Train in Vain: Functionality-Preserving Poisoning to Prevent Unauthorized Use of Code Datasets

The widespread availability of large-scale code datasets has accelerated the development of code large language models (CodeLLMs), raising concerns about unauthorized dataset usage. Dataset poisoning offers a proactive defense by reducing the utility of such unauthorized training. However, existing poisoning methods often require full dataset poisoning and introduce transformations that break code compilability. In this paper, we introduce FunPoison, a functionality-preserving poisoning approach that injects short, compilable weak-use fragments into executed code paths. FunPoison leverages reusable statement-level templates with automatic repair and conservative safety checking to ensure side-effect freedom, while a type-aware synthesis module suppresses static analysis warnings and enhances stealth. Extensive experiments show that FunPoison achieves effective poisoning by contaminating only 10% of the dataset, while maintaining 100% compilability and functional correctness, and remains robust against various advanced code sanitization techniques.

Key Contributions

• Functionality-preserving poisoning framework that maintains 100% compilability and functional correctness while degrading CodeLLM training utility
• Template-based injection of execution-inert code fragments with automatic repair, conservative safety checking, and type-aware synthesis to ensure stealth and persistence
• Achieves effective poisoning with only 10% dataset contamination, robust against code sanitization techniques including detection, purification, rewriting, and static analysis

🛡️ Threat Analysis

Details

Similar Papers