HyVulDect: A Hybrid Semantic Vulnerability Mining System Based on Graph Neural Network

Wenbo Guo, Yong Fang, Haoran Ou, Cheng Huang, Chun Lin, Yongyan Guo
June, 2022
PDF

Abstract

Traditional vulnerability mining methods have been unable to meet the security analysis needs of complex software because of the high false-positive rate and high false-negative rate. To resolve the existing problems, we propose a graph neural network vulnerability mining system based on hybrid semantics, which constructs a composite semantic code property graph for code representation based on the causes of vulnerabilities. A gated graph neural network is used to extract deep semantic information. Since most of the vulnerabilities are data flow associated, we use taint analysis to extract the taint propagation chain, use the BiLSTM model to extract the token-level features of the context, and finally use the classifier to classify the fusion features. We introduce a dual-attention mechanism that allows the model to focus on vulnerability-related code, making it more suitable for vulnerability mining tasks.

Type
Journal article
Publication
In Computer & Security
Code Representation Vulnerability Analysis Graph Neural Network
Wenbo Guo
Wenbo Guo

My research interests include Open Source Software Security and Software Supply Chain Security.