TL;DR
IVDetect is an interpretable machine learning-based vulnerability detector that identifies vulnerable code statements and provides fine-grained explanations using program dependency graphs, significantly outperforming existing methods.
Contribution
The paper introduces IVDetect, a novel vulnerability detection approach that offers fine-grained interpretability by highlighting relevant code sub-graphs, improving detection accuracy and explanation clarity.
Findings
Outperforms existing DL-based approaches by up to 84% in ranking scores.
Correctly identifies relevant vulnerable statements in 67% of cases.
Significantly improves interpretation accuracy over baseline models.
Abstract
Despite the successes of machine learning (ML) and deep learning (DL) based vulnerability detectors (VD), they are limited to providing only the decision on whether a given code is vulnerable or not, without details on what part of the code is relevant to the detected vulnerability. We present IVDetect an interpretable vulnerability detector with the philosophy of using Artificial Intelligence (AI) to detect vulnerabilities, while using Intelligence Assistant (IA) via providing VD interpretations in terms of vulnerable statements. For vulnerability detection, we separately consider the vulnerable statements and their surrounding contexts via data and control dependencies. This allows our model better discriminate vulnerable statements than using the mixture of vulnerable code and~contextual code as in existing approaches. In addition to the coarse-grained vulnerability detection…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
