This work addresses the adversarial robustness of machine learning models in software analysis tasks, proposing— for the first time—the explainability-guided adversarial attack paradigm in feature space. Methodologically, it integrates SHAP, LIME, and Integrated Gradients to identify 1–3 critical explanatory features and applies targeted perturbations in feature space. Comprehensive evaluation is conducted across six software analysis datasets, seven ML models, and four state-of-the-art tabular adversarial attack baselines. Key contributions include: (1) establishing an “explainability–vulnerability” correlation, demonstrating that minute perturbations to top explanatory features induce catastrophic performance degradation; (2) introducing the first explainability-driven adversarial attack framework tailored to software analysis; and (3) empirically showing that the attack invalidates 86.6% of originally correctly classified samples—outperforming existing methods across diverse scenarios—thereby revealing a pervasive explainability-induced robustness deficiency in current software analysis ML models.

With the recent advancements in machine learning (ML), numerous ML-based approaches have been extensively applied in software analytics tasks to streamline software development and maintenance processes. Nevertheless, studies indicate that despite their potential usefulness, ML models are vulnerable to adversarial attacks, which may result in significant monetary losses in these processes. As a result, the ML models' robustness against adversarial attacks must be assessed before they are deployed in software analytics tasks. Despite several techniques being available for adversarial attacks in software analytics tasks, exploring adversarial attacks using ML explainability is largely unexplored. Therefore, this study aims to investigate the relationship between ML explainability and adversarial attacks to measure the robustness of ML models in software analytics tasks. In addition, unlike most existing attacks that directly perturb input-space, our attack approach focuses on perturbing feature-space. Our extensive experiments, involving six datasets, three ML explainability techniques, and seven ML models, demonstrate that ML explainability can be used to conduct successful adversarial attacks on ML models in software analytics tasks. This is achieved by modifying only the top 1-3 important features identified by ML explainability techniques. Consequently, the ML models under attack fail to accurately predict up to 86.6% of instances that were correctly predicted before adversarial attacks, indicating the models' low robustness against such attacks. Finally, our proposed technique demonstrates promising results compared to four state-of-the-art adversarial attack techniques targeting tabular data.