Counterfactual explanations highlight "actionable knowledge" which helps the end-users to understand how a machine learning outcome could be changed to a more desirable outcome. In code vulnerability detection, understanding these "actionable" corrections can be critical to proactively mitigate security attacks that are caused by known vulnerabilities. In this paper, we present the case-based explainer DisCERN for counterfactual discovery with code data. DisCERN explainer finds counterfactuals to explain the outcomes of black-box vulnerability detection models and highlight actionable corrections to guide the user. DisCERN uses feature relevance explainer knowledge as a proxy to discover potentially vulnerable code statements and then used a novel substitution algorithm based on pattern matching to find corrections from the nearest unlike neighbour. The overall aim of DisCERN is to identify vulnerabilities and correct them with minimal changes necessary. We evaluate DisCERN using the NIST Java SAR dataset to find that DisCERN finds counterfactuals for 96% of the test instances with 13 ~ 14 statement changes in each test instance. Additionally, we present example counterfactuals found using DisCERN to qualitatively evaluate the algorithm.
WIJEKOON, A. and WIRATUNGA, N. 2021. Reasoning with counterfactual explanations for code vulnerability detection and correction. In Sani, S. and Kalutarage, H. (eds.) AI and cybersecurity 2021 (AI-Cybersec 2021): proceedings of the workshop on AI and cybersecurity (AI-Cybersec 2021) co-located with 41st (British Computer Society's Specialist Group on Artificial Intelligence) SGAI international conference on artificial intelligence (SGAI 2021), 14 December 2021, Cambridge, UK: [virtual conference]. Aachen: CEUR Workshop Proceedings [online], 3125, pages 1-13. Available from: http://ceur-ws.org/Vol-3125/paper1.pdf 14 December 2021, Cambridge, UK: [virtual event]. Aachen: CEUR Workshop Proceedings [online], 3125, pages 1-13. Available from: http://ceur-ws.org/Vol-3125/paper1.pdf