Document Type
Article
Publication Date
3-21-2025
Publication Title
IEEE Transactions on Dependable and Secure Computing
Volume
22
Issue
5
Pages
4753-4767
Publisher Name
IEEE
Abstract
Authorship attribution has become increasingly accurate, posing a serious privacy risk for programmers who wish to remain anonymous. In this article, we introduce SHIELD to examine the robustness of different code authorship attribution approaches against adversarial code examples. We define four attacks on attribution techniques, which include targeted and non-targeted attacks, and realize them using adversarial code perturbation. We experimented with a dataset of 200 programmers from the Google Code Jam competition to validate our methods. We target six state-of-the-art authorship attribution methods that adopt various techniques for extracting authorship traits from source code, including RNN, CNN, and code stylometry. Our experiments demonstrate the vulnerability of current authorship attribution methods against adversarial attacks. For the non-targeted attack, our experiments demonstrate the vulnerability of current authorship attribution methods against the attack with an attack success rate exceeding 98.5% accompanied by a degradation of the identification confidence exceeding 13%. For targeted attacks, we show the possibility of impersonating a programmer using targeted adversarial perturbations with a success rate ranging from 66% to 88% for different authorship attribution techniques under several adversarial scenarios.
Recommended Citation
M. Abuhamad, C. Jung, D. Mohaisen and D. Nyang, "SHIELD: Thwarting Code Authorship Attribution," in IEEE Transactions on Dependable and Secure Computing, vol. 22, no. 5, pp. 4753-4767, Sept.-Oct. 2025, doi: 10.1109/TDSC.2025.3553753.
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Copyright Statement
© IEEE, 2025.

Comments
Author Posting © 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The definitive version was published in IEEE Transactions on Dependable and Secure Computing (March 2025), https://doi.org/10.1109/TDSC.2025.3553753.