ProvX: Generating Counterfactual-Driven Attack Explanations for Provenance-Based Detection

TL;DR

ProvX is a novel framework that provides verifiable counterfactual explanations for GNN-based provenance intrusion detection models, improving interpretability and robustness against adversarial attacks.

Contribution

It introduces a counterfactual explanation method transforming a discrete graph search into a continuous optimization, with a new strategy for more stable and precise explanations.

Findings

ProvX outperforms state-of-the-art explainers in identifying relevant attack structures.

The framework achieves an average explanation necessity of 51.59%.

ProvX can guide model optimization to enhance robustness against adversarial attacks.

Abstract

Provenance graph-based intrusion detection systems are deployed on hosts to defend against increasingly severe Advanced Persistent Threat. Using Graph Neural Networks to detect these threats has become a research focus and has demonstrated exceptional performance. However, the widespread adoption of GNN-based security models is limited by their inherent black-box nature, as they fail to provide security analysts with any verifiable explanations for model predictions or any evidence regarding the model's judgment in relation to real-world attacks. To address this challenge, we propose ProvX, an effective explanation framework for exlaining GNN-based security models on provenance graphs. ProvX introduces counterfactual explanation logic, seeking the minimal structural subset within a graph predicted as malicious that, when perturbed, can subvert the model's original prediction. We innovatively transform the discrete search problem of finding this critical subgraph into a continuous optimization task guided by a dual objective of prediction flipping and distance minimization. Furthermore, a Staged Solidification strategy is incorporated to enhance the precision and stability of the explanations. We conducted extensive evaluations of ProvX on authoritative datasets. The experimental results demonstrate that ProvX can locate critical graph structures that are highly relevant to real-world attacks and achieves an average explanation necessity of 51.59\%, with these metrics outperforming current SOTA explainers. Furthermore, we explore and provide a preliminary validation of a closed-loop Detection-Explanation-Feedback enhancement framework, demonstrating through experiments that the explanation results from ProvX can guide model optimization, effectively enhancing its robustness against adversarial attacks.