Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems
Sicong Cao, Xiaobing Sun, Xiaoxue Wu, David Lo, Lili Bo, Bin Li, Wei, Liu
TL;DR
Coca is a framework that enhances the robustness and explainability of GNN-based vulnerability detection systems by reducing spurious correlations and providing concise, causal explanations for detected vulnerabilities.
Contribution
The paper introduces Coca, a novel framework combining robust training and causal explanation methods to improve GNN vulnerability detectors.
Findings
Coca effectively mitigates spurious correlation issues.
Coca provides high-quality, concise explanations.
Experimental results show improved robustness and explanation quality.
Abstract
Recently, Graph Neural Network (GNN)-based vulnerability detection systems have achieved remarkable success. However, the lack of explainability poses a critical challenge to deploy black-box models in security-related domains. For this reason, several approaches have been proposed to explain the decision logic of the detection model by providing a set of crucial statements positively contributing to its predictions. Unfortunately, due to the weakly-robust detection models and suboptimal explanation strategy, they have the danger of revealing spurious correlations and redundancy issue. In this paper, we propose Coca, a general framework aiming to 1) enhance the robustness of existing GNN-based vulnerability detection models to avoid spurious explanations; and 2) provide both concise and effective explanations to reason about the detected vulnerabilities. \sysname consists of two core…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Graph Neural Networks