Illuminati: Towards Explaining Graph Neural Networks for Cybersecurity Analysis
This work addresses the interpretability problem for cybersecurity experts using GNNs in applications like fraud detection and vulnerability analysis, representing an incremental advance with specific gains.
The paper tackles the lack of transparency in graph neural networks (GNNs) for cybersecurity analysis by introducing Illuminati, an explanation framework that identifies important nodes, edges, and attributes in predictions, achieving 87.6% accuracy in retaining original predictions, a 10.3% improvement over state-of-the-art methods.
Graph neural networks (GNNs) have been utilized to create multi-layer graph models for a number of cybersecurity applications from fraud detection to software vulnerability analysis. Unfortunately, like traditional neural networks, GNNs also suffer from a lack of transparency, that is, it is challenging to interpret the model predictions. Prior works focused on specific factor explanations for a GNN model. In this work, we have designed and implemented Illuminati, a comprehensive and accurate explanation framework for cybersecurity applications using GNN models. Given a graph and a pre-trained GNN model, Illuminati is able to identify the important nodes, edges, and attributes that are contributing to the prediction while requiring no prior knowledge of GNN models. We evaluate Illuminati in two cybersecurity applications, i.e., code vulnerability detection and smart contract vulnerability detection. The experiments show that Illuminati achieves more accurate explanation results than state-of-the-art methods, specifically, 87.6% of subgraphs identified by Illuminati are able to retain their original prediction, an improvement of 10.3% over others at 77.3%. Furthermore, the explanation of Illuminati can be easily understood by the domain experts, suggesting the significant usefulness for the development of cybersecurity applications.