ReGVD: Revisiting Graph Neural Networks for vulnerability detection

Van-Anh Nguyen, Dai Quoc Nguyen, Van Nguyen, Trung Le, Quan Hung Tran, Dinh Phung

Research output: Chapter in Book/Report/Conference proceedingConference PaperOther

40 Citations (Scopus)

Abstract

Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To this end, we aim to develop a general, practical, and programming language-independent model capable of running on various source codes and libraries without difficulty. Therefore, we consider vulnerability detection as an inductive text classification problem and propose ReGVD, a simple yet effective graph neural network-based model for the problem. In particular, ReGVD views each raw source code as a flat sequence of tokens to build a graph, wherein node features are initialized by only the token embedding layer of a pre-trained programming language (PL) model. ReGVD then leverages residual connection among GNN layers and examines a mixture of graph-level sum and max poolings to return a graph embedding for the source code. ReGVD outperforms the existing state-of-the-art models and obtains the highest accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection. Our code is available at: https://github.com/daiquocnguyen/GNN-ReGVD.

Original languageEnglish
Title of host publicationProceedings - 2022 ACM/IEEE 44th International Conference on Software Engineering
Subtitle of host publicationCompanion Proceedings, ICSE-Companion 2022
EditorsMatthew B. Dwyer
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Pages178-182
Number of pages5
ISBN (Electronic)9781665495981
ISBN (Print)9781665495998
DOIs
Publication statusPublished - 2022
EventInternational Conference on Software Engineering 2022: Software Engineering in Society - Pittsburgh, United States of America
Duration: 22 May 202227 May 2022
Conference number: 44th
https://ieeexplore.ieee.org/xpl/conhome/9793840/proceeding (Proceedings)
https://conf.researchr.org/home/icse-2022 (Website)

Publication series

NameProceedings - International Conference on Software Engineering
PublisherAssociation for Computing Machinery (ACM)
ISSN (Print)0270-5257

Conference

ConferenceInternational Conference on Software Engineering 2022
Abbreviated titleICSE-SEIS 2022
Country/TerritoryUnited States of America
CityPittsburgh
Period22/05/2227/05/22
Internet address

Keywords

  • Graph Neural Networks
  • Security
  • Text Classification
  • Vulnerability Detection

Cite this