Software Vulnerability Detection Using Informed Code Graph Pruning

被引:0
|
作者
Gear, Joseph [1 ]
Xu, Yue [1 ]
Foo, Ernest [2 ]
Gauravaram, Praveen [3 ]
Jadidi, Zahra [2 ]
Simpson, Leonie [1 ]
机构
[1] Queensland Univ Technol, Sch Comp Sci, Brisbane, Qld 4000, Australia
[2] Griffith Univ, Sch Informat & Commun Technol, Brisbane, Qld 4111, Australia
[3] Tata Consultancy Serv Ltd TCS, Cyber Secur Res & Innovat, Brisbane, QLD 4000, Australia
来源
IEEE ACCESS | 2023年 / 11卷
关键词
Code representation; deep learning; source code semantics; vulnerability detection;
D O I
10.1109/ACCESS.2023.3338162
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present "Semantic-enhanced Code Embedding for Vulnerability Detection" (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.
引用
收藏
页码:135626 / 135644
页数:19
相关论文
共 50 条
  • [1] Source Code Vulnerability Detection Using Vulnerability Dependency Representation Graph
    Yang, Hongyu
    Yang, Haiyun
    Zhang, Liang
    Cheng, Xiang
    2022 IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS, TRUSTCOM, 2022, : 457 - 464
  • [2] Software Vulnerability Detection Method Based on Code Property Graph and Bi-GRU
    Xiao T.
    Guan J.
    Jian S.
    Ren Y.
    Zhang J.
    Li B.
    Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2021, 58 (08): : 1668 - 1685
  • [3] Graph Confident Learning for Software Vulnerability Detection
    Wang, Qian
    Li, Zhengdao
    Liang, Hetong
    Pan, Xiaowei
    Li, Hui
    Li, Tingting
    Li, Xiaochen
    Li, Chenchen
    Guo, Shikai
    ENGINEERING APPLICATIONS OF ARTIFICIAL INTELLIGENCE, 2024, 133
  • [4] HeVulD: A Static Vulnerability Detection Method Using Heterogeneous Graph Code Representation
    Huang, Yuanming
    He, Mingshu
    Wang, Xiaojuan
    Zhang, Jie
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 : 9129 - 9144
  • [5] Improving Vulnerability Detection with Hybrid Code Graph Representation
    Meng, Xiangxin
    Lu, Shaoxiao
    Wang, Xu
    Liu, Xudong
    Hu, Chunming
    PROCEEDINGS OF THE 2023 30TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC 2023, 2023, : 259 - 268
  • [6] Vulnerability detection tool in source code by building and leveraging semantic code graph
    Delaitre, Sabine
    Pulgar Gutierrez, Jose Maria
    19TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY, ARES 2024, 2024,
  • [7] Optimising source code vulnerability detection using deep learning and deep graph network
    Xuan, Cho Do
    Luong, Tran Thi
    Thanh, Ma Cong
    CONNECTION SCIENCE, 2025, 37 (01)
  • [8] A deep learning-based approach for software vulnerability detection using code metrics
    Subhan, Fazli
    Wu, Xiaoxue
    Bo, Lili
    Sun, Xiaobing
    Rahman, Muhammad
    IET SOFTWARE, 2022, 16 (05) : 516 - 526
  • [9] Graph representation learning and software homology matching based A study of JAVA']JAVA code vulnerability detection techniques
    Yang, Yibin
    Bo, Xin
    Wang, Zitong
    Shao, Xinrui
    Xie, Xinjie
    2023 2ND ASIA CONFERENCE ON ALGORITHMS, COMPUTING AND MACHINE LEARNING, CACML 2023, 2023, : 131 - 142
  • [10] Software Vulnerability Detection Based on Code Coverage and Test Cost
    Shuai, Bo
    Li, Haifeng
    Zhang, Lei
    Zhang, Quan
    Tang, Chaojing
    2015 11TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2015, : 317 - 321
12345