Seongil Wi,Sijae Woo,Joyce Jiyoung Whang,Sooel Son

DOI: https://doi.org/10.1145/3485447.3512235

2022-04-25

Abstract:A code property graph (CPG) is a joint representation of syntax, control flows, and data flows of a target application. Recent studies have demonstrated the promising efficacy of leveraging CPGs for the identification of vulnerabilities. It recasts the problem of implementing a specific static analysis for a target vulnerability as a graph query composition problem. It requires devising coarse-grained graph queries that model vulnerable code patterns. Unfortunately, such coarse-grained queries often leave vulnerabilities due to faulty input sanitization undetected. In this paper, we propose, a scalable system designed to identify various web vulnerabilities, including bugs that stem from incorrect sanitization. We designed to find a subgraph in a target CPG that matches a given CPG query having a known vulnerability, which is known as the subgraph isomorphism problem. To address the scalability challenge that stems from the NP-complete nature of this problem, leverages optimization techniques designed to boost the efficiency of matching vulnerable subgraphs. found confirmed vulnerabilities including CVEs among 2,464 potential vulnerabilities in real-world CPGs having a combined total of 1 billion nodes and 1.2 billion edges.

Lei Cui,Zhiyu Hao,Yang Jiao,Haiqiang Fei,Xiaochun Yun

DOI: https://doi.org/10.1109/tifs.2020.3047756

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Code similarity is one promising approach to detect vulnerabilities hidden in software programs. However, due to the complexity and diversity of source code, current methods suffer low accuracy, high false negative and poor performance, especially in analyzing a large program. In this paper, we propose to tackle these problems by presenting VulDetector, a static-analysis tool to detect C/C++ vulnerabilities based on graph comparison at the granularity of function. At the key of VulDetector is a weighted feature graph (WFG) model which characterizes function with a small yet semantically rich graph. It first pinpoints vulnerability-sensitive keywords to slice the control flow graph of a function, thereby reducing the graph size without compromising security-related semantics. Then, each sliced subgraph is characterized using WFG, which provides both syntactic and semantic features in varying degrees of security. As for graph comparison, we take full usage of vulnerability graph and patch graph to improve accuracy. In addition, we propose two optimization methods based on analysis of vulnerabilities. We have implemented VulDetector to automatically detect vulnerabilities in software programs with known vulnerabilities. The experimental results prove the effectiveness and efficiency of VulDetector.

Rulin Xu,Hua Peng,Kai Yang,Xiaoguang Mao

DOI: https://doi.org/10.1145/3690931.3690951

2024-01-01

Abstract:In modern software systems, the construction of Value-Flow Graphs (VFGs) is a critical step for performing static analysis and vulnerability detection. However, traditional VFG construction methods are computation- ally complex, making them inefficient for large-scale code analysis. This paper proposes a parallelized VFG construction algorithm, P-VFGC, which accelerates the VFG construction process by leveraging multi-core resources. Firstly, we perform parallel pointer analysis to quickly determine the pointer relationships within the program. Subsequently, we employ parallel methods to construct memory SSA and partition the pro- gram's basic blocks, laying the groundwork for VFG construction. Finally, by parallel processing of basic blocks, we connect the nodes and edges of the VFG to complete the graph construction. Experimental results demonstrate that P-VFGC exhibits good scalability and performance when handling large-scale code, significantly reducing the analysis time while maintaining a certain level of precision, achieving a maximum speedup of 4.53 times on an 8-node setup.

Weining Zheng,Yuan Jiang,Xiaohong Su

DOI: https://doi.org/10.1109/issre52982.2021.00054

2021-01-01

Abstract:Vulnerability detection is an important issue in software security. Although various data-driven vulnerability detection methods have been proposed, the task remains challenging since the diversity and complexity of real-world vulnerable code in syntax and semantics make it difficult to extract vulnerable features with regular deep learning models, especially in analyzing a large program. Moreover, the fact that real-world vulnerable codes contain a lot of redundant information unrelated to vulnerabilities will further aggravate the above problem. To mitigate such challenges, we define a novel code representation named Slice Property Graph (SPG), and then propose VulSPG, a new vulnerability detection approach using the improved R-GCN model with triple attention mechanism to identify potential vulnerabilities in SPG. Our approach has at least two advantages over other methods. First, our proposed SPG can reflect the rich semantics and explicit structural information that may be relevance to vulnerabilities, while eliminating as much irrelevant information as possible to reduce the complexity of graph. Second, VulSPG incorporates triple attention mechanism in R-GCNs to achieve more effective learning of vulnerability patterns from SPG. We have extensively evaluated VulSPG on two large-scale datasets with programs from SARD and real-world projects. Experimental results prove the effectiveness and efficiency of VulSPG.

