CPGVA: Code Property Graph based Vulnerability Analysis by Deep Learning

Abstract

The vast majority of security breaches encountered recent years are direct result of insecure source code. Therefore, the protection of software critically depends on the identification of security defect in source cod. The development and progress of relative technologies depend on the analysts' understanding of the safety issues and the accumulation of long-term experience, which provides a technical basis for the development of vulnerability analysis, but difficult to meet the growing demand of the code security industry. With the maturity of big data technology, the development of natural language processing, deep learning and data mining technology provided new ideas for vulnerability analysis. This paper exploited deep learning methods to review source code on basis of code property graph. We implemented our approach on public datasets Software Assurance Reference Dataset (SARD) of C/C++ command injection and compared with current popular methods, which proved that the proposed code property graph based vulnerability analysis by deep learning (CPGVA) method outper-formed the state of art deep learning source code defect analysis method with the improvement of about 4.5%, 4.2%, 1.7%, 7.9%, 8.1% respectively in femeasure, precision, false positive rate, true positive rate and false negative rate.