Abstract
Graph neural networks (GNNs) have proven to be an effective tool for vulnerability discovery that outperforms learning-based methods working directly on source code. Unfortunately, these neural networks are uninterpretable models, whose decision process is completely opaque to security experts, which obstructs their practical adoption. Recently, several methods have been proposed for explaining models of machine learning. However, it is unclear whether these methods are suitable for GNNs and support the task of vulnerability discovery. In this paper we present a framework for evaluating explanation methods on GNNs. We develop a set of criteria for comparing graph explanations and linking them to properties of source code. Based on these criteria, we conduct an experimental study of nine regular and three graph-specific explanation methods. Our study demonstrates that explaining GNNs is a non-Trivial task and all evaluation criteria play a role in assessing their efficacy. We further show that graph-specific explanations relate better to code semantics and provide more information to a security expert than regular methods.
Author supplied keywords
Cite
CITATION STYLE
Ganz, T., Härterich, M., Warnecke, A., & Rieck, K. (2021). Explaining Graph Neural Networks for Vulnerability Discovery. In AISec 2021 - Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2021 (pp. 145–156). Association for Computing Machinery, Inc. https://doi.org/10.1145/3474369.3486866
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
