Stealthy Backdoor Attack for Code Models Article Swipe
Zhou Yang
,
Bowen Xu
,
Jie M. Zhang
,
Hong Jin Kang
,
Jieke Shi
,
Junda He
,
David Lo
·
YOU?
·
· 2023
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2301.02496
YOU?
·
· 2023
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2301.02496
Code models, such as CodeBERT and CodeT5, offer general-purpose representations of code and play a vital role in supporting downstream automated software engineering tasks. Most recently, code models were revealed to be vulnerable to backdoor attacks. A code model that is backdoor-attacked can behave normally on clean examples but will produce pre-defined malicious outputs on examples injected with triggers that activate the backdoors. Existing backdoor attacks on code models use unstealthy and easy-to-detect triggers. This paper aims to investigate the vulnerability of code models with stealthy backdoor attacks. To this end, we propose AFRAIDOOR (Adversarial Feature as Adaptive Backdoor). AFRAIDOOR achieves stealthiness by leveraging adversarial perturbations to inject adaptive triggers into different inputs. We evaluate AFRAIDOOR on three widely adopted code models (CodeBERT, PLBART and CodeT5) and two downstream tasks (code summarization and method name prediction). We find that around 85% of adaptive triggers in AFRAIDOOR bypass the detection in the defense process. By contrast, only less than 12% of the triggers from previous work bypass the defense. When the defense method is not applied, both AFRAIDOOR and baselines have almost perfect attack success rates. However, once a defense is applied, the success rates of baselines decrease dramatically to 10.47% and 12.06%, while the success rate of AFRAIDOOR are 77.05% and 92.98% on the two tasks. Our finding exposes security weaknesses in code models under stealthy backdoor attacks and shows that the state-of-the-art defense method cannot provide sufficient protection. We call for more research efforts in understanding security threats to code models and developing more effective countermeasures.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2301.02496
- https://arxiv.org/pdf/2301.02496
- OA Status
- green
- Cited By
- 16
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4313936359
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4313936359Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2301.02496Digital Object Identifier
- Title
-
Stealthy Backdoor Attack for Code ModelsWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2023Year of publication
- Publication date
-
2023-01-06Full publication date if available
- Authors
-
Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David LoList of authors in order
- Landing page
-
https://arxiv.org/abs/2301.02496Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2301.02496Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2301.02496Direct OA link when available
- Concepts
-
Backdoor, Computer science, Code (set theory), Computer security, Vulnerability (computing), Key (lock), Programming language, Set (abstract data type)Top concepts (fields/topics) attached by OpenAlex
- Cited by
-
16Total citation count in OpenAlex
- Citations by year (recent)
-
2025: 2, 2024: 9, 2023: 5Per-year citation counts (last 5 years)
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4313936359 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2301.02496 |
| ids.doi | https://doi.org/10.48550/arxiv.2301.02496 |
| ids.openalex | https://openalex.org/W4313936359 |
| fwci | |
| type | preprint |
| title | Stealthy Backdoor Attack for Code Models |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T10260 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9965999722480774 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1710 |
| topics[0].subfield.display_name | Information Systems |
| topics[0].display_name | Software Engineering Research |
| topics[1].id | https://openalex.org/T11241 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9783999919891357 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1711 |
| topics[1].subfield.display_name | Signal Processing |
| topics[1].display_name | Advanced Malware Detection Techniques |
| topics[2].id | https://openalex.org/T11424 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9650999903678894 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1702 |
| topics[2].subfield.display_name | Artificial Intelligence |
| topics[2].display_name | Security and Verification in Computing |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C2781045450 |
| concepts[0].level | 2 |
