Software Vulnerability Detection Using Informed Code Graph Pruning

被引:0
|
作者
Gear, Joseph [1 ]
Xu, Yue [1 ]
Foo, Ernest [2 ]
Gauravaram, Praveen [3 ]
Jadidi, Zahra [2 ]
Simpson, Leonie [1 ]
机构
[1] Queensland Univ Technol, Sch Comp Sci, Brisbane, Qld 4000, Australia
[2] Griffith Univ, Sch Informat & Commun Technol, Brisbane, Qld 4111, Australia
[3] Tata Consultancy Serv Ltd TCS, Cyber Secur Res & Innovat, Brisbane, QLD 4000, Australia
来源
IEEE ACCESS | 2023年 / 11卷
关键词
Code representation; deep learning; source code semantics; vulnerability detection;
D O I
10.1109/ACCESS.2023.3338162
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present "Semantic-enhanced Code Embedding for Vulnerability Detection" (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.
引用
收藏
页码:135626 / 135644
页数:19
相关论文
共 50 条
  • [21] Securing Code With Context: Enhancing Vulnerability Detection Through Contextualized Graph Representations
    Rozi, Muhammad Fakhrur
    Ban, Tao
    Ozawa, Seiichi
    Yamada, Akira
    Takahashi, Takeshi
    Inoue, Daisuke
    IEEE ACCESS, 2024, 12 : 142101 - 142126
  • [22] Source Code Vulnerability Detection Based on Residual Gated Graph Convolutional Networks
    Zhang, Jun
    Li, Shanshan
    Li, Lei
    Wang, Haoyu
    Computer Engineering and Applications, 2023, 59 (22) : 293 - 299
  • [23] Source Code Vulnerability Detection Based on Joint Graph and Multimodal Feature Fusion
    Jin, Dun
    He, Chengwan
    Zou, Quan
    Qin, Yan
    Wang, Boshu
    ELECTRONICS, 2025, 14 (05):
  • [24] Towards a Software Vulnerability Prediction Model using Traceable Code Patterns and Software Metrics
    Sultana, Kazi Zakia
    PROCEEDINGS OF THE 2017 32ND IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE'17), 2017, : 1022 - 1025
  • [25] Vulnerability Detection for Source Code Using Contextual LSTM
    Xu, Aidong
    Dai, Tao
    Chen, Huajun
    Ming, Zhe
    Li, Weining
    2018 5TH INTERNATIONAL CONFERENCE ON SYSTEMS AND INFORMATICS (ICSAI), 2018, : 1225 - 1230
  • [26] Automated Software Vulnerability Detection in Statement Level using Vulnerability Reports
    Mim, Rabaya Sultana
    Ahammed, Toukir
    Sakib, Kazi
    PROCEEDINGS OF 2024 28TH INTERNATION CONFERENCE ON EVALUATION AND ASSESSMENT IN SOFTWARE ENGINEERING, EASE 2024, 2024, : 454 - 455
  • [27] An Empirical Study on Vulnerability Detection for Source Code Software based on Deep Learning
    Lin, Wei
    Cai, Saihua
    2021 21ST INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C 2021), 2021, : 1159 - 1160
  • [28] Graph-of-Code: Semantic Clone Detection Using Graph Fingerprints
    Alhazami, Essa A.
    Sheneamer, Abdullah M.
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2023, 49 (08) : 3972 - 3988
  • [29] Software Vulnerability Detection using Large Language Models
    Das Purba, Moumita
    Ghosh, Arpita
    Radford, Benjamin J.
    Chu, Bill
    2023 IEEE 34TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS, ISSREW, 2023, : 112 - 119
  • [30] Combining Graph-Based Learning with Automated Data Collection for Code Vulnerability Detection
    Wang, Huanting
    Ye, Guixin
    Tang, Zhanyong
    Tan, Shin Hwei
    Huang, Songfang
    Fang, Dingyi
    Feng, Yansong
    Bian, Lizhong
    Wang, Zheng
    IEEE Transactions on Information Forensics and Security, 2021, 16 : 1943 - 1958
12345