Backdoor attacks for neural code models have gained considerable attention due to the advancement of code intelligence. However, most existing works insert triggers into task-specific data for code-related downstream tasks, thereby limiting the scope of attacks. Moreover, the majority of attacks for pre-trained models are designed for understanding tasks. In this paper, we propose task-agnostic backdoor attacks for code pre-trained models. Our backdoored model is pre-trained with two learning strategies (i.e., Poisoned Seq2Seq learning and token representation learning) to support the multi-target attack of downstream code understanding and generation tasks. During the deployment phase, the implanted backdoors in the victim models can be activated by the designed triggers to achieve the targeted attack. We evaluate our approach on two code understanding tasks and three code generation tasks over seven datasets. Extensive experiments demonstrate that our approach can effectively and stealthily attack code-related downstream tasks.

翻译：针对神经代码模型的后门攻击因代码智能的进步而备受关注。然而，现有工作大多将触发器插入针对代码相关下游任务的特定任务数据中，从而限制了攻击范围。此外，大多数针对预训练模型的攻击都是为理解任务而设计的。本文提出了面向代码预训练模型的任务无关后门攻击。我们的后门模型通过两种学习策略（即受污染序列到序列学习和令牌表示学习）进行预训练，以支持下游代码理解和生成任务的多目标攻击。在部署阶段，被植入受害者模型中的后门可通过设计的触发器激活，以实现定向攻击。我们在七个数据集上对两个代码理解任务和三个代码生成任务评估了本方法。大量实验表明，本方法能够有效且隐蔽地攻击代码相关的下游任务。