Guoqiang Yin,Wei Wang,Haiyan Li

DOI: https://doi.org/10.1142/s0218194023500614

IF: 1.007

2023-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Defect prediction research has been conducted for more than 40 years, with the goal of estimating the defect-prone blocks of source code. Prior studies, however, had two major limitations: (1) coarse-grained defect prediction results and (2) weak long-term dependencies modeling. As a result, developers need to review the prediction results to figure out which function or even which line of code produced the issue. In this study, we present OdegVul, a novel statement-level defect prediction model, to address these concerns. To capture both semantic and structural relationships between statements, a statement representation framework combining deep learning and graph neural networks is designed. Then the long-term dependencies between statements are encoded as a partial differential equation of a graph neural network. Through the experiment of 32 releases of 9 open-source Java projects, we found that semantic and structural dependencies are crucial to statement-level defect prediction. OdegVul outperforms other state-of-the-art (SOTA) predictors and achieves reasonable performance in cross-project statement-level defect prediction scenarios. The finer granularity of predicting results reduces the developer’s workforce in reviewing the prediction results and increases the practicality of the defect prediction model. The source code of OdegVul is available at https://github.com/CoderYinDaqiang/OdegVul.

Fangcheng Qiu,Zhongxin Liu,Xing Hu,Xin Xia,Gang Chen,Xinyu Wang

DOI: https://doi.org/10.1109/tse.2024.3427815

IF: 7.4

2024-08-18

IEEE Transactions on Software Engineering

Abstract:During software development and maintenance, vulnerability detection is an essential part of software quality assurance. Even though many program-analysis-based and machine-learning-based approaches have been proposed to automatically detect vulnerabilities, they rely on explicit rules or patterns defined by security experts and suffer from either high false positives or high false negatives. Recently, an increasing number of studies leverage deep learning techniques, especially Graph Neural Network (GNN), to detect vulnerabilities. These approaches leverage program analysis to represent the program semantics as graphs and perform graph analysis to detect vulnerabilities. However, they suffer from two main problems: (i) Existing GNN-based techniques do not effectively learn the structural and semantic features from source code for vulnerability detection. (ii) These approaches tend to ignore fine-grained information in source code. To tackle these problems, in this paper, we propose a novel vulnerability detection approach, named MGVD (M ultiple-G raph-Based V ulnerability D etection), to detect vulnerable functions. To effectively learn the structural and semantic features from source code, MGVD uses three different ways to represent each function into multiple forms, i.e., two statement graphs and a sequence of tokens. Then we encode such representations to a three-channel feature matrix. The feature matrix contains the structural feature and the semantic feature of the function. And we add a weight allocation layer to distribute the weights between structural and semantic features. To overcome the second problem, MGVD constructs each graph representation of the input function using multiple different graphs instead of a single graph. Each graph focuses on one statement in the function and its nodes denote the related statements and their fine-grained code elements. Finally, MGVD leverages CNN to identify whether this function is vulnerable based on such feature matrix. We conduct experiments on 3 vulnerability datasets with a total of 30,341 vulnerable functions and 127,931 non-vulnerable functions. The experimental results show that our method outperforms the state-of-the-art by 9.68% – 10.28% in terms of F1-score.

engineering, electrical & electronic,computer science, software engineering

Wei Tang,Mingwei Tang,Minchao Ban,Ziguo Zhao,Mingjun Feng

DOI: https://doi.org/10.1016/j.jss.2023.111623

IF: 3.5

2023-02-01

Journal of Systems and Software

Abstract:In order to secure software, it is critical to detect potential vulnerabilities. The performance of traditional static vulnerability detection methods is limited by predefined rules, which rely heavily on the expertise of developers. Existing deep learning-based vulnerability detection models usually use only a single sequence or graph embedding approach to extract vulnerability features. Sequence embedding-based models ignore the structured information inherent in the code, and graph embedding-based models lack effective node and graph embedding methods. As a result, we propose a novel deep learning-based approach, CSGVD ( C ombining S equence and G raph embedding for V ulnerability D etection), which considers function-level vulnerability detection as a graph binary classification task. Firstly, we propose a PE-BL module, which inherits and enhances the knowledge from the pre-trained language model. It extracts the code's local semantic features as node embedding in the control flow graph by using sequence embedding. Secondly, CSGVD uses graph neural networks to extract the structured information of the graph. Finally, we propose a mean biaffine attention pooling, M-BFA, to better aggregate node information as a graph's feature representation. The experimental results show that CSGVD outperforms the existing state-of-the-art models and obtains 64.46% accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection.

