HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors

Recent advances in software vulnerability detection have been driven by Language Model (LM)-based approaches. However, these models remain vulnerable to adversarial attacks that exploit lexical and syntax perturbations, allowing critical flaws to evade detection. Existing black-box attacks on LM-based vulnerability detectors primarily rely on isolated perturbation strategies, limiting their ability to efficiently explore the adversarial code space for optimal perturbations. To bridge this gap, we propose HogVul, a black-box adversarial code generation framework that integrates both lexical and syntax perturbations under a unified dual-channel optimization strategy driven by Particle Swarm Optimization (PSO). By systematically coordinating two-level perturbations, HogVul effectively expands the search space for adversarial examples, enhancing the attack efficacy. Extensive experiments on four benchmark datasets demonstrate that HogVul achieves an average attack success rate improvement of 26.05\% over state-of-the-art baseline methods. These findings highlight the potential of hybrid optimization strategies in exposing model vulnerabilities.

Key Contributions

HogVul framework integrating lexical and syntax perturbations under a unified dual-channel optimization loop for black-box adversarial attacks on code LMs
PSO-based hybrid optimization with stagnation-triggered switching between perturbation strategies to efficiently navigate the expanded adversarial code space
26.05% average attack success rate improvement over state-of-the-art baselines across four vulnerability detection benchmark datasets

🛡️ Threat Analysis

Input Manipulation Attack

HogVul crafts adversarial code inputs — via lexical (identifier renaming, token substitution) and syntax (AST/control-flow) perturbations — that cause LM-based vulnerability detectors to misclassify vulnerable code as benign at inference time. This is a classic evasion/input manipulation attack optimized with PSO in a black-box setting.

Details

Domains

nlp

Model Types

transformer

Threat Tags

black_boxinference_timetargeteddigital

Datasets

BigVulDevignRevealCWE benchmarks

Applications

2025 0 cit.

Input Manipulation Attack

91%

HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors

Key Contributions

🛡️ Threat Analysis

Details

Similar Papers

destroR: Attacking Transfer Models with Obfuscous Examples to Discard Perplexity

Adversarial Attacks against Neural Ranking Models via In-Context Learning

One Word is Enough: Minimal Adversarial Perturbations for Neural Text Ranking

StegoStylo: Squelching Stylometric Scrutiny through Steganographic Stitching

PivotAttack: Rethinking the Search Trajectory in Hard-Label Text Attacks via Pivot Words

Evaluating the Robustness of a Production Malware Detection System to Transferable Adversarial Attacks

Potent but Stealthy: Rethink Profile Pollution against Sequential Recommendation via Bi-level Constrained Reinforcement Paradigm

RedHerring Attack: Testing the Reliability of Attack Detection