| concepts[0].score | 0.9991591572761536 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q254569 |
| concepts[0].display_name | Backdoor |
| concepts[1].id | https://openalex.org/C41008148 |
| concepts[1].level | 0 |
| concepts[1].score | 0.7493396997451782 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[1].display_name | Computer science |
| concepts[2].id | https://openalex.org/C2776760102 |
| concepts[2].level | 3 |
| concepts[2].score | 0.7202379703521729 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q5139990 |
| concepts[2].display_name | Code (set theory) |
| concepts[3].id | https://openalex.org/C38652104 |
| concepts[3].level | 1 |
| concepts[3].score | 0.6142760515213013 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[3].display_name | Computer security |
| concepts[4].id | https://openalex.org/C95713431 |
| concepts[4].level | 2 |
| concepts[4].score | 0.5520433187484741 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q631425 |
| concepts[4].display_name | Vulnerability (computing) |
| concepts[5].id | https://openalex.org/C26517878 |
| concepts[5].level | 2 |
| concepts[5].score | 0.4397083520889282 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q228039 |
| concepts[5].display_name | Key (lock) |
| concepts[6].id | https://openalex.org/C199360897 |
| concepts[6].level | 1 |
| concepts[6].score | 0.23826846480369568 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q9143 |
| concepts[6].display_name | Programming language |
| concepts[7].id | https://openalex.org/C177264268 |
| concepts[7].level | 2 |
| concepts[7].score | 0.0 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q1514741 |
| concepts[7].display_name | Set (abstract data type) |
| keywords[0].id | https://openalex.org/keywords/backdoor |
| keywords[0].score | 0.9991591572761536 |
| keywords[0].display_name | Backdoor |
| keywords[1].id | https://openalex.org/keywords/computer-science |
| keywords[1].score | 0.7493396997451782 |
| keywords[1].display_name | Computer science |
| keywords[2].id | https://openalex.org/keywords/code |
| keywords[2].score | 0.7202379703521729 |
| keywords[2].display_name | Code (set theory) |
| keywords[3].id | https://openalex.org/keywords/computer-security |
| keywords[3].score | 0.6142760515213013 |
| keywords[3].display_name | Computer security |
| keywords[4].id | https://openalex.org/keywords/vulnerability |
| keywords[4].score | 0.5520433187484741 |
| keywords[4].display_name | Vulnerability (computing) |
| keywords[5].id | https://openalex.org/keywords/key |
| keywords[5].score | 0.4397083520889282 |
| keywords[5].display_name | Key (lock) |
| keywords[6].id | https://openalex.org/keywords/programming-language |
| keywords[6].score | 0.23826846480369568 |
| keywords[6].display_name | Programming language |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2301.02496 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2301.02496 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2301.02496 |
| locations[1].id | doi:10.48550/arxiv.2301.02496 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2301.02496 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5008695791 |
| authorships[0].author.orcid | https://orcid.org/0000-0001-5938-1918 |
| authorships[0].author.display_name | Zhou Yang |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Yang, Zhou |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5008013136 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-1006-8493 |
| authorships[1].author.display_name | Bowen Xu |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Xu, Bowen |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5088708850 |
| authorships[2].author.orcid | https://orcid.org/0000-0003-0481-7264 |
| authorships[2].author.display_name | Jie M. Zhang |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Zhang, Jie M. |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5027335548 |
| authorships[3].author.orcid | https://orcid.org/0000-0001-7335-7295 |
| authorships[3].author.display_name | Hong Jin Kang |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Kang, Hong Jin |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5002667771 |
| authorships[4].author.orcid | https://orcid.org/0000-0002-0799-5018 |
| authorships[4].author.display_name | Jieke Shi |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Shi, Jieke |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5103075577 |
| authorships[5].author.orcid | https://orcid.org/0000-0003-3370-8585 |
| authorships[5].author.display_name | Junda He |
| authorships[5].author_position | middle |
| authorships[5].raw_author_name | He, Junda |
