ReGVD: Revisiting Graph Neural Networks for vulnerability detection

Van-Anh Nguyen; Dai Quoc Nguyen; Van Nguyen; Trung Le; Quan Hung Tran; Dinh Phung

doi:10.1109/ICSE-Companion55297.2022.9793807

ReGVD: Revisiting Graph Neural Networks for vulnerability detection

Van-Anh Nguyen, Dai Quoc Nguyen, Van Nguyen, Trung Le, Quan Hung Tran, Dinh Phung

Department of Data Science & AI

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Other

11 Citations (Scopus)

Abstract

Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To this end, we aim to develop a general, practical, and programming language-independent model capable of running on various source codes and libraries without difficulty. Therefore, we consider vulnerability detection as an inductive text classification problem and propose ReGVD, a simple yet effective graph neural network-based model for the problem. In particular, ReGVD views each raw source code as a flat sequence of tokens to build a graph, wherein node features are initialized by only the token embedding layer of a pre-trained programming language (PL) model. ReGVD then leverages residual connection among GNN layers and examines a mixture of graph-level sum and max poolings to return a graph embedding for the source code. ReGVD outperforms the existing state-of-the-art models and obtains the highest accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection. Our code is available at: https://github.com/daiquocnguyen/GNN-ReGVD.

Original language	English
Title of host publication	Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering
Subtitle of host publication	Companion Proceedings, ICSE-Companion 2022
Editors	Matthew B. Dwyer
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	178-182
Number of pages	5
ISBN (Electronic)	9781665495981
ISBN (Print)	9781665495998
DOIs	https://doi.org/10.1109/ICSE-Companion55297.2022.9793807
Publication status	Published - 2022
Event	International Conference on Software Engineering 2022: Software Engineering in Society - Pittsburgh, United States of America Duration: 22 May 2022 → 27 May 2022 Conference number: 44th https://ieeexplore.ieee.org/xpl/conhome/9793840/proceeding (Proceedings) https://conf.researchr.org/home/icse-2022 (Website)

Publication series

Name	Proceedings - International Conference on Software Engineering
Publisher	Association for Computing Machinery (ACM)
ISSN (Print)	0270-5257

Conference

Conference	International Conference on Software Engineering 2022
Abbreviated title	ICSE-SEIS 2022
Country/Territory	United States of America
City	Pittsburgh
Period	22/05/22 → 27/05/22
Internet address	https://ieeexplore.ieee.org/xpl/conhome/9793840/proceeding (Proceedings) https://conf.researchr.org/home/icse-2022 (Website)

Keywords

Graph Neural Networks
Security
Text Classification
Vulnerability Detection

Access to Document

10.1109/ICSE-Companion55297.2022.9793807

Cite this

Nguyen, V-A., Nguyen, D. Q., Nguyen, V., Le, T., Tran, Q. H., & Phung, D. (2022). ReGVD: Revisiting Graph Neural Networks for vulnerability detection. In M. B. Dwyer (Ed.), Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, ICSE-Companion 2022 (pp. 178-182). (Proceedings - International Conference on Software Engineering). Association for Computing Machinery (ACM). https://doi.org/10.1109/ICSE-Companion55297.2022.9793807

Nguyen, Van-Anh ; Nguyen, Dai Quoc ; Nguyen, Van et al. / ReGVD : Revisiting Graph Neural Networks for vulnerability detection. Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, ICSE-Companion 2022. editor / Matthew B. Dwyer. New York NY USA : Association for Computing Machinery (ACM), 2022. pp. 178-182 (Proceedings - International Conference on Software Engineering).

@inproceedings{ca3c0fcf38cd4e71a18fa2a76052578c,

title = "ReGVD: Revisiting Graph Neural Networks for vulnerability detection",

abstract = "Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To this end, we aim to develop a general, practical, and programming language-independent model capable of running on various source codes and libraries without difficulty. Therefore, we consider vulnerability detection as an inductive text classification problem and propose ReGVD, a simple yet effective graph neural network-based model for the problem. In particular, ReGVD views each raw source code as a flat sequence of tokens to build a graph, wherein node features are initialized by only the token embedding layer of a pre-trained programming language (PL) model. ReGVD then leverages residual connection among GNN layers and examines a mixture of graph-level sum and max poolings to return a graph embedding for the source code. ReGVD outperforms the existing state-of-the-art models and obtains the highest accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection. Our code is available at: https://github.com/daiquocnguyen/GNN-ReGVD.",

keywords = "Graph Neural Networks, Security, Text Classification, Vulnerability Detection",

author = "Van-Anh Nguyen and Nguyen, {Dai Quoc} and Van Nguyen and Trung Le and Tran, {Quan Hung} and Dinh Phung",

