Abstract

Significant increases in cyberattacks worldwide have threatened the security of organizations, businesses, and individuals. Cyberattacks exploit vulnerabilities in software systems. Recent work has leveraged powerful and complex models, such as deep neural networks, to improve the predictive performance of vulnerability detection models. However, these models are often regarded as “black box” models, making it challenging for software practitioners to understand and interpret their predictions. This lack of explainability has resulted in a reluctance to adopt or deploy these vulnerability prediction models in industry applications. This paper proposes a novel approach, Genetic Algorithm-based Vulnerability Prediction Explainer, (herein GAVulExplainer), which generates explanations for vulnerability prediction models based on graph neural networks. GAVulExplainer leverages genetic algorithms to construct a subgraph explanation that represents the crucial factor contributing to the vulnerability. Experimental results show that our proposed approach outperforms baselines in providing concrete reasons for a vulnerability prediction.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Better together: Comparing vulnerability prediction models
Christopher Theisen ... Laurie Williams
Information and Software Technology | VOL. 119
Christopher Theisen, et. al.Christopher Theisen ... Laurie Williams
05 Nov 2019
The impact of feature types, classifiers, and data balancing techniques on software vulnerability prediction models
Aydin Kaya ... Bedir Tekinerdogan
Journal of Software: Evolution and Process | VOL. 31
Aydin Kaya, et. al.Aydin Kaya ... Bedir Tekinerdogan
22 Apr 2019
Towards Cross Project Vulnerability Prediction in Open Source Web Applications
Ibrahim Abunadi ... Mamdouh Alenezi
-
Ibrahim Abunadi, et. al.Ibrahim Abunadi ... Mamdouh Alenezi
24 Sep 2015
Can traditional fault prediction models be used for vulnerability prediction?
Yonghee Shin ... Laurie Williams
Empirical Software Engineering | VOL. 18
Yonghee Shin, et. al.Yonghee Shin ... Laurie Williams
09 Dec 2011
View more papers

More From: Information and Software Technology

Paper Title
Journal
Date
Author
Evaluating the understandability and user acceptance of Attack-Defense Trees: Original experiment and replication
Giovanna Broccia ... Alessio Ferrari
Information and Software Technology | VOL. -
Giovanna Broccia, et. al.Giovanna Broccia ... Alessio Ferrari
01 Nov 2024
Who uses personas in requirements engineering: The practitioners’ perspective
Yi Wang ... John Grundy
Information and Software Technology | VOL. -
Yi Wang, et. al.Yi Wang ... John Grundy
01 Nov 2024
Impact of minimum viable product on software ecosystem failure
Kati Saarni ... Tomi Männistö
Information and Software Technology | VOL. 178
Kati Saarni, et. al.Kati Saarni ... Tomi Männistö
28 Oct 2024
A survey on Cryptoagility and Agile Practices in the light of quantum resistance
Lodovica Marchesi ... Roberto Tonelli
Information and Software Technology | VOL. 178
Lodovica Marchesi, et. al.Lodovica Marchesi ... Roberto Tonelli
21 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.