Slice-level vulnerability detection model based on graph neural network

Slice-level vulnerability detection model based on graph neural network

연구 분야: Strategies

학회: CNSCT '24: Proceedings of the 2024 3rd International Conference on Cryptography, Network Security and Communication Technology

It is a challenge for graph neural network (GNN) to deal with connections between long-distance nodes in code structure graphs because GNN is naturally bad at handling long-distance dependencies and capturing global information of code graphs. GNN are effective in learning graph representations of source code. To address this issue, this study proposes an attention-based vulnerability detection model. This model aims to maintain the final structure by minimizing redundant information in the graph structure information after first normalizing the source code and converting it into a structure. To obtain the program representation that can accommodate the syntax and semantic information related to the vulnerability to the greatest extent possible, the final graph structure of the source code is fused with multiple representations based on syntax and semantics. ultimately, the feature vector is input into a neural network with an attention mechanism to obtain the vulnerability detection result. The experimental shows demonstrate the superiority of the attention-based vulnerability detection model presented in this paper over vulnerability detection methods based on a single graph structure or function. The model's efficacy in detecting vulnerabilities is demonstrated by the detection accuracy and F1 score on the real vulnerability dataset, which were 77.07% and 67.53%, respectively.