computer science, theory & methods, software engineering

Yufan Zhuang,Sahil Suneja,Veronika Thost,Giacomo Domeniconi,Alessandro Morari,Jim Laredo

DOI: https://doi.org/10.48550/arXiv.2109.03341

2021-09-08

Abstract:Identifying vulnerable code is a precautionary measure to counter software security breaches. Tedious expert effort has been spent to build static analyzers, yet insecure patterns are barely fully enumerated. This work explores a deep learning approach to automatically learn the insecure patterns from code corpora. Because code naturally admits graph structures with parsing, we develop a novel graph neural network (GNN) to exploit both the semantic context and structural regularity of a program, in order to improve prediction performance. Compared with a generic GNN, our enhancements include a synthesis of multiple representations learned from the several parsed graphs of a program, and a new training loss metric that leverages the fine granularity of labeling. Our model outperforms multiple text, image and graph-based approaches, across two real-world datasets.

Artificial Intelligence,Software Engineering

Yuanming Huang,Mingshu He,Xiaojuan Wang,Jie Zhang

DOI: https://doi.org/10.1109/tifs.2024.3457162

2024-01-01

Abstract:Vulnerability detection in source code has been a focal point of research in recent years. Traditional rule-based methods fail to identify complex and unknown vulnerabilities, leading to poor performance. While deep learning (DL)-based methods have improved these shortcomings, there is still room for enhancement. For C/C++ source code, effective vulnerability detection requires considering both the information in code statements and the structural information of the code. Graph-based code representation methods can address this need, but existing approaches often use homogeneous graphs that do not differentiate between various types of code statements or dependencies. Few methods use heterogeneous graphs for C/C++ code representation. This study explores this potential and proposes a new C/C++ vulnerability detection method named HeVulD. HeVulD introduces two node definition approaches and a key-node-based program slicing method, generating heterogeneous graph representations for source code. These representations consist of both heterogeneous nodes and edges, providing a more precise representation of source code. HeVulD achieves an F1-score of 96.4% on the SARD dataset, outperforming nine baseline C/C++ vulnerability detection methods. HeVulD has been tested under adversarial attack scenarios to assess its robustness. Additionally, HeVulD has been tested on ten open-source software projects and the latest CVEs, demonstrating its detection and generalization capabilities in real-world scenarios and its ability to identify unknown vulnerabilities.

Xin Liu,Yixiong Wu,Qingchen Yu,Shangru Song,Yue Liu,Qingguo Zhou,Jianwei Zhuge

DOI: https://doi.org/10.1145/3544902.3546240

2022-01-01

Abstract:Background: With the boosting development of IoT technology, the supply chains of IoT devices become more powerful and sophisticated, and the security issues introduced by code reuse are becoming more prominent. Therefore, the detection and management of vulnerabilities through code similarity detection technology is of great significance for protecting the security of IoT devices. Aim: We aim to propose a more accurate, parallel-friendly, and realistic software supply chain vulnerability detection solution for IoT devices. Method: This paper presents PG-VulNet, standing for Vulnerability-detection Network based on Pseudo-code Graphs. It is a ”multi-model” cross-architecture vulnerability detection solution based on pseudo-code and Graph Matching Network (GMN). PG-VulNet extracts both behavioral and structural features of pseudo-code to build customized feature graphs and then uses GMN to detect supply chain vulnerabilities based on these graphs. Results: The experiments show that PG-VulNet achieves an average detection accuracy of 99.14%, significantly higher than existing approaches like Gemini, VulSeeker, FIT, and Asteria. In addition to this, PG-VulNet also excels in detection overhead and false alarms. In the real-world evaluation, PG-VulNet detected 690 known vulnerabilities in 1,611 firmwares. Conclusions: PG-VulNet can effectively detect the vulnerabilities introduced by software supply chain in IoT firmwares and is well suited for large-scale detection. Compared with existing approaches, PG-VulNet has significant advantages.