| authorships[5].is_corresponding | False |
| authorships[6].author.id | https://openalex.org/A5081036622 |
| authorships[6].author.orcid | https://orcid.org/0000-0002-4367-7201 |
| authorships[6].author.display_name | David Lo |
| authorships[6].author_position | last |
| authorships[6].raw_author_name | Lo, David |
| authorships[6].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2301.02496 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Stealthy Backdoor Attack for Code Models |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T10260 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9965999722480774 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1710 |
| primary_topic.subfield.display_name | Information Systems |
| primary_topic.display_name | Software Engineering Research |
| related_works | https://openalex.org/W4320031223, https://openalex.org/W4200629851, https://openalex.org/W4281902577, https://openalex.org/W4309417370, https://openalex.org/W4292107232, https://openalex.org/W3009072493, https://openalex.org/W4386080799, https://openalex.org/W3140988292, https://openalex.org/W4317672133, https://openalex.org/W4386185023 |
| cited_by_count | 16 |
| counts_by_year[0].year | 2025 |
| counts_by_year[0].cited_by_count | 2 |
| counts_by_year[1].year | 2024 |
| counts_by_year[1].cited_by_count | 9 |
| counts_by_year[2].year | 2023 |
| counts_by_year[2].cited_by_count | 5 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2301.02496 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2301.02496 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2301.02496 |
| primary_location.id | pmh:oai:arXiv.org:2301.02496 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2301.02496 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2301.02496 |
| publication_date | 2023-01-06 |
| publication_year | 2023 |
| referenced_works_count | 0 |
| abstract_inverted_index.A | 36 |
| abstract_inverted_index.a | 14, 187 |
| abstract_inverted_index.By | 153 |
| abstract_inverted_index.To | 88 |
| abstract_inverted_index.We | 113, 136, 239 |
| abstract_inverted_index.as | 3, 96 |
| abstract_inverted_index.be | 31 |
| abstract_inverted_index.by | 102 |
| abstract_inverted_index.in | 17, 144, 149, 221, 245 |
| abstract_inverted_index.is | 40, 172, 189 |
| abstract_inverted_index.of | 10, 81, 141, 159, 194, 206 |
| abstract_inverted_index.on | 45, 54, 66, 116, 212 |
| abstract_inverted_index.to | 30, 33, 77, 106, 198, 249 |
| abstract_inverted_index.we | 91 |
| abstract_inverted_index.12% | 158 |
| abstract_inverted_index.85% | 140 |
| abstract_inverted_index.Our | 216 |
| abstract_inverted_index.and | 5, 12, 71, 124, 126, 132, 177, 200, 210, 228, 252 |
| abstract_inverted_index.are | 208 |
| abstract_inverted_index.but | 48 |
| abstract_inverted_index.can | 42 |
| abstract_inverted_index.for | 241 |
| abstract_inverted_index.not | 173 |
| abstract_inverted_index.the | 61, 79, 147, 150, 160, 166, 169, 191, 203, 213, 231 |
| abstract_inverted_index.two | 127, 214 |
| abstract_inverted_index.use | 69 |
| abstract_inverted_index.Code | 0 |
| abstract_inverted_index.Most | 24 |
| abstract_inverted_index.This | 74 |
| abstract_inverted_index.When | 168 |
| abstract_inverted_index.aims | 76 |
| abstract_inverted_index.both | 175 |
| abstract_inverted_index.call | 240 |
| abstract_inverted_index.code | 11, 26, 37, 67, 82, 120, 222, 250 |
| abstract_inverted_index.end, | 90 |
| abstract_inverted_index.find | 137 |
| abstract_inverted_index.from | 162 |
| abstract_inverted_index.have | 179 |
| abstract_inverted_index.into | 110 |
| abstract_inverted_index.less | 156 |
| abstract_inverted_index.more | 242, 254 |
| abstract_inverted_index.name | 134 |
| abstract_inverted_index.once | 186 |
| abstract_inverted_index.only | 155 |
| abstract_inverted_index.play | 13 |
| abstract_inverted_index.rate | 205 |
| abstract_inverted_index.role | 16 |
| abstract_inverted_index.such | 2 |
| abstract_inverted_index.than | 157 |
| abstract_inverted_index.that | 39, 59, 138, 230 |
| abstract_inverted_index.this | 89 |
| abstract_inverted_index.were | 28 |
| abstract_inverted_index.will | 49 |
| abstract_inverted_index.with | 57, 84 |
| abstract_inverted_index.work | 164 |
| abstract_inverted_index.(code | 130 |
| abstract_inverted_index.clean | 46 |
| abstract_inverted_index.model | 38 |
| abstract_inverted_index.offer | 7 |
| abstract_inverted_index.paper | 75 |
| abstract_inverted_index.rates | 193 |
| abstract_inverted_index.shows | 229 |
| abstract_inverted_index.tasks | 129 |
| abstract_inverted_index.three | 117 |
| abstract_inverted_index.under | 224 |
