Graph neural networks (GNNs) have been utilized to create multi-layer graph models for a number of cybersecurity applications from fraud detection to software vulnerability analysis. Unfortunately, like traditional neural networks, GNNs also suffer from a lack of transparency, that is, it is challenging to interpret the model predictions. Prior works focused on specific factor explanations for a GNN model. In this work, we have designed and implemented Illuminati, a comprehensive and accurate explanation framework for cybersecurity applications using GNN models. Given a graph and a pre-trained GNN model, Illuminati is able to identify the important nodes, edges, and attributes that are contributing to the prediction while requiring no prior knowledge of GNN models. We evaluate Illuminati in two cybersecurity applications, i.e., code vulnerability detection and smart contract vulnerability detection. The experiments show that Illuminati achieves more accurate explanation results than state-of-the-art methods, specifically, 87.6% of subgraphs identified by Illuminati are able to retain their original prediction, an improvement of 10.3% over others at 77.3%. Furthermore, the explanation of Illuminati can be easily understood by the domain experts, suggesting the significant usefulness for the development of cybersecurity applications.

翻译：图神经网络（GNN）已被用于构建多层图模型，应用于从欺诈检测到软件漏洞分析等多种网络安全任务。然而，与传统神经网络类似，GNN同样存在缺乏可解释性的问题，即难以理解模型预测结果。现有研究主要聚焦于对GNN模型进行特定因素的解释。本文设计并实现了Illuminati——一个面向网络安全应用中GNN模型的综合、精确解释框架。给定图结构和预训练GNN模型，Illuminati能够在无需预知GNN模型知识的情况下，识别出对预测结果起关键作用的节点、边和属性。我们在代码漏洞检测和智能合约漏洞检测两项网络安全应用中对Illuminati进行评估。实验结果表明，Illuminati比现有最优方法能获得更精确的解释结果：Illuminati识别的子图中，87.6%能保留原始预测结果，较其它方法的77.3%提升10.3%。此外，领域专家能轻松理解Illuminati的解释结果，这充分表明其对网络安全应用开发的重要实用价值。