Litcius/Paper detail

Learning Program Semantics for Vulnerability Detection via Vulnerability-Specific Inter-procedural Slicing

Bozhi Wu, Shangqing Liu, Yang Xiao, Zhiming Li, Jun Sun, Shang‐Wei Lin

202312 citationsDOIOpen Access PDF

Abstract

Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propose a learning-based approach namely SnapVuln, which first utilizes multiple vulnerability-specific inter-procedural slicing algorithms to capture vulnerability semantics of various types and then employs a Gated Graph Neural Network (GGNN) with an attention mechanism to learn vulnerability semantics. We compare SnapVuln with state-of-the-art learning-based approaches on two public datasets, and confirm that SnapVuln outperforms them. We further perform an ablation study and demonstrate that the completeness and precision of vulnerability semantics captured by SnapVuln contribute to the performance improvement.

Topics & Concepts

Program slicingComputer scienceVulnerability (computing)Semantics (computer science)SlicingArtificial intelligenceVulnerability assessmentGraphSoftwareProgramming languageTheoretical computer scienceComputer securityWorld Wide WebPsychologyPsychotherapistPsychological resilienceSoftware Engineering ResearchSoftware Testing and Debugging TechniquesAdvanced Malware Detection Techniques