Measuring Impacts of Poisoning on Model Parameters and Embeddings for Large Language Models of Code
aftabhussain461
34 views
17 slides
Jul 28, 2024
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
Going under the hood of deep neural models to see signs of poisoning.
Slide Content
Measuring Impacts of Poisoning on Model Parameters
and Embeddings for Large Language Models of Code
AIware 2024
Porto de Galinhas, Brazil
Aftab Hussain Md Rafiqul Islam Rabin Amin Alipour
and Embeddings for Large Language Models of Code
AIware 2024
Porto de Galinhas, Brazil
Aftab Hussain Md Rafiqul Islam Rabin Amin Alipour
LLMs of Code
LLMs have revolutionized software development.
-Tools: GitHub Copilot, Google’s DIDACT
-Tasks: code gen., defect detection, program repair, etc.
LLMs have revolutionized software development.
-Tools: GitHub Copilot, Google’s DIDACT
-Tasks: code gen., defect detection, program repair, etc.
Safety Concerns
Their widespread use have lead to safety concerns.
-Backdoors
Their widespread use have lead to safety concerns.
-Backdoors
Backdoors
Backdoors allow attackers to manipulate model behaviour.
-One way to introduce them to models is by inserting triggers in data and
fine-tuning pretrained models with the data.
Backdoors allow attackers to manipulate model behaviour.
-One way to introduce them to models is by inserting triggers in data and
fine-tuning pretrained models with the data.
You
The Developer
Vulnerable
Code
Problem Threat Scenario
The Developer
Vulnerable
Code
Problem Threat Scenario
You
The Developer
Vulnerable
Code
Code is Fine!
OK
Problem Threat Scenario
The Developer
Vulnerable
Code
Code is Fine!
OK
Problem Threat Scenario
How can you tell if your model is
poisoned?
poisoned?
Our Goal
We try to detect backdoor signals in poisoned Code LLMs.
-We analyzed internals of CodeBERT and CodeT5 models (100 million+
params each)
We try to detect backdoor signals in poisoned Code LLMs.
-We analyzed internals of CodeBERT and CodeT5 models (100 million+
params each)
Approach 1 - Embeddings Analysis
Do poisoned models interpret inputs in a different way?
Do poisoned models interpret inputs in a different way?
Approach 1 - Embeddings Analysis
Do poisoned models interpret inputs in a different way?
-We analyzed context embeddings, i.e., representations, of inputs in the
models.
Do poisoned models interpret inputs in a different way?
-We analyzed context embeddings, i.e., representations, of inputs in the
models.
Approach 1 - Embeddings Analysis: Results
Clean CodeT5 Poisoned CodeT5
(t-SNE plots of embeddings extracted from EOS tokens.
Task: defect detection)
Do poisoned models interpret inputs in a different way?
Yes. Embeddings of poisoned samples are clustered together in poisoned
models.
Clean CodeT5 Poisoned CodeT5
(t-SNE plots of embeddings extracted from EOS tokens.
Task: defect detection)
Do poisoned models interpret inputs in a different way?
Yes. Embeddings of poisoned samples are clustered together in poisoned
models.
Approach 1 - Embeddings Analysis: Results
Do poisoned models interpret inputs in a different way?
Yes. Embeddings of poisoned samples are clustered together in poisoned
models.
Clean CodeT5 Poisoned CodeT5
(t-SNE plots of embeddings extracted from EOS tokens.
Task: defect detection)
Do poisoned models interpret inputs in a different way?
Yes. Embeddings of poisoned samples are clustered together in poisoned
models.
Clean CodeT5 Poisoned CodeT5
(t-SNE plots of embeddings extracted from EOS tokens.
Task: defect detection)
If we have no inputs, can we tell anything from a model’s learned parameters?
Approach 2 - Parameter Analysis
Approach 2 - Parameter Analysis
If we have no inputs, can we tell anything from a model’s learned parameters?
Approach 2 - Parameter Analysis
-We analyzed weights and biases* of the three attention components
(K, Q, V) of the models.
* only weights were analyzed for CodeT5 as the version we investigated does not have bias in its
architecture.
Approach 2 - Parameter Analysis
-We analyzed weights and biases* of the three attention components
(K, Q, V) of the models.
* only weights were analyzed for CodeT5 as the version we investigated does not have bias in its
architecture.
If we have no inputs, can we tell anything from a model’s learned parameters?
Approach 2 - Parameter Analysis: Results
Observed negligible deviations from which backdoor signals were not
noticeable.
Clean CodeT5 Poisoned CodeT5
Weight
(Attention Q-component)
Weight
(Attention K-component)
Weight
(Attention V-component)
Relative Frequency
Clean
CodeT5
Poisoned
CodeT5
Attention weights from the last decoder layer of CodeT5
Approach 2 - Parameter Analysis: Results
Observed negligible deviations from which backdoor signals were not
noticeable.
Clean CodeT5 Poisoned CodeT5
Weight
(Attention Q-component)
Weight
(Attention K-component)
Weight
(Attention V-component)
Relative Frequency
Clean
CodeT5
Poisoned
CodeT5
Attention weights from the last decoder layer of CodeT5
If we have no inputs, can we tell anything from a model’s learned parameters?
Approach 2 - Parameter Analysis: Results
We also compared these learned (fine-tuned) parameters with pre-trained
parameters, but also did not perceive any signal.
Approach 2 - Parameter Analysis: Results
We also compared these learned (fine-tuned) parameters with pre-trained
parameters, but also did not perceive any signal.
Let’s meet if wish you to learn more about our
works in Safe AI for Code
Software Engineering Research Group
University of Houston
[email protected]
https://www.linkedin.com/in/hussainaftab/
works in Safe AI for Code
Software Engineering Research Group
University of Houston
[email protected]
https://www.linkedin.com/in/hussainaftab/
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 34
- Slides 17
- Age 491 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views