A user-centred evaluation of DisCERN: Discovering counterfactuals for code vulnerability detection and correction

Wijekoon Anjana; Wiratunga Nirmalie

首页> 外文期刊>Knowledge-based systems >A user-centred evaluation of DisCERN: Discovering counterfactuals for code vulnerability detection and correction

【24h】

A user-centred evaluation of DisCERN: Discovering counterfactuals for code vulnerability detection and correction

机译：

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Counterfactual explanations highlight actionable knowledge which helps to understand how a machine learning model outcome could be altered to a more favourable outcome. Understanding actionable corrections in source code analysis can be critical to proactively mitigate security attacks that are caused by known vulnerabilities. In this paper, we present the DisCERN explainer for discovering counterfactuals for code vulnerability correction. Given a vulnerable code segment, DisCERN finds counterfactual (i.e. non-vulnerable) code segments and recommends actionable corrections. DisCERN uses feature attribution knowledge to identify potentially vulnerable code statements. Subsequently, it applies a substitution-focused correction, suggesting suitable fixes by analysing the nearest-unlike neighbour. Overall, DisCERN aims to identify vulnerabilities and correct them while preserving both the code syntax and the original functionality of the code. A user study evaluated the utility of counterfactuals for vulnerability detection and correction compared to more commonly used feature attribution explainers. The study revealed that counterfactuals foster positive shifts in mental models, effectively guiding users towards making vulnerability corrections. Furthermore, counterfactuals significantly reduced the cognitive load when detecting and correcting vulnerabilities in complex code segments. Despite these benefits, the user study showed that feature attribution explanations are still more widely accepted than counterfactuals, possibly due to the greater familiarity with the former and the novelty of the latter. These findings encourage further research and development into counterfactual explanations, as they demonstrate the potential for acceptability over time among developers as a reliable resource for both coding and training. (c) 2023 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

著录项

来源
《Knowledge-based systems》 |2023年第25期|1.1-1.18|共18页
作者
Wijekoon Anjana; Wiratunga Nirmalie;
展开▼
作者单位

Robert Gordon Univ;

展开▼
收录信息
原文格式 PDF
正文语种英语
中图分类计算技术、计算机技术;
关键词
Counterfactual explanations; Vulnerability detection; Explainable AI;

相似文献

外文文献
中文文献
专利

1. New Findings from Hangzhou Dianzi University Describe Advances in Networks (Vulgrab: Graph-embedding-based Code Vulnerability Detection With Bi-directional Gated Graph Neural Network) [J] . Network Daily News . 2023,第15期

机译：New Findings from Hangzhou Dianzi University Describe Advances in Networks (Vulgrab: Graph-embedding-based Code Vulnerability Detection With Bi-directional Gated Graph Neural Network)
2. VulGraB: Graph-embedding-based code vulnerability detection with bi-directional gated graph neural network [J] . Wang Sixuan, Huang Chen, Yu DongjinChen Xin Software: Practice and experience . 2023,第8期

机译：VulGraB: Graph-embedding-based code vulnerability detection with bi-directional gated graph neural network
3. VulGraB: Graph-embedding-based code vulnerability detection with bi-directional gated graph neural network [J] . Wang Sixuan, Huang Chen, Yu DongjinChen Xin software-practice & experience . 2023,第8期

机译：VulGraB: Graph-embedding-based code vulnerability detection with bi-directional gated graph neural network
4. SEISMIC VULNERABILITY EVALUATION OF LONGHU PAGODA, SICHUAN, PRC [C] . Peixuan Wang, Jacopo Scacco, Gabriele Milani International Conference on Structural Dynamics . 2020

机译：seismic vulnerability evaluation of long hu pagoda, Sichuan, PRC
5. Correction to: Cui Lai, Lei Qin, Liang Chen, Guang-Ming Zeng, Dan-Lian Huang, Chen Zhang, Piao Xu and Min Cheng, Sensitive and selective detection of glutathione based on anti-catalytical growth of gold nanoparticles colorimetric sensor [O] . 2017

机译：Correction to: Cui Lai, Lei Qin, Liang Chen, Guang-Ming Zeng, Dan-Lian Huang, Chen Zhang, Piao Xu and Min Cheng, Sensitive and selective detection of glutathione based on anti-catalytical growth of gold nanoparticles colorimetric sensor
6. POD Assessment of NDI Procedures Using a Round Robin Test (Les Tests ComparatifsInter-Laboratoires pour l'Evaluation de la Probabilite de Detection POD des Procedures NDI) [R] . 1995

机译：使用循环测试进行NDI程序的pOD评估（Les Tests ComparatifsInter-Laboratoires pour l'Evaluation de la probabilite de Detection pOD des procedures NDI）

A user-centred evaluation of DisCERN: Discovering counterfactuals for code vulnerability detection and correction

摘要

著录项

相似文献

相关主题

期刊订阅