Beware What You Autocomplete: Forensic Attribution of Backdoored Code Completions

📅 2026-07-08
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the vulnerability of large language model (LLM)-driven code completion systems to backdoor attacks and the lack of effective forensic methods for tracing their origins. The authors propose CodeTracer, the first end-to-end attribution framework that operates without access to the internal model architecture, relying solely on fine-tuning corpora and anomalous code completion instances. CodeTracer integrates structured behavioral fingerprinting, semantic similarity retrieval, and LLM-based reasoning to precisely attribute backdoored data. Experimental evaluation across three vulnerability types, ten distinct backdoor attacks, and sixteen baseline methods demonstrates that CodeTracer achieves high accuracy, low false-positive rates, and strong robustness, effectively countering adaptive adversarial strategies.
📝 Abstract
Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data covertly implants unsafe behaviors. Despite advances in defensive techniques, adaptive and sophisticated backdoor attacks still evade detection and mitigation. We present CodeTracer, a forensic framework that traces malicious code completions back to the backdoor fine-tuning data responsible for them. Operating under realistic post-deployment constraints, CodeTracer relies solely on the fine-tuning corpus and the reported miscompletion event. It extracts a structured behavioral fingerprint from the compromised output, narrows the search to semantically relevant code samples, and employs LLM-based reasoning to attribute unsafe logic to specific backdoor data. Extensive evaluations across three representative vulnerability cases and ten backdoor attacks, along with sixteen competitive baselines, demonstrate that CodeTracer consistently achieves high forensic accuracy, low false identification rates, and strong robustness against adaptive attacks.
Problem

Research questions and friction points this paper is trying to address.

backdoor attacks
code completion
forensic attribution
large language models
fine-tuning data
Innovation

Methods, ideas, or system contributions that make the work stand out.

backdoor attribution
code completion
forensic tracing
LLM security
behavioral fingerprinting
🔎 Similar Papers