HyVulDect: A Hybrid Semantic Vulnerability Mining System Based on Graph Neural Network


Traditional vulnerability mining methods have been unable to meet the security analysis needs of complex software because of the high false-positive rate and high false-negative rate. To resolve the existing problems, we propose a graph neural network vulnerability mining system based on hybrid semantics, which constructs a composite semantic code property graph for code representation based on the causes of vulnerabilities. A gated graph neural network is used to extract deep semantic information. Since most of the vulnerabilities are data flow associated, we use taint analysis to extract the taint propagation chain, use the BiLSTM model to extract the token-level features of the context, and finally use the classifier to classify the fusion features. We introduce a dual-attention mechanism that allows the model to focus on vulnerability-related code, making it more suitable for vulnerability mining tasks.

In Computer & Security
Wenbo Guo
Wenbo Guo

My research interests include Open Source Software Security and Software Supply Chain Security.