GraphEye: A Novel Solution for Detecting Vulnerable Functions Based on Graph Attention Network

by   Li Zhou, et al.

With the continuous extension of the Industrial Internet, cyber incidents caused by software vulnerabilities have been increasing in recent years. However, software vulnerabilities detection is still heavily relying on code review done by experts, and how to automatedly detect software vulnerabilities is an open problem so far. In this paper, we propose a novel solution named GraphEye to identify whether a function of C/C++ code has vulnerabilities, which can greatly alleviate the burden of code auditors. GraphEye is originated from the observation that the code property graph of a non-vulnerable function naturally differs from the code property graph of a vulnerable function with the same functionality. Hence, detecting vulnerable functions is attributed to the graph classification problem.GraphEye is comprised of VecCPG and GcGAT. VecCPG is a vectorization for the code property graph, which is proposed to characterize the key syntax and semantic features of the corresponding source code. GcGAT is a deep learning model based on the graph attention graph, which is proposed to solve the graph classification problem according to VecCPG. Finally, GraphEye is verified by the SARD Stack-based Buffer Overflow, Divide-Zero, Null Pointer Deference, Buffer Error, and Resource Error datasets, the corresponding F1 scores are 95.6 respectively, which validate the effectiveness of the proposed solution.


page 1

page 2

page 3

page 4


A Hierarchical Deep Neural Network for Detecting Lines of Codes with Vulnerabilities

Software vulnerabilities, caused by unintentional flaws in source codes,...

VMCDL: Vulnerability Mining Based on Cascaded Deep Learning Under Source Control Flow

With the rapid development of the computer industry and computer softwar...

VulSPG: Vulnerability detection based on slice property graph representation learning

Vulnerability detection is an important issue in software security. Alth...

On using distributed representations of source code for the detection of C security vulnerabilities

This paper presents an evaluation of the code representation model Code2...

A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

This paper presents DeepTective, a deep learning approach to detect vuln...

Featherweight Assisted Vulnerability Discovery

Predicting vulnerable source code helps to focus attention on those part...

Please sign up or login with your details

Forgot password? Click here to reset