Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beyond Natural Language Perplexity: Detecting Dead Code Poisoning in Code Generation Datasets

Chi-Chien Tsai, Chia-Mu Yu, Ying-Dar Lin, Yu-Sung Wu, Wei-Bin Lee

TL;DR

This work tackles dead code poisoning in code-generation datasets, a threat that can bias or degrade Code LLM outputs. It introduces DePA, a line-level perplexity analysis that treats each code line as a functional unit and compares its line-level perplexity to the file-wide distribution using a Code LLM. By computing $PPL$-Line(i) and flagging lines exceeding $\mu + T\sigma$ with $T=1.5$, DePA achieves substantial gains over token-level detectors, delivering higher F1, improved poisoned-segment localization (0.85 on average), and faster processing (roughly 0.62–23x speedup) across MBPP, HumanEval, MathQA-Python, and APPS. The results show an AUROC around 0.80, indicating strong discrimination between poisoned and clean data, and the analysis includes adaptive attacks that reveal resilience while highlighting areas for enhancement, such as combining with static analyses to reduce false positives.

Abstract

The increasing adoption of large language models (LLMs) for code-related tasks has raised concerns about the security of their training datasets. One critical threat is dead code poisoning, where syntactically valid but functionally redundant code is injected into training data to manipulate model behavior. Such attacks can degrade the performance of neural code search systems, leading to biased or insecure code suggestions. Existing detection methods, such as token-level perplexity analysis, fail to effectively identify dead code due to the structural and contextual characteristics of programming languages. In this paper, we propose DePA (Dead Code Perplexity Analysis), a novel line-level detection and cleansing method tailored to the structural properties of code. DePA computes line-level perplexity by leveraging the contextual relationships between code lines and identifies anomalous lines by comparing their perplexity to the overall distribution within the file. Our experiments on benchmark datasets demonstrate that DePA significantly outperforms existing methods, achieving 0.14-0.19 improvement in detection F1-score and a 44-65% increase in poisoned segment localization precision. Furthermore, DePA enhances detection speed by 0.62-23x, making it practical for large-scale dataset cleansing. Overall, by addressing the unique challenges of dead code poisoning, DePA provides a robust and efficient solution for safeguarding the integrity of code generation model training datasets.

Beyond Natural Language Perplexity: Detecting Dead Code Poisoning in Code Generation Datasets

TL;DR

This work tackles dead code poisoning in code-generation datasets, a threat that can bias or degrade Code LLM outputs. It introduces DePA, a line-level perplexity analysis that treats each code line as a functional unit and compares its line-level perplexity to the file-wide distribution using a Code LLM. By computing -Line(i) and flagging lines exceeding with , DePA achieves substantial gains over token-level detectors, delivering higher F1, improved poisoned-segment localization (0.85 on average), and faster processing (roughly 0.62–23x speedup) across MBPP, HumanEval, MathQA-Python, and APPS. The results show an AUROC around 0.80, indicating strong discrimination between poisoned and clean data, and the analysis includes adaptive attacks that reveal resilience while highlighting areas for enhancement, such as combining with static analyses to reduce false positives.

Abstract

The increasing adoption of large language models (LLMs) for code-related tasks has raised concerns about the security of their training datasets. One critical threat is dead code poisoning, where syntactically valid but functionally redundant code is injected into training data to manipulate model behavior. Such attacks can degrade the performance of neural code search systems, leading to biased or insecure code suggestions. Existing detection methods, such as token-level perplexity analysis, fail to effectively identify dead code due to the structural and contextual characteristics of programming languages. In this paper, we propose DePA (Dead Code Perplexity Analysis), a novel line-level detection and cleansing method tailored to the structural properties of code. DePA computes line-level perplexity by leveraging the contextual relationships between code lines and identifies anomalous lines by comparing their perplexity to the overall distribution within the file. Our experiments on benchmark datasets demonstrate that DePA significantly outperforms existing methods, achieving 0.14-0.19 improvement in detection F1-score and a 44-65% increase in poisoned segment localization precision. Furthermore, DePA enhances detection speed by 0.62-23x, making it practical for large-scale dataset cleansing. Overall, by addressing the unique challenges of dead code poisoning, DePA provides a robust and efficient solution for safeguarding the integrity of code generation model training datasets.

Paper Structure

This paper contains 27 sections, 4 equations, 6 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Data Poisoning on Code LLMs
  4. Poisoning Defense on Code LLMs
  5. Background Knowledge
  6. Perplexity
  7. Dead Code Poisoning
  8. Proposed Method
  9. Overview
  10. DePA details
  11. Evaluation
  12. Setup
  13. Dataset
  14. Attack Generation
  15. Metric
  16. ...and 12 more sections

Figures (6)

  • Figure 1: Data poisoning attack scenario.
  • Figure 2: An illustrative example of DePA.
  • Figure 3: Average F1-score in different $T$.
  • Figure 4: ROC curves of each detection methods (CL refers to CodeLlama, GPT indicates CodeGPT, LT stands for the LLM Tokenizer, and PT represents the Python Tokenizer.).
  • Figure 5: F1-scores of the varying number of iterations for GA in generating triggers that evade detection.
  • ...and 1 more figures