Machine learning has been successfully used for increasingly complex and critical tasks, achieving high performance and efficiency that would not be possible for human operators. Unfortunately, recent studies have shown that, despite its power, this technology tends to learn spurious correlations from data, making it weak and susceptible to manipulation. Explainability techniques are often used to identify the most relevant features contributing to the decision. However, this is often done by taking examples one by one and trying to show the problem locally. To mitigate this issue, we propose in this paper a systematic method to leverage explainability techniques and build on their results to highlight problems in the model design and training. With an empirical analysis on the Devign dataset, we validate the proposed methodology with a CodeBERT model trained for vulnerability discovery, showing that, despite its impressive performances, spurious correlations consistently steer its decision.

Explainability-based Debugging of Machine Learning for Vulnerability Discovery

Sotgiu, Angelo
Primo
;
Pintor, Maura;Biggio, Battista
Ultimo
2022-01-01

Abstract

Machine learning has been successfully used for increasingly complex and critical tasks, achieving high performance and efficiency that would not be possible for human operators. Unfortunately, recent studies have shown that, despite its power, this technology tends to learn spurious correlations from data, making it weak and susceptible to manipulation. Explainability techniques are often used to identify the most relevant features contributing to the decision. However, this is often done by taking examples one by one and trying to show the problem locally. To mitigate this issue, we propose in this paper a systematic method to leverage explainability techniques and build on their results to highlight problems in the model design and training. With an empirical analysis on the Devign dataset, we validate the proposed methodology with a CodeBERT model trained for vulnerability discovery, showing that, despite its impressive performances, spurious correlations consistently steer its decision.
2022
9781450396707
code vulnerability detection; datasets; machine learning; neural networks
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11584/343353
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 8
social impact