Code vulnerability static detection method based on graphrepresentation and MHGAT

被引：0

作者：

Cheng J. ^{[1
]}

Wang B. ^{[1
]}

Luo P. ^{[1
]}

机构：

[1] College of Information and Navigation, Air Force Engineering University, Xi'an

来源：

Xi Tong Gong Cheng Yu Dian Zi Ji Shu/Systems Engineering and Electronics | 2023年 / 45卷 / 05期

关键词：

graph attention network; graph representation learning; multi-head self-attention; program slicing; vulnerability detection;

D O I：

10.12305/j.issn.1001-506X.2023.05.31

中图分类号：

学科分类号：

摘要：

Aiming at the problem that the existing static analysis technology is difficult to detect software security vulnerabilities timely and accurately, a code vulnerability static detection method based on graph representation and multi-head graph attention network (MHGAT) is proposed. Firstly, vulnerability code snippets are extracted from the system dependency graph of source code by program slicing, adjacency matrix of connection relation between different statements is constructed according to the system dependency graph, and feature matrix of code snippet is obtained by embedding algorithm. Then, the adjacency matrix and feature matrix of multiple code snippets are spliced in the form of disjoint graph. Finally, multiple convolution-pooling basic blocks are used to obtain the characteristics of code graph data at different levels, and the output of each basic block is integrated by jumping knowledge network. Experimental results show that compared with other vulnerability detection methods, the proposed method can effectively improve the efficiency and effectiveness of vulnerability detection through the improvement of data representation form and algorithm. © 2023 Chinese Institute of Electronics. All rights reserved.

引用

页码：1535 / 1543

页数：8

共 37 条

[21] ZHENG W N, JIANG Y, SU X H., VulSPG: vulnerability detection based on slice property graph representation learning
[22] LI Z, ZOU D Q, XU S H, Et al., Vuldeepecker: a deep learning-based system for vulnerability detection, IEEE Trans, on Dependable and Secure Computing, 18, 5, pp. 2224-2236, (2021)
[23] LI X, WANG L, XIN Y, Et al., Automated vulnerability detection in source code using minimum intermediate representation learning, Applied Sciences, 10, 5, (2020)
[24] LE Q, MIKOLOV T., Distributed representations of sentences and documents, Proc. of the International Conference on Machine Learning, pp. 1188-1196, (2014)
[25] GRATTAROLA D, ALIPPI C., Graph neural networks in tensor flow and Keras with spektral[J], IEEE Computational Intelligence Magazine, 16, 1, pp. 99-106, (2021)
[26] XUKYL, LICT, TIAN Y L, Et al., Representation learning on graphs with jumping knowledge networks[C], Proc. of the International Conference on Machine Learning, pp. 5453-5462, (2018)
[27] VELICKOVICP, CUCURULL G, CASANOVA A, Et al., Graph attention networks
[28] LEE J, LEE I, KANG J., Self-attention graph pooling, Proc. of the International Conference on Machine Learning, pp. 3734-3743, (2019)
[29] Software assurance reference dataset
[30] KIPF T N, WELLING M., Semi-supervised classification with graph convolutional networks

← 1 2 3 4 →