Software Vulnerability Detection Using Informed Code Graph Pruning

被引:0
|
作者
Gear, Joseph [1 ]
Xu, Yue [1 ]
Foo, Ernest [2 ]
Gauravaram, Praveen [3 ]
Jadidi, Zahra [2 ]
Simpson, Leonie [1 ]
机构
[1] Queensland Univ Technol, Sch Comp Sci, Brisbane, Qld 4000, Australia
[2] Griffith Univ, Sch Informat & Commun Technol, Brisbane, Qld 4111, Australia
[3] Tata Consultancy Serv Ltd TCS, Cyber Secur Res & Innovat, Brisbane, QLD 4000, Australia
来源
IEEE ACCESS | 2023年 / 11卷
关键词
Code representation; deep learning; source code semantics; vulnerability detection;
D O I
10.1109/ACCESS.2023.3338162
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present "Semantic-enhanced Code Embedding for Vulnerability Detection" (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.
引用
收藏
页码:135626 / 135644
页数:19
相关论文
共 50 条
  • [31] Graph-based Vulnerability Detection via Extracting Features from Sliced Code
    Wu, Peng
    Yin, Liangze
    Du, Xiang
    Jia, Liyuan
    Dong, Wei
    COMPANION OF THE 2020 IEEE 20TH INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY, AND SECURITY (QRS-C 2020), 2020, : 38 - 45
  • [32] Vulnerability Detection in C/C plus plus Source Code With Graph Representation Learning
    Wu, Yuelong
    Lu, Jintian
    Zhang, Yunyi
    Jin, Shuyuan
    2021 IEEE 11TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2021, : 1519 - 1524
  • [33] Using graph databases in source code plagiarism detection
    Novak, Matija
    Levak, Iva
    CENTRAL EUROPEAN CONFERENCE ON INFORMATION AND INTELLIGENT SYSTEMS, CECIIS 2022, 2022, : 465 - 470
  • [34] LCVD: Loop-oriented code vulnerability detection via graph neural network
    Wang, Mingke
    Tao, Chuanqi
    Guo, Hongjing
    JOURNAL OF SYSTEMS AND SOFTWARE, 2023, 202
  • [35] A General Source Code Vulnerability Detection Method via Ensemble of Graph Neural Networks
    Zeng, Ciling
    Zhou, Bo
    Dong, Huoyuan
    Wu, Haolin
    Xie, Peiyuan
    Guan, Zhitao
    FRONTIERS IN CYBER SECURITY, FCS 2023, 2024, 1992 : 560 - 574
  • [36] Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection
    Wang, Huanting
    Ye, Guixin
    Tang, Zhanyong
    Tan, Shin Hwei
    Huang, Songfang
    Fang, Dingyi
    Feng, Yansong
    Bian, Lizhong
    Wang, Zheng
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2021, 16 : 1943 - 1958
  • [37] Unsupervised Classifying of Software Source Code Using Graph Neural Networks
    Vytovtov, Petr
    Chuvilin, Kirill
    PROCEEDINGS OF THE 24TH CONFERENCE OF OPEN INNOVATIONS ASSOCIATION (FRUCT), 2019, : 518 - 524
  • [38] Smart Contract Vulnerability Detection Using Code Representation Fusion
    Wang, Ben
    Chu, Hanting
    Zhang, Pengcheng
    Dong, Hai
    2021 28TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2021), 2021, : 564 - 565
  • [39] Software Source Code Vulnerability Detection Based on CNN-GAP Interpretability Model
    Wang Jian
    Kuang Hongyu
    Li Ruilin
    Su Yunfei
    JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY, 2022, 44 (07) : 2568 - 2575
  • [40] Path-Sensitive Code Embedding via Contrastive Learning for Software Vulnerability Detection
    Cheng, Xiao
    Zhan, Guanqin
    Wang, Haoyu
    Sui, Yulei
    PROCEEDINGS OF THE 31ST ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, ISSTA 2022, 2022, : 519 - 531
12345