Vulnerability Detection with Graph Simplification and Enhanced Graph Representation Learning

by   Xin-Cheng Wen, et al.

Prior studies have demonstrated the effectiveness of Deep Learning (DL) in automated software vulnerability detection. Graph Neural Networks (GNNs) have proven effective in learning the graph representations of source code and are commonly adopted by existing DL-based vulnerability detection methods. However, the existing methods are still limited by the fact that GNNs are essentially difficult to handle the connections between long-distance nodes in a code structure graph. Besides, they do not well exploit the multiple types of edges in a code structure graph (such as edges representing data flow and control flow). Consequently, despite achieving state-of-the-art performance, the existing GNN-based methods tend to fail to capture global information (i.e., long-range dependencies among nodes) of code graphs. To mitigate these issues, in this paper, we propose a novel vulnerability detection framework with grAph siMplification and enhanced graph rePresentation LEarning, named AMPLE. AMPLE mainly contains two parts: 1) graph simplification, which aims at reducing the distances between nodes by shrinking the node sizes of code structure graphs; 2) enhanced graph representation learning, which involves one edge-aware graph convolutional network module for fusing heterogeneous edge information into node representations and one kernel-scaled representation module for well capturing the relations between distant graph nodes. Experiments on three public benchmark datasets show that AMPLE outperforms the state-of-the-art methods by 0.39 score metrics, respectively. The results demonstrate the effectiveness of AMPLE in learning global information of code graphs for vulnerability detection.


page 1

page 7

page 9


Meta-Path Based Attentional Graph Learning Model for Vulnerability Detection

In recent years, deep learning (DL)-based methods have been widely used ...

Point-Voxel Absorbing Graph Representation Learning for Event Stream based Recognition

Sampled point and voxel methods are usually employed to downsample the d...

LIVABLE: Exploring Long-Tailed Classification of Software Vulnerability Types

Prior studies generally focus on software vulnerability detection and ha...

Deformable Graph Convolutional Networks

Graph neural networks (GNNs) have significantly improved the representat...

Heterophily-Aware Graph Attention Network

Graph Neural Networks (GNNs) have shown remarkable success in graph repr...

Turn Tree into Graph: Automatic Code Review via Simplified AST Driven Graph Convolutional Network

Automatic code review (ACR), which can relieve the costs of manual inspe...

Graph Classification via Deep Learning with Virtual Nodes

Learning representation for graph classification turns a variable-size g...

Please sign up or login with your details

Forgot password? Click here to reset