note = "Funding Information: This research was partially supported under the Defence Science and Technology Group{\textquoteright}s Next Generation Technologies Program. We would like to thank Anh Bui (tuananh.bui@monash.edu) for his help and support. Funding Information: This research was partially supported under the Defence Science and Technology Group s Next Generation Technologies Program. We would like to thank Anh Bui (tuananh.bui@monash.edu) for his help and support. Publisher Copyright: {\textcopyright} 2022 IEEE.; International Conference on Software Engineering 2022 : Software Engineering in Society, ICSE-SEIS 2022 ; Conference date: 22-05-2022 Through 27-05-2022",

year = "2022",

doi = "10.1109/ICSE-Companion55297.2022.9793807",

language = "English",

isbn = "9781665495998",

series = "Proceedings - International Conference on Software Engineering",

publisher = "Association for Computing Machinery (ACM)",

pages = "178--182",

editor = "{B. Dwyer}, Matthew",

booktitle = "Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering",

address = "United States of America",

url = "https://ieeexplore.ieee.org/xpl/conhome/9793840/proceeding, https://conf.researchr.org/home/icse-2022",

}

Nguyen, V-A, Nguyen, DQ, Nguyen, V , Le, T, Tran, QH & Phung, D 2022, ReGVD: Revisiting Graph Neural Networks for vulnerability detection. in M B. Dwyer (ed.), Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, ICSE-Companion 2022. Proceedings - International Conference on Software Engineering, Association for Computing Machinery (ACM), New York NY USA, pp. 178-182, International Conference on Software Engineering 2022, Pittsburgh, Pennsylvania, United States of America, 22/05/22. https://doi.org/10.1109/ICSE-Companion55297.2022.9793807

ReGVD: Revisiting Graph Neural Networks for vulnerability detection. / Nguyen, Van-Anh; Nguyen, Dai Quoc; Nguyen, Van et al.
Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, ICSE-Companion 2022. ed. / Matthew B. Dwyer. New York NY USA: Association for Computing Machinery (ACM), 2022. p. 178-182 (Proceedings - International Conference on Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Other

TY - GEN

T1 - ReGVD

T2 - International Conference on Software Engineering 2022

AU - Nguyen, Van-Anh

AU - Nguyen, Dai Quoc

AU - Nguyen, Van

AU - Le, Trung

AU - Tran, Quan Hung

AU - Phung, Dinh

N1 - Conference code: 44th

PY - 2022

Y1 - 2022

N2 - Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To this end, we aim to develop a general, practical, and programming language-independent model capable of running on various source codes and libraries without difficulty. Therefore, we consider vulnerability detection as an inductive text classification problem and propose ReGVD, a simple yet effective graph neural network-based model for the problem. In particular, ReGVD views each raw source code as a flat sequence of tokens to build a graph, wherein node features are initialized by only the token embedding layer of a pre-trained programming language (PL) model. ReGVD then leverages residual connection among GNN layers and examines a mixture of graph-level sum and max poolings to return a graph embedding for the source code. ReGVD outperforms the existing state-of-the-art models and obtains the highest accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection. Our code is available at: https://github.com/daiquocnguyen/GNN-ReGVD.

AB - Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To this end, we aim to develop a general, practical, and programming language-independent model capable of running on various source codes and libraries without difficulty. Therefore, we consider vulnerability detection as an inductive text classification problem and propose ReGVD, a simple yet effective graph neural network-based model for the problem. In particular, ReGVD views each raw source code as a flat sequence of tokens to build a graph, wherein node features are initialized by only the token embedding layer of a pre-trained programming language (PL) model. ReGVD then leverages residual connection among GNN layers and examines a mixture of graph-level sum and max poolings to return a graph embedding for the source code. ReGVD outperforms the existing state-of-the-art models and obtains the highest accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection. Our code is available at: https://github.com/daiquocnguyen/GNN-ReGVD.

KW - Graph Neural Networks

KW - Security

KW - Text Classification

KW - Vulnerability Detection

UR - http://www.scopus.com/inward/record.url?scp=85128155921&partnerID=8YFLogxK

U2 - 10.1109/ICSE-Companion55297.2022.9793807

DO - 10.1109/ICSE-Companion55297.2022.9793807

M3 - Conference Paper

AN - SCOPUS:85128155921

SN - 9781665495998

T3 - Proceedings - International Conference on Software Engineering

SP - 178

EP - 182

BT - Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering

A2 - B. Dwyer, Matthew

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 22 May 2022 through 27 May 2022

ER -

Nguyen V-A, Nguyen DQ, Nguyen V , Le T, Tran QH, Phung D. ReGVD: Revisiting Graph Neural Networks for vulnerability detection. In B. Dwyer M, editor, Proceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, ICSE-Companion 2022. New York NY USA: Association for Computing Machinery (ACM). 2022. p. 178-182. (Proceedings - International Conference on Software Engineering). doi: 10.1109/ICSE-Companion55297.2022.9793807

ReGVD: Revisiting Graph Neural Networks for vulnerability detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this