| abstract_inverted_index.vital | 15 |
| abstract_inverted_index.while | 202 |
| abstract_inverted_index.10.47% | 199 |
| abstract_inverted_index.77.05% | 209 |
| abstract_inverted_index.92.98% | 211 |
| abstract_inverted_index.PLBART | 123 |
| abstract_inverted_index.almost | 180 |
| abstract_inverted_index.around | 139 |
| abstract_inverted_index.attack | 182 |
| abstract_inverted_index.behave | 43 |
| abstract_inverted_index.bypass | 146, 165 |
| abstract_inverted_index.cannot | 235 |
| abstract_inverted_index.inject | 107 |
| abstract_inverted_index.method | 133, 171, 234 |
| abstract_inverted_index.models | 27, 68, 83, 121, 223, 251 |
| abstract_inverted_index.rates. | 184 |
| abstract_inverted_index.tasks. | 23, 215 |
| abstract_inverted_index.widely | 118 |
| abstract_inverted_index.12.06%, | 201 |
| abstract_inverted_index.CodeT5) | 125 |
| abstract_inverted_index.CodeT5, | 6 |
| abstract_inverted_index.Feature | 95 |
| abstract_inverted_index.adopted | 119 |
| abstract_inverted_index.attacks | 65, 227 |
| abstract_inverted_index.defense | 151, 170, 188, 233 |
| abstract_inverted_index.efforts | 244 |
| abstract_inverted_index.exposes | 218 |
| abstract_inverted_index.finding | 217 |
| abstract_inverted_index.inputs. | 112 |
| abstract_inverted_index.models, | 1 |
| abstract_inverted_index.outputs | 53 |
| abstract_inverted_index.perfect | 181 |
| abstract_inverted_index.produce | 50 |
| abstract_inverted_index.propose | 92 |
| abstract_inverted_index.provide | 236 |
| abstract_inverted_index.success | 183, 192, 204 |
| abstract_inverted_index.threats | 248 |
| abstract_inverted_index.Adaptive | 97 |
| abstract_inverted_index.CodeBERT | 4 |
| abstract_inverted_index.Existing | 63 |
| abstract_inverted_index.However, | 185 |
| abstract_inverted_index.achieves | 100 |
| abstract_inverted_index.activate | 60 |
| abstract_inverted_index.adaptive | 108, 142 |
| abstract_inverted_index.applied, | 174, 190 |
| abstract_inverted_index.attacks. | 35, 87 |
| abstract_inverted_index.backdoor | 34, 64, 86, 226 |
| abstract_inverted_index.decrease | 196 |
| abstract_inverted_index.defense. | 167 |
| abstract_inverted_index.evaluate | 114 |
| abstract_inverted_index.examples | 47, 55 |
| abstract_inverted_index.injected | 56 |
| abstract_inverted_index.normally | 44 |
| abstract_inverted_index.previous | 163 |
| abstract_inverted_index.process. | 152 |
| abstract_inverted_index.research | 243 |
| abstract_inverted_index.revealed | 29 |
| abstract_inverted_index.security | 219, 247 |
| abstract_inverted_index.software | 21 |
| abstract_inverted_index.stealthy | 85, 225 |
| abstract_inverted_index.triggers | 58, 109, 143, 161 |
| abstract_inverted_index.AFRAIDOOR | 93, 99, 115, 145, 176, 207 |
| abstract_inverted_index.automated | 20 |
| abstract_inverted_index.baselines | 178, 195 |
| abstract_inverted_index.contrast, | 154 |
| abstract_inverted_index.detection | 148 |
| abstract_inverted_index.different | 111 |
| abstract_inverted_index.effective | 255 |
| abstract_inverted_index.malicious | 52 |
| abstract_inverted_index.recently, | 25 |
| abstract_inverted_index.triggers. | 73 |
| abstract_inverted_index.(CodeBERT, | 122 |
| abstract_inverted_index.Backdoor). | 98 |
| abstract_inverted_index.backdoors. | 62 |
| abstract_inverted_index.developing | 253 |
| abstract_inverted_index.downstream | 19, 128 |
| abstract_inverted_index.leveraging | 103 |
| abstract_inverted_index.sufficient | 237 |
| abstract_inverted_index.supporting | 18 |
| abstract_inverted_index.unstealthy | 70 |
| abstract_inverted_index.vulnerable | 32 |
| abstract_inverted_index.weaknesses | 220 |
| abstract_inverted_index.adversarial | 104 |
| abstract_inverted_index.engineering | 22 |
| abstract_inverted_index.investigate | 78 |
| abstract_inverted_index.pre-defined | 51 |
| abstract_inverted_index.protection. | 238 |
| abstract_inverted_index.(Adversarial | 94 |
| abstract_inverted_index.dramatically | 197 |
| abstract_inverted_index.prediction). | 135 |
| abstract_inverted_index.stealthiness | 101 |
| abstract_inverted_index.perturbations | 105 |
| abstract_inverted_index.summarization | 131 |
| abstract_inverted_index.understanding | 246 |
| abstract_inverted_index.vulnerability | 80 |
| abstract_inverted_index.easy-to-detect | 72 |
| abstract_inverted_index.general-purpose | 8 |
| abstract_inverted_index.representations | 9 |
| abstract_inverted_index.countermeasures. | 256 |
| abstract_inverted_index.state-of-the-art | 232 |
| abstract_inverted_index.backdoor-attacked | 41 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 7 |
| citation_normalized_percentile |