TS-GGNN:结合图与序列特征的源代码漏洞检测

2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE) Pub Date : 2023-04-14 DOI:10.1109/CISCE58541.2023.10142859

Xin Zhou, Jianmin Pang, Chunyan Zhang, F. Yue, Junchao Wang, Guangming Liu

{"title":"TS-GGNN:结合图与序列特征的源代码漏洞检测","authors":"Xin Zhou, Jianmin Pang, Chunyan Zhang, F. Yue, Junchao Wang, Guangming Liu","doi":"10.1109/CISCE58541.2023.10142859","DOIUrl":null,"url":null,"abstract":"Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability detection in source code slices. The TS-GGNN model effectively captures both local and global features of vulnerable code by fusing sequence features with graph features. To achieve this, we utilize graph structure and sequence structure learning approaches to comprehensively extract valuable information from the source code slices. Our experiments are conducted on the SARD dataset, which consists of 61,638 code samples annotated for the presence or absence of vulnerabilities. The results demonstrate that TS-GGNN has the best vulnerability detection performance, with an accuracy of 99.4%, a precision of 98.81%, and an F1 score as high as 99.4% thereby validating the effectiveness of the TS-GGNN model in capturing features relevant to software vulnerabilities.","PeriodicalId":145263,"journal":{"name":"2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TS-GGNN: Combining Graph and Sequence Features for Vulnerability Detection in Source Code\",\"authors\":\"Xin Zhou, Jianmin Pang, Chunyan Zhang, F. Yue, Junchao Wang, Guangming Liu\",\"doi\":\"10.1109/CISCE58541.2023.10142859\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability detection in source code slices. The TS-GGNN model effectively captures both local and global features of vulnerable code by fusing sequence features with graph features. To achieve this, we utilize graph structure and sequence structure learning approaches to comprehensively extract valuable information from the source code slices. Our experiments are conducted on the SARD dataset, which consists of 61,638 code samples annotated for the presence or absence of vulnerabilities. The results demonstrate that TS-GGNN has the best vulnerability detection performance, with an accuracy of 99.4%, a precision of 98.81%, and an F1 score as high as 99.4% thereby validating the effectiveness of the TS-GGNN model in capturing features relevant to software vulnerabilities.\",\"PeriodicalId\":145263,\"journal\":{\"name\":\"2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CISCE58541.2023.10142859\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CISCE58541.2023.10142859","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

软件漏洞检测对于维护软件系统的安全性和稳定性至关重要。在本文中，我们提出了一种新的神经网络模型TS-GGNN来解决源代码切片中的漏洞检测问题。TS-GGNN模型通过融合序列特征和图特征，有效地捕获了脆弱代码的局部特征和全局特征。为了实现这一点，我们利用图结构和序列结构学习方法从源代码切片中全面提取有价值的信息。我们的实验是在SARD数据集上进行的，该数据集由61,638个代码样本组成，对存在或不存在漏洞进行了注释。结果表明，TS-GGNN具有最佳的漏洞检测性能，准确率为99.4%，精密度为98.81%，F1得分高达99.4%，从而验证了TS-GGNN模型在捕获软件漏洞相关特征方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

TS-GGNN: Combining Graph and Sequence Features for Vulnerability Detection in Source Code

Software vulnerability detection is crucial for maintaining the security and stability of software systems. In this paper, we propose a novel neural network model called TS-GGNN to address the problem of vulnerability detection in source code slices. The TS-GGNN model effectively captures both local and global features of vulnerable code by fusing sequence features with graph features. To achieve this, we utilize graph structure and sequence structure learning approaches to comprehensively extract valuable information from the source code slices. Our experiments are conducted on the SARD dataset, which consists of 61,638 code samples annotated for the presence or absence of vulnerabilities. The results demonstrate that TS-GGNN has the best vulnerability detection performance, with an accuracy of 99.4%, a precision of 98.81%, and an F1 score as high as 99.4% thereby validating the effectiveness of the TS-GGNN model in capturing features relevant to software vulnerabilities.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE)

自引率

0.00%

发文量