Anjana Wijekoon
Reasoning with counterfactual explanations for code vulnerability detection and correction.
Wijekoon, Anjana; Wiratunga, Nirmalie
Authors
Professor Nirmalie Wiratunga n.wiratunga@rgu.ac.uk
Associate Dean for Research
Contributors
Sadiq Sani
Editor
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Editor
Abstract
Counterfactual explanations highlight "actionable knowledge" which helps the end-users to understand how a machine learning outcome could be changed to a more desirable outcome. In code vulnerability detection, understanding these "actionable" corrections can be critical to proactively mitigate security attacks that are caused by known vulnerabilities. In this paper, we present the case-based explainer DisCERN for counterfactual discovery with code data. DisCERN explainer finds counterfactuals to explain the outcomes of black-box vulnerability detection models and highlight actionable corrections to guide the user. DisCERN uses feature relevance explainer knowledge as a proxy to discover potentially vulnerable code statements and then used a novel substitution algorithm based on pattern matching to find corrections from the nearest unlike neighbour. The overall aim of DisCERN is to identify vulnerabilities and correct them with minimal changes necessary. We evaluate DisCERN using the NIST Java SAR dataset to find that DisCERN finds counterfactuals for 96% of the test instances with 13 ~ 14 statement changes in each test instance. Additionally, we present example counterfactuals found using DisCERN to qualitatively evaluate the algorithm.
Citation
WIJEKOON, A. and WIRATUNGA, N. 2021. Reasoning with counterfactual explanations for code vulnerability detection and correction. In Sani, S. and Kalutarage, H. (eds.) AI and cybersecurity 2021: proceedings of the 2021 Workshop on AI and cybersecurity (AI-Cybersec 2021), co-located with the 41st Specialist Group on Artificial Intelligence international conference on artificial intelligence (SGAI 2021), 14 December 2021, [virtual event]. CEUR workshop proceedings, 3125. Aachen: CEUR-WS [online], pages 1-13. Available from: http://ceur-ws.org/Vol-3125/paper1.pdf
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2021 Workshop on AI and cybersecurity (AI-Cybersec 2021), co-located with the 41st Specialist Group on Artificial Intelligence international conference on artificial intelligence (SGAI 2021) |
| Start Date | Dec 14, 2021 |
| Acceptance Date | Nov 21, 2021 |
| Online Publication Date | Dec 14, 2021 |
| Publication Date | Apr 17, 2022 |
| Deposit Date | May 5, 2022 |
| Publicly Available Date | May 5, 2022 |
| Publisher | CEUR-WS |
| Peer Reviewed | Peer Reviewed |
| Pages | 1-13 |
| Series Title | CEUR workshop proceedings |
| Series Number | 3125 |
| Series ISSN | 1613-0073 |
| Book Title | AI and cybersecurity 2021 |
| Keywords | Counterfactual explanations; Vulnerability detection; Explainable AI |
| Public URL | https://rgu-repository.worktribe.com/output/1654358 |
| Publisher URL | http://ceur-ws.org/Vol-3125/ |
Files
WIJEKOON 2021 Reasoning with counterfactual (VOR v2)
(3.7 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
FedSim: similarity guided model aggregation for federated learning.
(2021)
Journal Article
A knowledge-light approach to personalised and open-ended human activity recognition.
(2020)
Journal Article
Heterogeneous multi-modal sensor fusion with hybrid attention for exercise recognition.
(2020)
Presentation / Conference Contribution
Zero-shot learning with matching networks for open-ended human activity recognition.
(2018)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search