Rulin Xu,Xiaoguang Mao,Wei Xiao

DOI: https://doi.org/10.1109/CSECS60003.2023.10428132

2023-01-01

Abstract:C language programs are often subject to memory vulnerabilities, posing substantial security risks to software systems. Conventional detection techniques, rooted in static value-flow analysis, necessitate exhaustive searches across the entirety of value-flow graphs. This approach results in inefficient analyses of large-scale codes and presents difficulties in parallelization due to interdependent steps. In this study, we propose an innovative approach based on parallel graph summarization. This technique effectively transforms the computational bottleneck into a task that can be expedited in a parallel manner, leveraging multicore computation to significantly enhance the performance and scalability of vulnerability detection within <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$C$</tex> programs. We segment the value-flow graph of the program into multiple subgraphs, extracting summaries of three pivotal types of information from each subgraph: path summaries, guard summaries, and behaviour summaries. These summaries significantly stream-line subsequent vulnerability detection analyses. Moreover, we implement a task-level parallel technique to accelerate the graph summary process in a multicore environment. Notably, empirical results reveal that our method, while ensuring accuracy, achieves 2.7X-6.1X speedup compared to serial algorithms. When assessed against prevalent open-source detection tools, our approach demonstrates superior trade-offs between accuracy and efficiency. In conclusion, this research presents an efficient and effective strategy for vulnerability detection in larze-scale <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$C$</tex> programs.

Haiye Wang,Zhiguo Qu,Le Sun

DOI: https://doi.org/10.4108/eetsis.5056

2024-03-23

EAI Endorsed Transactions on Scalable Information Systems

Abstract:INTRODUCTION: Vulnerability detection is crucial for preventing severe security incidents like hacker attacks, data breaches, and network paralysis. Traditional methods, however, face challenges such as low efficiency and insufficient detail in identifying code vulnerabilities. OBJECTIVES: This paper introduces E-GVD, an advanced method for source code vulnerability detection, aiming to address the limitations of existing methods. The objective is to enhance the accuracy of function-level vulnerability detection and provide detailed, understandable insights into the vulnerabilities. METHODS: E-GVD combines Graph Neural Networks (GNNs), which are adept at handling graph-structured data, with residual connections and advanced Programming Language (PL) pre-trained models. RESULTS: Experiments conducted on the real-world vulnerability dataset CodeXGLUE show that E-GVD significantly outperforms existing baseline methods in detecting vulnerabilities. It achieves a maximum accuracy gain of 4.98%, indicating its effectiveness over traditional methods. CONCLUSION: E-GVD not only improves the accuracy of vulnerability detection but also contributes by providing fine-grained explanations. These explanations are made possible through an interpretable Machine Learning (ML) model, which aids developers in quickly and efficiently repairing vulnerabilities, thereby enhancing overall software security.

Xuejun Zhang,Bo Zhou,Zhuo Chen,Meifeng Guo,Xiaogang Du,Xiaohong Jia,Wanrong Bai

DOI: https://doi.org/10.21203/rs.3.rs-4893837/v1

2024-01-01

Abstract:Thriving and widespread use of the open-source software community makes software vulnerabilities spread a lot, which brings serious challenges to the system security. Recently, a number of vulnerability detection methods based on deep learning have been proposed to help engineers analyze and patch vulnerabilities efficiently. However, these existing approaches still suffer from limitations in extracting rich features from vulnerability code. Aiming at the above problems, we propose VulD-SG, a dual-channel software code vulnerability detection method based on deep sequence and graph model. VulD-SG enhances the semantic, syntactic and structural features extraction ability of the source code by introducing the deep sequence-based and graph-based vulnerability feature extraction module. To address the problem of the coarse detection granularity in the traditional methods, VulD-SG slices code statements into subtokens with a new decomposition algorithm to capture the detailed vulnerability information. Meanwhile, Transformer-style encoder is utilized in graph-based vulnerability feature extraction module to aggregate program dependency graph (PDG) nodes to learn the long-range dependence of cross-function code effectively. Finally, we build a fusion model to merge the training parameters and achieve fine-grained prediction results. The experiments result show that Acc, F1, and Recall metrics were improved by 2.6\%~27\%, 2\%~29.2\%, and 1\%~30.25\% respectively on five different vulnerability datasets compared with seven vulnerability detection models based on deep learning.

