利用序列嵌入作为图节点进行漏洞检测的双图神经网络模型

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Miaogui Ling, Mingwei Tang, Deng Bian, Shixuan Lv, Qi Tang
{"title":"利用序列嵌入作为图节点进行漏洞检测的双图神经网络模型","authors":"Miaogui Ling,&nbsp;Mingwei Tang,&nbsp;Deng Bian,&nbsp;Shixuan Lv,&nbsp;Qi Tang","doi":"10.1016/j.infsof.2024.107581","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><p>Detecting critical to ensure software system security. The traditional static vulnerability detection methods are limited by staff expertise and perform poorly with today’s increasingly complex software systems. Researchers have successfully applied the techniques used in NLP to vulnerability detection as deep learning has developed. The existing deep learning-based vulnerability detection models can be divided into sequence-based and graph-based categories. Sequence-based embedding models cannot use structured information embedded in the code, and graph-based embedding models lack effective node representations.</p></div><div><h3>Objective:</h3><p>To solve these problems, we propose a deep learning-based method, DGVD (Double Graph Neural Network for Vulnerability Detection).</p></div><div><h3>Methods:</h3><p>We use the sequential neural network approach to extract local semantic features of the code as nodes embedded in the control flow graph. First, we propose a dual graph neural network module (DualGNN) that consists of GCN and GAT. The altered module utilizes two different graph neural networks to obtain the global structural information of the control flow and the relationship between the nodes and fuses the two. Second, we propose a convolution-based feature enhancement module (TC-FE) that uses different convolution kernels of different sizes to capture information at different scales so that subsequent readout layers can better aggregate node information.</p></div><div><h3>Results:</h3><p>Experiments demonstrate that DGVD outperforms existing models, obtaining 64.23% vulnerability detection accuracy on CodeXGLUE’s real benchmark dataset.</p></div><div><h3>Conclusion:</h3><p>The proposed DGVD achieves better performance than the state-of-the-art DGVD has a more effective source code feature extraction capability on real-world datasets.</p></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107581"},"PeriodicalIF":3.8000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0950584924001861/pdfft?md5=450f5d915db5cb174d591dea662c75cd&pid=1-s2.0-S0950584924001861-main.pdf","citationCount":"0","resultStr":"{\"title\":\"A dual graph neural networks model using sequence embedding as graph nodes for vulnerability detection\",\"authors\":\"Miaogui Ling,&nbsp;Mingwei Tang,&nbsp;Deng Bian,&nbsp;Shixuan Lv,&nbsp;Qi Tang\",\"doi\":\"10.1016/j.infsof.2024.107581\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><h3>Context:</h3><p>Detecting critical to ensure software system security. The traditional static vulnerability detection methods are limited by staff expertise and perform poorly with today’s increasingly complex software systems. Researchers have successfully applied the techniques used in NLP to vulnerability detection as deep learning has developed. The existing deep learning-based vulnerability detection models can be divided into sequence-based and graph-based categories. Sequence-based embedding models cannot use structured information embedded in the code, and graph-based embedding models lack effective node representations.</p></div><div><h3>Objective:</h3><p>To solve these problems, we propose a deep learning-based method, DGVD (Double Graph Neural Network for Vulnerability Detection).</p></div><div><h3>Methods:</h3><p>We use the sequential neural network approach to extract local semantic features of the code as nodes embedded in the control flow graph. First, we propose a dual graph neural network module (DualGNN) that consists of GCN and GAT. The altered module utilizes two different graph neural networks to obtain the global structural information of the control flow and the relationship between the nodes and fuses the two. Second, we propose a convolution-based feature enhancement module (TC-FE) that uses different convolution kernels of different sizes to capture information at different scales so that subsequent readout layers can better aggregate node information.</p></div><div><h3>Results:</h3><p>Experiments demonstrate that DGVD outperforms existing models, obtaining 64.23% vulnerability detection accuracy on CodeXGLUE’s real benchmark dataset.</p></div><div><h3>Conclusion:</h3><p>The proposed DGVD achieves better performance than the state-of-the-art DGVD has a more effective source code feature extraction capability on real-world datasets.</p></div>\",\"PeriodicalId\":54983,\"journal\":{\"name\":\"Information and Software Technology\",\"volume\":\"177 \",\"pages\":\"Article 107581\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2024-09-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S0950584924001861/pdfft?md5=450f5d915db5cb174d591dea662c75cd&pid=1-s2.0-S0950584924001861-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information and Software Technology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0950584924001861\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584924001861","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

背景:检测对确保软件系统安全至关重要。传统的静态漏洞检测方法受到工作人员专业知识的限制,在当今日益复杂的软件系统中表现不佳。随着深度学习的发展,研究人员已成功地将 NLP 技术应用于漏洞检测。现有的基于深度学习的漏洞检测模型可分为基于序列和基于图的两类。基于序列的嵌入模型无法使用代码中嵌入的结构化信息,而基于图的嵌入模型则缺乏有效的节点表示。方法:我们使用序列神经网络方法提取代码的局部语义特征,将其作为节点嵌入控制流图中。首先,我们提出了由 GCN 和 GAT 组成的双图神经网络模块(DualGNN)。改变后的模块利用两种不同的图神经网络获取控制流的全局结构信息和节点之间的关系,并将二者融合。其次,我们提出了基于卷积的特征增强模块(TC-FE),利用不同大小的卷积核捕捉不同尺度的信息,从而使后续读出层能够更好地聚合节点信息。结果:实验证明,DGVD的性能优于现有模型,在CodeXGLUE的真实基准数据集上获得了64.23%的漏洞检测准确率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A dual graph neural networks model using sequence embedding as graph nodes for vulnerability detection

Context:

Detecting critical to ensure software system security. The traditional static vulnerability detection methods are limited by staff expertise and perform poorly with today’s increasingly complex software systems. Researchers have successfully applied the techniques used in NLP to vulnerability detection as deep learning has developed. The existing deep learning-based vulnerability detection models can be divided into sequence-based and graph-based categories. Sequence-based embedding models cannot use structured information embedded in the code, and graph-based embedding models lack effective node representations.

Objective:

To solve these problems, we propose a deep learning-based method, DGVD (Double Graph Neural Network for Vulnerability Detection).

Methods:

We use the sequential neural network approach to extract local semantic features of the code as nodes embedded in the control flow graph. First, we propose a dual graph neural network module (DualGNN) that consists of GCN and GAT. The altered module utilizes two different graph neural networks to obtain the global structural information of the control flow and the relationship between the nodes and fuses the two. Second, we propose a convolution-based feature enhancement module (TC-FE) that uses different convolution kernels of different sizes to capture information at different scales so that subsequent readout layers can better aggregate node information.

Results:

Experiments demonstrate that DGVD outperforms existing models, obtaining 64.23% vulnerability detection accuracy on CodeXGLUE’s real benchmark dataset.

Conclusion:

The proposed DGVD achieves better performance than the state-of-the-art DGVD has a more effective source code feature extraction capability on real-world datasets.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Information and Software Technology
Information and Software Technology 工程技术-计算机:软件工程
CiteScore
9.10
自引率
7.70%
发文量
164
审稿时长
9.6 weeks
期刊介绍: Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信