Probing model signal-awareness via prediction-preserving input minimization

Suneja, Sahil; Zheng, Yunhui; Zhuang, Yufan; Laredo, Jim; Morari, Alessandro

doi:10.1145/3468264.3468545

Cited by 21 publications

(5 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Baselines. We adopt three recent vulnerability explanation approaches as baselines: 1) IVDetect [40] leverages GNNExplainer [75] to produce the key program dependence sub-graph (i.e., a list of crucial statements closely related to the detected vulnerability) that affect the decision of the model as explanations; 2) P2IM [61] borrows Delta Debugging [76] to reduce a program sample to a minimal snippet which a model needs to arrive at and stick to its original vulnerable prediction to uncover the model's detection logic; and 3) mVulPreter [82] combines the attention weight with the vulnerability probability outputted by the multi-granularity detector to compute the importance score for each code slice.…”

Section: Rq2: Explanation Performancementioning

confidence: 99%

“…For two baselines (IVDetect and mVulPreter) which require a human-selected 𝑘 value to decide the size of the [40,82] to narrow down the scope of candidate statements to 5, while the size of explanations produced by our approach and P2IM are automatically decided by themselves via optimization. Following [17,61], we evaluate these explanation approaches on another vulnerability dataset D2A [78] because it is labeled with clearly annotated vulnerability-contexts which are more reliable than other diff -based ground truths [15]. We randomly select 10,000 vulnerable samples which can be correctly detected from the D2A dataset to calculate the VTP metrics.…”

Section: Rq2: Explanation Performancementioning

confidence: 99%

“…As a result, the weak robustness of detection models could lead to spurious explanations even if the vulnerable code is correctly identified. Secondly, most prior methods focus on generating explanations from the perspective of factual reasoning [40,56,61], i.e., providing a subset of the input program for which models make the same prediction as they do for the original one. However, such extracted explanations may not be concise enough, covering many redundant statements which are benign but highly relevant to the model's prediction.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems

Cao,

Sun,

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

Recently, Graph Neural Network (GNN)-based vulnerability detection systems have achieved remarkable success. However, the lack of explainability poses a critical challenge to deploy blackbox models in security-related domains. For this reason, several approaches have been proposed to explain the decision logic of the detection model by providing a set of crucial statements positively contributing to its predictions. Unfortunately, due to the weaklyrobust detection models and suboptimal explanation strategy, they have the danger of revealing spurious correlations and redundancy issue.In this paper, we propose Coca, a general framework aiming to 1) enhance the robustness of existing GNN-based vulnerability detection models to avoid spurious explanations; and 2) provide both concise and effective explanations to reason about the detected vulnerabilities. Coca consists of two core parts referred to as Trainer and Explainer. The former aims to train a detection model which is robust to random perturbation based on combinatorial contrastive learning, while the latter builds an explainer to derive crucial code statements that are most decisive to the detected vulnerability via dual-view causal inference as explanations. We

show abstract

Section: Rq2: Explanation Performancementioning

confidence: 99%

Section: Rq2: Explanation Performancementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems

Cao,

Sun,

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

“…Program simplification has gain increasing attention recently. The state-of-the-art methods such as SIVAND [34] and P2IM [42] a based on the delta debugging prototype [49]. The delta debugging mechanism requires an input code snippet and an auxiliary deep learning model such as the code2vec [3].…”

Section: Program Simplificationmentioning

confidence: 99%

Diet Code is Healthy: Simplifying Programs for Pre-Trained Models of Code

Zhang,

Shen

et al. 2022

Preprint

View full text Add to dashboard Cite

Pre-trained code representation models such as CodeBERT have demonstrated superior performance in a variety of software engineering tasks, yet they are often heavy in complexity, quadratically with the length of input sequence. Our empirical analysis on CodeBERT's attention reveals that CodeBERT pays more attention to certain types of tokens and statements such as keywords and data-relevant statements. Based on these findings, we propose Diet-CodeBERT, which aims at lightweight leverage of large pre-trained models for source code. DietCodeBERT simplifies the input program of CodeBERT with three strategies, namely, word dropout, frequency filtering, and an attention-based strategy which selects statements and tokens that receive the most attention weights during pre-training. Hence, it gives a substantial reduce in the computational cost without hampering the model performance. Results on two downstream tasks show that DietCodeBERT provides comparable results as CodeBERT with 40% less computational cost in fine-tuning and testing. CCS CONCEPTS• Computing methodologies → Natural language processing.

show abstract

“…In the realm of understanding for source code models, recent work uses delta-debugging techniques to reduce a program to a set of statements that is minimal and still preserves the initial model prediction [31,42]. The intuition here is that essentially the remaining statements are the important signal being picked up by the model.…”

Section: Related Workmentioning

confidence: 99%

Counterfactual Explanations for Models of Code

Cito

Dillig

Murali

et al. 2022

2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)

View full text Add to dashboard Cite

Machine learning (ML) models play an increasingly prevalent role in many software engineering tasks. However, because most models are now powered by opaque deep neural networks, it can be difficult for developers to understand why the model came to a certain conclusion and how to act upon the model's prediction. Motivated by this problem, this paper explores counterfactual explanations for models of source code. Such counterfactual explanations constitute minimal changes to the source code under which the model "changes its mind". We integrate counterfactual explanation generation to models of source code in a real-world setting. We describe considerations that impact both the ability to find realistic and plausible counterfactual explanations, as well as the usefulness of such explanation to the developers that use the model. In a series of experiments we investigate the efficacy of our approach on three different models, each based on a BERT-like architecture operating over source code.

show abstract

Probing model signal-awareness via prediction-preserving input minimization

Cited by 21 publications

References 45 publications

Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems

Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems

Diet Code is Healthy: Simplifying Programs for Pre-Trained Models of Code

Counterfactual Explanations for Models of Code

Contact Info

Product

Resources

About