Zihua Song,Junfeng Wang,Shengli Liu,Zhiyang Fang,Kaiyuan Yang

DOI: https://doi.org/10.1155/2022/1919907

IF: 1.968

2022-04-11

Security and Communication Networks

Abstract:Vulnerability detection on source code can prevent the risk of cyber-attacks as early as possible. However, lacking fine-grained analysis of the code has rendered the existing solutions still suffering from low performance; besides, the explosive growth of open-source projects has dramatically increased the complexity and diversity of the source code. This paper presents HGVul, a code vulnerability detection method based on heterogeneous intermediate representation of source code. The key of the proposed method is the fine-grained handling on heterogeneous source-level intermediate representation (SIR) without expert knowledge. It first extracts graph SIR of code with multiple syntactic-semantic information. Then, HGVul splits the SIR into different subgraphs according to various semantic relations, which are used to obtain semantic information conveyed by different types of edges. Next, a graph neural network with attention operations is deployed on each subgraph to learn representation, which captures the subtle effects from node neighbors on their representation. Finally, the learned code feature representations are utilized to perform vulnerability detection. Experiments are conducted on multiple datasets. The F1 of HGVul reaches 96.1% on the sample-balanced Big-Vul-VP dataset and 88.3% on the unbalanced Big-Vul dataset. Further experiments on actual open-source project datasets prove the better performance of HGVul.

computer science, information systems,telecommunications

Xin Peng,Shangwen Wang,Yihao Qin,Bo Lin,Liqian Chen,Xiaoguang Mao

2024-12-13

Abstract:Software vulnerability detection is crucial for high-quality software development. Recently, some studies utilizing Graph Neural Networks (GNNs) to learn the graph representation of code in vulnerability detection tasks have achieved remarkable success. However, existing graph-based approaches mainly face two limitations that prevent them from generalizing well to large code graphs: (1) the interference of noise information in the code graph; (2) the difficulty in capturing long-distance dependencies within the graph. To mitigate these problems, we propose a novel vulnerability detection method, ANGLE, whose novelty mainly embodies the hierarchical graph refinement and context-aware graph representation learning. The former hierarchically filters redundant information in the code graph, thereby reducing the size of the graph, while the latter collaboratively employs the Graph Transformer and GNN to learn code graph representations from both the global and local perspectives, thus capturing long-distance dependencies. Extensive experiments demonstrate promising results on three widely used benchmark datasets: our method significantly outperforms several other baselines in terms of the accuracy and F1 score. Particularly, in large code graphs, ANGLE achieves an improvement in accuracy of 34.27%-161.93% compared to the state-of-the-art method, AMPLE. Such results demonstrate the effectiveness of ANGLE in vulnerability detection tasks.

Software Engineering

Shubin Yuan,Chenyu Liu,Jianheng Shi,Xinyu Liu,Wei Pu,JunTao Yu,LiQun Yang

DOI: https://doi.org/10.1145/3672121.3672141

2024-01-01

Abstract:With the continuous increase in the scale and complexity of computer software, code defects in software pose a serious threat to public security. A Static Detection Method for Code Defects Based on Transformer is proposed to address the issues of poor scalability of static analysis tools, as well as coarse detection granularity and unsatisfactory detection performance of existing methods. Firstly, perform data flow and control flow analysis on key points in the source code, and adopt a slicing method based on Interprocedural Finite Distributive Subset (IFDS) to obtain code fragments composed of multiple lines of statements related to code defects. Then, the word embedding method is used to obtain vector representations related to the semantics of the code snippets, in order to select the appropriate length of the code snippets while ensuring accuracy. Finally, use Transformer to detect the segment features at the slice level to determine whether the code has defects. The experimental results show that the proposed method can effectively detect different types of code defects, and the detection effect is significantly better than the static analysis tool Flawfender. Under fine-grained conditions, the IFDS slicing method can further improve F1 value and accuracy, reaching 89.64 and 92.08 respectively. It can be seen that the proposed method has better comprehensive detection performance without significantly increasing time complexity.

Li Zhou,Minhuan Huang,Yujun Li,Yuanping Nie,Jin Li,Yiwei Liu

DOI: https://doi.org/10.48550/arXiv.2202.02501

2022-02-05

Abstract:With the continuous extension of the Industrial Internet, cyber incidents caused by software vulnerabilities have been increasing in recent years. However, software vulnerabilities detection is still heavily relying on code review done by experts, and how to automatedly detect software vulnerabilities is an open problem so far. In this paper, we propose a novel solution named GraphEye to identify whether a function of C/C++ code has vulnerabilities, which can greatly alleviate the burden of code auditors. GraphEye is originated from the observation that the code property graph of a non-vulnerable function naturally differs from the code property graph of a vulnerable function with the same functionality. Hence, detecting vulnerable functions is attributed to the graph classification <a class="link-external link-http" href="http://problem.GraphEye" rel="external noopener nofollow">this http URL</a> is comprised of VecCPG and GcGAT. VecCPG is a vectorization for the code property graph, which is proposed to characterize the key syntax and semantic features of the corresponding source code. GcGAT is a deep learning model based on the graph attention graph, which is proposed to solve the graph classification problem according to VecCPG. Finally, GraphEye is verified by the SARD Stack-based Buffer Overflow, Divide-Zero, Null Pointer Deference, Buffer Error, and Resource Error datasets, the corresponding F1 scores are 95.6%, 95.6%,96.1%,92.6%, and 96.1% respectively, which validate the effectiveness of the proposed solution.

