Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems
CoRR(2024)
摘要
Recently, Graph Neural Network (GNN)-based vulnerability detection systems
have achieved remarkable success. However, the lack of explainability poses a
critical challenge to deploy black-box models in security-related domains. For
this reason, several approaches have been proposed to explain the decision
logic of the detection model by providing a set of crucial statements
positively contributing to its predictions. Unfortunately, due to the
weakly-robust detection models and suboptimal explanation strategy, they have
the danger of revealing spurious correlations and redundancy issue.
In this paper, we propose Coca, a general framework aiming to 1) enhance the
robustness of existing GNN-based vulnerability detection models to avoid
spurious explanations; and 2) provide both concise and effective explanations
to reason about the detected vulnerabilities. consists of two core
parts referred to as Trainer and Explainer. The former aims to train a
detection model which is robust to random perturbation based on combinatorial
contrastive learning, while the latter builds an explainer to derive crucial
code statements that are most decisive to the detected vulnerability via
dual-view causal inference as explanations. We apply Coca over three typical
GNN-based vulnerability detectors. Experimental results show that Coca can
effectively mitigate the spurious correlation issue, and provide more useful
high-quality explanations.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要