Code Property Graph based Cross-Domain Vulnerability Detection via Deep Fused Feature

Deep learning is becoming an important means to detect source code vulnerabilities. However, the most severe problem is the compromise of detection performance when there is a scarcity of labeled data. Researchers employed transfer learning skills to solve the problem but existing approaches utilised limited information, which failed to contain various of vulnerability patterns. The code property graph (CPG), which encapsulates abundant syntax and semantic information, is able to accommodate more vulnerability patterns. In this paper, we propose the first CPG-based cross-domain vulnerability detection system which includes an approach to represent the CPG of code snippet into vector. A deep fusion model is devised to generate the fused deep features; Moreover, we extend a metric learning algorithm to reduce data distributions from different domains. Experimental results prove our system is much more effective compared with other state-of-the-art cross-domain approaches.