Cryptography and Security,Machine Learning

Zihan Yu,Jintao Xue,Xin Sun,Wen Wang,Yubo Song,Liquan Chen,Zhongyuan Qin

DOI: https://doi.org/10.1109/cis58238.2022.00087

2022-01-01

Abstract:The increasing number of software vulnerabilities pose serious security attacks and lead to system compromise, information leakage or denial of service. It is a challenge to further improve the vulnerability detection technique. Nowadays most applications are implemented using C/C++. In this paper we focus on the detection of overflow vulnerabilities in C/C++ source code. A novel scheme named VulMiningBGS (Vulnerability Mining Based on Graph Similarity) is proposed. We convert the source code into Top N-Weighted Range Sum Feature Graph (TN-WRSFG), and graph similarity comparisons based on source code level can be effectively carried on to detect possible vulnerabilities. Three categories of vulnerabilities in the Juliet test suite are used, i.e., CWE121, CWE122 and CWE190, with four indicators for performance evaluation (precision, recall, accuracy and F1_score). Experimental results show that our scheme outperforms the traditional methods, and is effective in the overflow vulnerability detection for C/C++ source code.

Qingyao Zeng,Dapeng Xiong,Zhongwang Wu,Kechang Qian,Yu Wang,Yinghao Su

DOI: https://doi.org/10.3390/electronics13193813

IF: 2.9

2024-09-27

Electronics

Abstract:With the increasing scale and complexity of software, the advantages of using neural networks for static vulnerability detection are becoming increasingly prominent. Before inputting into a neural network, the source code needs to undergo word embedding, transforming discrete high-dimensional text data into low-dimensional continuous vectors suitable for training in neural networks. However, analysis has revealed that different implementation ideas by code writers for the same functionality can lead to varied code implementation methods. Embedding different code texts into vectors results in distinctions that can reduce the robustness of a model. To address this issue, this paper explores the impact of converting source code into different forms on word embedding and finds that a TAC (Three-Address Code) can significantly eliminate noise caused by different code implementation approaches. Given the excellent capability of a GNN (Graph Neural Network) in handling non-Euclidean space data and complex features, this paper subsequently employs a GNN to learn and classify vulnerabilities by capturing the implicit syntactic structure information in a TAC. Based on this, this paper introduces TACSan, a novel static vulnerability detection system based on a GNN designed to detect vulnerabilities in C/C++ programs. TACSan transforms the preprocessed source code into a TAC representation, adds control and data edges to create a graph structure, and then inputs it into the GNN for training. Comparative testing and evaluation of TACSan against other renowned static analysis tools, such as VulDeePecker and Devign, demonstrate that TACSan's detection capabilities not only exceed those methods but also achieve substantial enhancements in accuracy and F1 score.

engineering, electrical & electronic,computer science, information systems,physics, applied

Wenjing Cai,Junlin Chen,Jiaping Yu,Lipeng Gao

DOI: https://doi.org/10.1016/j.infsof.2023.107328

IF: 3.9

2023-12-01

Information and Software Technology

Abstract:The increasing size and complexity of software programs have made them an integral part of modern society’s infrastructure, making software vulnerabilities a major threat to computer security. To address this issue, the use of deep learning-based software vulnerability detection methods has become increasingly popular. Although the effectiveness of the deep learning-based methods has been demonstrated, these methods have faced challenges in scalability and detection performance. To tackle this challenge, we propose a new vulnerability detection method based on deep learning with complex network analysis and subgraph partition that enhances detection accuracy while maintaining scalability. The method uses complex network analysis theory to convert the CPG into an image-like matrix, and then utilizes TextCNN for vulnerability detection. As a result, our method shows a 6% improvement in accuracy and a 10% reduction in false positive rates compared to state-of-the-art methods. In addition, our approach is able to detect some of the vulnerabilities recently released by CVE.

computer science, information systems, software engineering