Software Vulnerability Detection Using Informed Code Graph Pruning

被引：0

作者：

Gear, Joseph ^{[1
]}

Xu, Yue ^{[1
]}

Foo, Ernest ^{[2
]}

Gauravaram, Praveen ^{[3
]}

Jadidi, Zahra ^{[2
]}

Simpson, Leonie ^{[1
]}

机构：

[1] Queensland Univ Technol, Sch Comp Sci, Brisbane, Qld 4000, Australia

[2] Griffith Univ, Sch Informat & Commun Technol, Brisbane, Qld 4111, Australia

[3] Tata Consultancy Serv Ltd TCS, Cyber Secur Res & Innovat, Brisbane, QLD 4000, Australia

来源：

IEEE ACCESS | 2023年 / 11卷

关键词：

Code representation; deep learning; source code semantics; vulnerability detection;

D O I：

10.1109/ACCESS.2023.3338162

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present "Semantic-enhanced Code Embedding for Vulnerability Detection" (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.

引用

页码：135626 / 135644

页数：19

共 64 条

[11] Duan X, 2019, PROCEEDINGS OF THE TWENTY-EIGHTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, P4665
[12] A C/C plus plus Code Vulnerability Dataset with Code Changes and CVE Summaries
Fan, Jiahao
Li, Yi
Wang, Shaohua
Nguyen, Tien N.
[J]. 2020 IEEE/ACM 17TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, 2020, : 508 - 512
[13] Feng ZY, 2020, Arxiv, DOI [arXiv:2002.08155, 10.48550/arXiv.2002.08155]
[14] LineVul: A Transformer-based Line-Level Vulnerability Prediction
Fu, Michael
Tantithamthavorn, Chakkrit
[J]. 2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), 2022, : 608 - 620
[15] Hanif H, 2022, IEEE IJCNN, DOI [10.1109/IJCNN55064.2022.9892280, 10.1109/MEPCON55441.2022.10021719]
[16] Code Characterization With Graph Convolutions and Capsule Networks
Haridas, Poornima
Chennupati, Gopinath
Santhi, Nandakishore
Romero, Phillip
Eidenbenz, Stephan
[J]. IEEE ACCESS, 2020, 8 : 136307 - 136315
[17] LineVD: Statement-level Vulnerability Detection using Graph Neural Networks
Hin, David
Kan, Andrey
Chen, Huaming
Babar, M. Ali
[J]. 2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), 2022, : 596 - 607
[18] Huo X, 2020, AAAI CONF ARTIF INTE, V34, P4223
[19] Dam HK, 2017, Arxiv, DOI arXiv:1708.02368
[20] ACGVD: Vulnerability Detection Based on Comprehensive Graph via Graph Neural Network with Attention
Li, Min
Li, Chunfang
Li, Shuailou
Wu, Yanna
Zhang, Boyang
Wen, Yu
[J]. INFORMATION AND COMMUNICATIONS SECURITY (ICICS 2021), PT I, 2021, 12918 : 243 - 259

← 1 2 3 4 5 6 7 →