Are We Learning the Right Features? A Framework for Evaluating DL-Based Software Vulnerability Detection Solutions

TL;DR

This paper introduces a novel framework for evaluating deep learning-based software vulnerability detectors by analyzing features, using perturbations, and assessing their influence on prediction accuracy, highlighting issues with spurious correlations.

Contribution

It proposes a uniform feature representation and a perturbation-based evaluation framework to assess vulnerability detectors' reliance on true versus spurious features.

Findings

Only ~2% of feature-preserving perturbations change predictions.

~84% of feature-eliminating perturbations retain vulnerability predictions.

Spurious features significantly impact recall in graph-based detectors.

Abstract

Recent research has revealed that the reported results of an emerging body of DL-based techniques for detecting software vulnerabilities are not reproducible, either across different datasets or on unseen samples. This paper aims to provide the foundation for properly evaluating the research in this domain. We do so by analyzing prior work and existing vulnerability datasets for the syntactic and semantic features of code that contribute to vulnerability, as well as features that falsely correlate with vulnerability. We provide a novel, uniform representation to capture both sets of features, and use this representation to detect the presence of both vulnerability and spurious features in code. To this end, we design two types of code perturbations: feature preserving perturbations (FPP) ensure that the vulnerability feature remains in a given code sample, while feature eliminating perturbations (FEP) eliminate the feature from the code sample. These perturbations aim to measure the influence of spurious and vulnerability features on the predictions of a given vulnerability detection solution. To evaluate how the two classes of perturbations influence predictions, we conducted a large-scale empirical study on five state-of-the-art DL-based vulnerability detectors. Our study shows that, for vulnerability features, only ~2% of FPPs yield the undesirable effect of a prediction changing among the five detectors on average. However, on average, ~84% of FEPs yield the undesirable effect of retaining the vulnerability predictions. For spurious features, we observed that FPPs yielded a drop in recall up to 29% for graph-based detectors. We present the reasons underlying these results and suggest strategies for improving DNN-based vulnerability detectors. We provide our perturbation-based evaluation framework as a public resource to enable independent future evaluation of vulnerability detectors.