Vu1SPG: Vulnerability detection based on slice property graph representation learning

Zheng, Weining; Jiang, Yuan; Su, Xin

doi:10.1109/issre52982.2021.00054

Cited by 12 publications

(8 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We list solutions based on graph models in Table 2. [25,26,28,35] follow the classical code property graph (CPG) [17], which is a combination of the abstract syntax tree, control flow graph, and program dependency graph. To better understand the necessity of employing CPG, we will explain the structures of these four graphs in detail.…”

Section: Pipelinementioning

confidence: 99%

“…(3) × CPG with NCS edges word2vec, one-hot GGNN + Conv FUNDED [26] √ Augmented AST word2vec, one-hot GGNN + Sum VulSPG [28] × SPG word2vec, one-hot R-GCN + Attention AI4VA [35] × CPG word2vec, one-hot GGNN + Mean Feng et al [36] × AST, CFG, CPG word2vec, one-hot DGCNN (…”

Section: ) Control Flow Graph (Cfg)mentioning

confidence: 99%

“…Since vulnerable statements have a very small proportion in real-world functions, CPG contains a large number of structures that are irrelevant to vulnerable patterns. To mitigate this problem, VulSPG [28] defines a novel slice property graph (SPG) and extracts SPG via program slicing technique based on predefined SyVCs criterion.…”

Section: ) Program Dependency Graph (Pdg)mentioning

confidence: 99%

“…Aiming to improve the detection accuracy and to free human experts from the intense labor of constructing handcrafted features, lots of research works [12,[23][24][25][26][27][28][29][30][31][32][33][34][35][36] employed deep learning (DL) models and investigated the potential of deep neural networks on automated vulnerability detection. Based on source code representation methods and the type of neural networks, DL-based code vulnerability detection approaches can be classified into two categories: sequence-based methods and graph-based methods.…”

Section: Introductionmentioning

confidence: 99%

“…en, a deep sequence model such as GRU [37], LSTM [38], and Transformer [39] is used to learn contextual information and defect-related semantics of source code. Graph-based methods [17,25,26,28,35,36] convert source code into a specific graph structure. Four commonly used graph representations of code are abstract syntax tree (AST), control flow graph (CFG), program dependency graph (PDG), and code property graph (CPG) [17].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Code Vulnerability Detection Based on Deep Sequence and Graph Models: A Survey

Zou

2022

Security and Communication Networks

View full text Add to dashboard Cite

With the flourishing of the open-source software community, the problem of software vulnerabilities is becoming more and more serious. Hence, it is urgent to come up with an effective and efficient code vulnerability detection method. Source code vulnerability detection techniques used in practice today like symbolic execution and fuzz testing suffer from high false positives and low code coverage, respectively. Traditional machine-learning-based solutions fail to cope with the diversity of vulnerabilities. To overcome these drawbacks, a large number of deep-learning-based code vulnerability detection works have emerged, aiming at building powerful neural network models to fully learn code semantics and vulnerability patterns. In this survey, we mainly focus on code vulnerability detection approaches based on deep sequence modeling and graph modeling technologies. Our goal is to investigate how these two methods are applied to facilitate code vulnerability detection. We also go over current prevailing datasets that are used to evaluate detection models. At last, we identify the current challenges in this field and share our views on future work.

show abstract

Section: Pipelinementioning

confidence: 99%

Section: ) Control Flow Graph (Cfg)mentioning

confidence: 99%

Section: ) Program Dependency Graph (Pdg)mentioning

confidence: 99%