Litcius/Paper detail

Graph-based explainable vulnerability prediction

Hong Quy Nguyen, Thong Hoang, Hoa Khanh Dam, Aditya Ghose

2024Information and Software Technology8 citationsDOIOpen Access PDF

Abstract

Significant increases in cyberattacks worldwide have threatened the security of organizations, businesses, and individuals. Cyberattacks exploit vulnerabilities in software systems. Recent work has leveraged powerful and complex models, such as deep neural networks, to improve the predictive performance of vulnerability detection models. However, these models are often regarded as “black box” models, making it challenging for software practitioners to understand and interpret their predictions. This lack of explainability has resulted in a reluctance to adopt or deploy these vulnerability prediction models in industry applications. This paper proposes a novel approach, G enetic A lgorithm-based Vul nerability Prediction Explainer , (herein GAVulExplainer), which generates explanations for vulnerability prediction models based on graph neural networks. GAVulExplainer leverages genetic algorithms to construct a subgraph explanation that represents the crucial factor contributing to the vulnerability. Experimental results show that our proposed approach outperforms baselines in providing concrete reasons for a vulnerability prediction.

Topics & Concepts

Computer scienceGraphVulnerability (computing)Theoretical computer scienceComputer securitySoftware Engineering ResearchSoftware System Performance and ReliabilitySoftware Testing and Debugging Techniques
Graph-based explainable vulnerability prediction | Litcius