TL;DR
This paper introduces CFExplainer, a counterfactual explanation method for GNN-based vulnerability detection that identifies minimal graph changes affecting predictions, enhancing interpretability and aiding developers.
Contribution
The paper proposes a novel counterfactual explainer for GNNs in vulnerability detection, addressing explainability limitations of existing factual reasoning methods.
Findings
CFExplainer outperforms existing explainers in experiments
It effectively identifies root causes of vulnerabilities
Provides actionable insights for developers
Abstract
Vulnerability detection is crucial for ensuring the security and reliability of software systems. Recently, Graph Neural Networks (GNNs) have emerged as a prominent code embedding approach for vulnerability detection, owing to their ability to capture the underlying semantic structure of source code. However, GNNs face significant challenges in explainability due to their inherently black-box nature. To this end, several factual reasoning-based explainers have been proposed. These explainers provide explanations for the predictions made by GNNs by analyzing the key features that contribute to the outcomes. We argue that these factual reasoning-based explanations cannot answer critical what-if questions: What would happen to the GNN's decision if we were to alter the code graph into alternative structures? Inspired by advancements of counterfactual reasoning in artificial intelligence,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
