Embedding Java Classes with code2vec: Improvements from Variable Obfuscation
Automatic source code analysis in key areas of software engineering, such as code security, can benefit from Machine Learning (ML). However, many standard ML approaches require a numeric representation of data and cannot be applied directly to source code. Thus, to enable ML, we need to embed source...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2020-04 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Compton, Rhys Frank, Eibe Patros, Panos Koay, Abigail |
| description | Automatic source code analysis in key areas of software engineering, such as code security, can benefit from Machine Learning (ML). However, many standard ML approaches require a numeric representation of data and cannot be applied directly to source code. Thus, to enable ML, we need to embed source code into numeric feature vectors while maintaining the semantics of the code as much as possible. code2vec is a recently released embedding approach that uses the proxy task of method name prediction to map Java methods to feature vectors. However, experimentation with code2vec shows that it learns to rely on variable names for prediction, causing it to be easily fooled by typos or adversarial attacks. Moreover, it is only able to embed individual Java methods and cannot embed an entire collection of methods such as those present in a typical Java class, making it difficult to perform predictions at the class level (e.g., for the identification of malicious Java classes). Both shortcomings are addressed in the research presented in this paper. We investigate the effect of obfuscating variable names during the training of a code2vec model to force it to rely on the structure of the code rather than specific names and consider a simple approach to creating class-level embeddings by aggregating sets of method embeddings. Our results, obtained on a challenging new collection of source-code classification problems, indicate that obfuscating variable names produces an embedding model that is both impervious to variable naming and more accurately reflects code semantics. The datasets, models, and code are shared for further ML research on source code. |
| doi_str_mv | 10.48550/arxiv.2004.02942 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2004_02942</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2387524394</sourcerecordid><originalsourceid>FETCH-LOGICAL-a524-75f714e652f8f0b581dda6d753a9bcff73902a9d9a5b08424c6670368a3b659e3</originalsourceid><addsrcrecordid>eNotj09LwzAYh4MgOOY-gCcDnjvTN_8abzKmTga7DK_lTZNox9rOpKv67a2bp9_l4cfzEHKTs7kopGT3GL_rYQ6MiTkDI-CCTIDzPCsEwBWZpbRjjIHSICWfkPWysd65un2nrzggXewxJZ_oV91_0KpzHgZfPdBVc4jd4Bvf9omG2DX0DWONdu_pxoZjqrCvu_aaXAbcJz_73ynZPi23i5dsvXleLR7XGUoQmZZB58IrCaEIzMoidw6V05KjsVUImhsGaJxBadloLSqlNOOqQG6VNJ5Pye359pRaHmLdYPwp_5LLU_JI3J2J0frz6FNf7rpjbEenEnihRwtuBP8FXWVYkA</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2387524394</pqid></control><display><type>article</type><title>Embedding Java Classes with code2vec: Improvements from Variable Obfuscation</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Compton, Rhys ; Frank, Eibe ; Patros, Panos ; Koay, Abigail</creator><creatorcontrib>Compton, Rhys ; Frank, Eibe ; Patros, Panos ; Koay, Abigail</creatorcontrib><description>Automatic source code analysis in key areas of software engineering, such as code security, can benefit from Machine Learning (ML). However, many standard ML approaches require a numeric representation of data and cannot be applied directly to source code. Thus, to enable ML, we need to embed source code into numeric feature vectors while maintaining the semantics of the code as much as possible. code2vec is a recently released embedding approach that uses the proxy task of method name prediction to map Java methods to feature vectors. However, experimentation with code2vec shows that it learns to rely on variable names for prediction, causing it to be easily fooled by typos or adversarial attacks. Moreover, it is only able to embed individual Java methods and cannot embed an entire collection of methods such as those present in a typical Java class, making it difficult to perform predictions at the class level (e.g., for the identification of malicious Java classes). Both shortcomings are addressed in the research presented in this paper. We investigate the effect of obfuscating variable names during the training of a code2vec model to force it to rely on the structure of the code rather than specific names and consider a simple approach to creating class-level embeddings by aggregating sets of method embeddings. Our results, obtained on a challenging new collection of source-code classification problems, indicate that obfuscating variable names produces an embedding model that is both impervious to variable naming and more accurately reflects code semantics. The datasets, models, and code are shared for further ML research on source code.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2004.02942</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Collection ; Computer Science - Learning ; Computer Science - Programming Languages ; Computer Science - Software Engineering ; Embedding ; Experimentation ; Machine learning ; Mathematical models ; Names ; Semantics ; Software engineering ; Source code ; Statistics - Machine Learning</subject><ispartof>arXiv.org, 2020-04</ispartof><rights>2020. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2004.02942$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3379597.3387445$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Compton, Rhys</creatorcontrib><creatorcontrib>Frank, Eibe</creatorcontrib><creatorcontrib>Patros, Panos</creatorcontrib><creatorcontrib>Koay, Abigail</creatorcontrib><title>Embedding Java Classes with code2vec: Improvements from Variable Obfuscation</title><title>arXiv.org</title><description>Automatic source code analysis in key areas of software engineering, such as code security, can benefit from Machine Learning (ML). However, many standard ML approaches require a numeric representation of data and cannot be applied directly to source code. Thus, to enable ML, we need to embed source code into numeric feature vectors while maintaining the semantics of the code as much as possible. code2vec is a recently released embedding approach that uses the proxy task of method name prediction to map Java methods to feature