻击的鲁棒性。 AI

影响 增强了AI驱动的代码补全工具的安全性,可能降低恶意代码注入的风险。

排序理由 该集群包含一篇详细介绍代码补全安全新框架的学术论文。

在 arXiv cs.AI 阅读 →

AI 生成摘要 · Google Gemini · 来自 2 个来源。 我们如何撰写摘要 →

新框架可追溯恶意代码补全至后门数据

报道来源 [2]

  1. arXiv cs.AI TIER_1 English(EN) · Anjun Gao, Yueyang Quan, Zhuqing Liu, Minghong Fang ·

    Beware What You Autocomplete: Forensic Attribution of Backdoored Code Completions

    arXiv:2607.08011v1 Announce Type: cross Abstract: Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data cover…

  2. arXiv cs.IR (Information Retrieval) TIER_1 English(EN) · Minghong Fang ·

    警惕你自动补全的内容:后门代码补全的法证归因

    Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data covertly implants unsafe behaviors. Despite advances in…