ISBN: 978-981-18-1791-5 DOI: 10.18178/wcse.2021.06.002
Static Detection of Vulnerabilities via Graph Attention hierarchically
Abstract— With the rapid growth of the software industry, the risks of vulnerabilities are inevitably increasing. Deep learning based methods have been widely used in vulnerability detection in recent years. Since the inherent graph structure of source code contains rich semantics, many deep learning works have exploited graph neural networks to enhance code representation. Despite their novel design, learning the structural information in the graph hierarchically and focusing on important nodes are still problems to better capture vulnerability semantics. To tackle this bottleneck, we propose a novel neural model for vulnerability detection. A SAGPool module is designed to automatically chooses important nodes to retain hierarchically in each graph convolution layer. Our model is trained and tested over the REVEAL dataset built on two popular and well-maintained open-source projects. The experimental results demonstrate that our model outperforms the state-of-the-art methods.
Index Terms— code vulnerabilities, graph neural network, attention, etc.
Yuhan Zhang
National Engineering Research Center for Software Engineering, Peking University, CHINA
School of Software and Microelectronics, Peking University, CHINA
Xueyang Liu
National Engineering Research Center for Software Engineering, Peking University, CHINA
Dongdong Du
China Academy of Industrial Internet,CHINA
Cite: Yuhan Zhang, Xueyang Liu, Dongdong Du, "Static Detection of Vulnerabilities via Graph Attention hierarchically," 2021 The 11th International Workshop on Computer Science and Engineering (WCSE 2021), pp. 6-12, Shanghai, China, June 19-21, 2021.