vectors. However, experimentation with code2vec shows that it learns to rely on variable names for prediction, causing it to be easily fooled by typos or adversarial attacks. Moreover, it is only able to embed individual Java methods and cannot embed an entire collection of methods such as those present in a typical Java class, making it difficult to perform predictions at the class level (e.g., for the identification of malicious Java classes). Both shortcomings are addressed in the research presented in this paper. We investigate the effect of obfuscating variable names during the training of a code2vec model to force it to rely on the structure of the code rather than specific names and consider a simple approach to creating class-level embeddings by aggregating sets of method embeddings. Our results, obtained on a challenging new collection of source-code classification problems, indicate that obfuscating variable names produces an embedding model that is both impervious to variable naming and more accurately reflects code semantics. The datasets, models, and code are shared for further ML research on source code.</description><subject>Collection</subject><subject>Computer Science - Learning</subject><subject>Computer Science - Programming Languages</subject><subject>Computer Science - Software Engineering</subject><subject>Embedding</subject><subject>Experimentation</subject><subject>Machine learning</subject><subject>Mathematical models</subject><subject>Names</subject><subject>Semantics</subject><subject>Software engineering</subject><subject>Source code</subject><subject>Statistics - Machine Learning</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj09LwzAYh4MgOOY-gCcDnjvTN_8abzKmTga7DK_lTZNox9rOpKv67a2bp9_l4cfzEHKTs7kopGT3GL_rYQ6MiTkDI-CCTIDzPCsEwBWZpbRjjIHSICWfkPWysd65un2nrzggXewxJZ_oV91_0KpzHgZfPdBVc4jd4Bvf9omG2DX0DWONdu_pxoZjqrCvu_aaXAbcJz_73ynZPi23i5dsvXleLR7XGUoQmZZB58IrCaEIzMoidw6V05KjsVUImhsGaJxBadloLSqlNOOqQG6VNJ5Pye359pRaHmLdYPwp_5LLU_JI3J2J0frz6FNf7rpjbEenEnihRwtuBP8FXWVYkA</recordid><startdate>20200406</startdate><enddate>20200406</enddate><creator>Compton, Rhys</creator><creator>Frank, Eibe</creator><creator>Patros, Panos</creator><creator>Koay, Abigail</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>EPD</scope><scope>GOX</scope></search><sort><creationdate>20200406</creationdate><title>Embedding Java Classes with code2vec: Improvements from Variable Obfuscation</title><author>Compton, Rhys ; Frank, Eibe ; Patros, Panos ; Koay, Abigail</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a524-75f714e652f8f0b581dda6d753a9bcff73902a9d9a5b08424c6670368a3b659e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Collection</topic><topic>Computer Science - Learning</topic><topic>Computer Science - Programming Languages</topic><topic>Computer Science - Software Engineering</topic><topic>Embedding</topic><topic>Experimentation</topic><topic>Machine learning</topic><topic>Mathematical models</topic><topic>Names</topic><topic>Semantics</topic><topic>Software engineering</topic><topic>Source code</topic><topic>Statistics - Machine Learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Compton, Rhys</creatorcontrib><creatorcontrib>Frank, Eibe</creatorcontrib><creatorcontrib>Patros, Panos</creatorcontrib><creatorcontrib>Koay, Abigail</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv Statistics</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Compton, Rhys</au><au>Frank, Eibe</au><au>Patros, Panos</au><au>Koay, Abigail</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Embedding Java Classes with code2vec: Improvements from Variable Obfuscation</atitle><jtitle>arXiv.org</jtitle><date>2020-04-06</date><risdate>2020</risdate><eissn>2331-8422</eissn><abstract>Automatic source code analysis in key areas of software engineering, such as code security, can benefit from Machine Learning (ML). However, many standard ML approaches require a numeric representation of data and cannot be applied directly to source code. Thus, to enable ML, we need to embed source code into numeric feature vectors while maintaining the semantics of the code as much as possible. code2vec is a recently released embedding approach that uses the proxy task of method name prediction to map Java methods to feature vectors. However, experimentation with code2vec shows that it learns to rely on variable names for prediction, causing it to be easily fooled by typos or adversarial attacks. Moreover, it is only able to embed individual Java methods and cannot embed an entire collection of methods such as those present in a typical Java class, making it difficult to perform predictions at the class level (e.g., for the identification of malicious Java classes). Both shortcomings are addressed in the research presented in this paper. We investigate the effect of obfuscating variable names during the training of a code2vec model to force it to rely on the structure of the code rather than specific names and consider a simple approach to creating class-level embeddings by aggregating sets of method embeddings. Our results, obtained on a challenging new collection of source-code classification problems, indicate that obfuscating variable names produces an embedding model that is both impervious to variable naming and more accurately reflects code semantics. The datasets, models, and code are shared for further ML research on source code.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2004.02942</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2020-04 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2004_02942 |
| source | arXiv.org; Free E- Journals |
| subjects | Collection Computer Science - Learning Computer Science - Programming Languages Computer Science - Software Engineering Embedding Experimentation Machine learning Mathematical models Names Semantics Software engineering Source code Statistics - Machine Learning |
| title | Embedding Java Classes with code2vec: Improvements from Variable Obfuscation |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-21T16%3A24%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Embedding%20Java%20Classes%20with%20code2vec:%20Improvements%20from%20Variable%20Obfuscation&rft.jtitle=arXiv.org&rft.au=Compton,%20Rhys&rft.date=2020-04-06&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2004.02942&rft_dat=%3Cproquest_arxiv%3E2387524394%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2387524394&rft_id=info:pmid/&rfr_iscdi=true |