Software Vulnerability Detection Using Informed Code Graph Pruning

被引:0
|
作者
Gear, Joseph [1 ]
Xu, Yue [1 ]
Foo, Ernest [2 ]
Gauravaram, Praveen [3 ]
Jadidi, Zahra [2 ]
Simpson, Leonie [1 ]
机构
[1] Queensland Univ Technol, Sch Comp Sci, Brisbane, Qld 4000, Australia
[2] Griffith Univ, Sch Informat & Commun Technol, Brisbane, Qld 4111, Australia
[3] Tata Consultancy Serv Ltd TCS, Cyber Secur Res & Innovat, Brisbane, QLD 4000, Australia
来源
IEEE ACCESS | 2023年 / 11卷
关键词
Code representation; deep learning; source code semantics; vulnerability detection;
D O I
10.1109/ACCESS.2023.3338162
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present "Semantic-enhanced Code Embedding for Vulnerability Detection" (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.
引用
收藏
页码:135626 / 135644
页数:19
相关论文
共 50 条
  • [1] Source Code Vulnerability Detection Using Vulnerability Dependency Representation Graph
    Yang, Hongyu
    Yang, Haiyun
    Zhang, Liang
    Cheng, Xiang
    [J]. 2022 IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS, TRUSTCOM, 2022, : 457 - 464
  • [2] Graph Confident Learning for Software Vulnerability Detection
    Wang, Qian
    Li, Zhengdao
    Liang, Hetong
    Pan, Xiaowei
    Li, Hui
    Li, Tingting
    Li, Xiaochen
    Li, Chenchen
    Guo, Shikai
    [J]. ENGINEERING APPLICATIONS OF ARTIFICIAL INTELLIGENCE, 2024, 133
  • [3] Improving Vulnerability Detection with Hybrid Code Graph Representation
    Meng, Xiangxin
    Lu, Shaoxiao
    Wang, Xu
    Liu, Xudong
    Hu, Chunming
    [J]. PROCEEDINGS OF THE 2023 30TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC 2023, 2023, : 259 - 268
  • [4] Graph representation learning and software homology matching based A study of JAVA']JAVA code vulnerability detection techniques
    Yang, Yibin
    Bo, Xin
    Wang, Zitong
    Shao, Xinrui
    Xie, Xinjie
    [J]. 2023 2ND ASIA CONFERENCE ON ALGORITHMS, COMPUTING AND MACHINE LEARNING, CACML 2023, 2023, : 131 - 142
  • [5] A deep learning-based approach for software vulnerability detection using code metrics
    Subhan, Fazli
    Wu, Xiaoxue
    Bo, Lili
    Sun, Xiaobing
    Rahman, Muhammad
    [J]. IET SOFTWARE, 2022, 16 (05) : 516 - 526
  • [6] Software Vulnerability Detection Based on Code Coverage and Test Cost
    Shuai, Bo
    Li, Haifeng
    Zhang, Lei
    Zhang, Quan
    Tang, Chaojing
    [J]. 2015 11TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2015, : 317 - 321
  • [7] Vulnerability Detection via Multiple-Graph-Based Code Representation
    Qiu, Fangcheng
    Liu, Zhongxin
    Hu, Xing
    Xia, Xin
    Chen, Gang
    Wang, Xinyu
    [J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2024, 50 (08) : 2178 - 2199
  • [8] Code Vulnerability Detection Based on Deep Sequence and Graph Models: A Survey
    Wu, Bolun
    Zou, Futai
    [J]. SECURITY AND COMMUNICATION NETWORKS, 2022, 2022
  • [9] Hidden code vulnerability detection: A study of the Graph-BiLSTM algorithm
    Ge, Kao
    Han, Qing-Bang
    [J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2024, 175
  • [10] A Software Vulnerability Prediction Model Using Traceable Code Patterns and Software Metrics
    Sultana K.Z.
    Boyd C.B.
    Williams B.J.
    [J]. SN Computer Science, 4 (5)
12345