Assessment of Software Vulnerability Contributing Factors by Model-Agnostic Explainable AI

Li, Ding; Liu, Yan; Huang, Jun

doi:10.3390/make6020050

MAKE

2024

DOI: 10.3390/make6020050

|View full text |Cite

Assessment of Software Vulnerability Contributing Factors by Model-Agnostic Explainable AI

Ding Li,

Yan Liu,

Jun Huang

Abstract: Software vulnerability detection aims to proactively reduce the risk to software security and reliability. Despite advancements in deep-learning-based detection, a semantic gap still remains between learned features and human-understandable vulnerability semantics. In this paper, we present an XAI-based framework to assess program code in a graph context as feature representations and their effect on code vulnerability classification into multiple Common Weakness Enumeration (CWE) types. Our XAI framework is d… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 68 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection Methodologies

Bennouk,

Ait Aali,

El Bouzekri El Idrissi

et al. 2024

JCP

View full text Add to dashboard Cite

The number of new vulnerabilities continues to rise significantly each year. Simultaneously, vulnerability databases have challenges in promptly sharing new security events with enough information to improve protections against emerging cyberattack vectors and possible exploits. In this context, several organizations adopt strategies to protect their data, technologies, and infrastructures from cyberattacks by implementing anticipatory and proactive approaches to their system security activities. To this end, vulnerability management systems play a crucial role in mitigating the impact of cyberattacks by identifying potential vulnerabilities within an organization and alerting cyber teams. However, the effectiveness of these systems, which employ multiple methods and techniques to identify weaknesses, relies heavily on the accuracy of published security events. For this reason, we introduce a discussion concerning existing vulnerability detection methods through an in-depth literature study of several research papers. Based on the results, this paper points out some issues related to vulnerability databases handling that impact the effectiveness of certain vulnerability identification methods. Furthermore, after summarizing the existing methodologies, this study classifies them into four approaches and discusses the challenges, findings, and potential research directions.

show abstract

A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection Methodologies

Bennouk,

Ait Aali,

El Bouzekri El Idrissi

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Assessment of Software Vulnerability Contributing Factors by Model-Agnostic Explainable AI

Cited by 1 publication

References 68 publications

A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection Methodologies

A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection Methodologies

Contact Info

Product

Resources

About