Software Vulnerability Detection Using Informed Code Graph Pruning

Joseph Gear; Yue Xu; Ernest Foo; Praveen Gauravaram; Zahra Jadidi; Leonie Simpson

doi:10.1109/ACCESS.2023.3338162

IEEE Access (Jan 2023)

Software Vulnerability Detection Using Informed Code Graph Pruning

Joseph Gear,
Yue Xu,
Ernest Foo,
Praveen Gauravaram,
Zahra Jadidi,
Leonie Simpson

Affiliations

Joseph Gear: ORCiD; School of Computer Science, Queensland University of Technology, Brisbane, QLD, Australia
Yue Xu: ORCiD; School of Computer Science, Queensland University of Technology, Brisbane, QLD, Australia
Ernest Foo: ORCiD; School of Information and Communication Technology, Griffith University, Brisbane, QLD, Australia
Praveen Gauravaram: ORCiD; Cyber Security Research and Innovation, Tata Consultancy Services Ltd. (TCS), Brisbane, QLD, Australia
Zahra Jadidi: School of Information and Communication Technology, Griffith University, Brisbane, QLD, Australia
Leonie Simpson: ORCiD; School of Computer Science, Queensland University of Technology, Brisbane, QLD, Australia

DOI: https://doi.org/10.1109/ACCESS.2023.3338162
Journal volume & issue: Vol. 11
pp. 135626 – 135644

Abstract

Read online

pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present “Semantic-enhanced Code Embedding for Vulnerability Detection” (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords