Abstract
Vulnerability detection is still a challenging problem. The source code representation method used by the existing vulnerability detection methods cannot fully contain the context information of the vulnerability occurrence statement, and the vulnerability detection model does not fully consider the importance of the context statement to the vulnerability occurrence statement. Aiming at the problems raised above, this paper proposes a source code vulnerability detection method based on the heterogeneous graph transformer. The method proposed in this paper adopts a novel source code representation method—the vulnerability dependence representation graph, which includes the control dependence of the vulnerability occurrence statement and the data dependence of the variables involved in the statement. At the same time, this paper builds a graph learning network for vulnerability dependence representation graph based on the heterogeneous graph transformer, which can automatically learn the importance of contextual sentences for vulnerable sentences. To prove the effectiveness of the method in this paper, experiments were carried out on the SARD data set, and the average accuracy rate was 95.4% and the recall rate was 92.4%. The average performance is improved by 4.1%–62.7%.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Lin, G.J.F., Wen, S.S., Han, Q.L.T.: Software vulnerability detection using deep neural networks: a survey. Proc. IEEE 108(10), 1825–1848 (2020)
Li, Z.F., Zou, D.Q.S., Xu, S.H.T.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Depend. Secure Comput. 1–15 (2021)
Russell, R.F., Kim, L.S., Hamilton, L.T.: Automated vulnerability detection in source code using deep representation learning. 17th IEEE International Conference on Machine Learning and Applications 2018, ICMLA, vol. 122018, pp. 757–762. IEEE, Piscataway (2018)
Wang, H.T.F., Ye, G.X.S., Tang, Z.Y.T.: Combining graph-based learning with automated data collection for code vulnerability detection. IEEE Trans. Inform. Foren. Secur. 16, 1943–1958 (2021)
Li, Z.F., Zou, D.Q.S., Xu, S.H.T.: Vuldeepecker: A Deep Learning-Based System for Vulnerability Detection. arXiv preprint arXiv 1801, pp. 1681–1695 (2018)
Allamanis, M.F., Brockschmidt, M.S., Khademi, M.T.: Learning to Represent Programs with Graphs. arXiv preprint arXiv 1711, pp. 740–756 (2017)
Li, Y.J.F., Tarlow, D.S., Brockschmidt, M.T.: Gated Graph Sequence Neural Networks. arXiv preprint arXiv 1511, pp. 5493–5512 (2015)
Zhou, Y.Q.F., Liu, S.Q.S., Siow, J.K.T.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Adv. Neural Inf. Process. Syst. 32, 1–11 (2019)
Hu, Z.N.F., Dong, Y.X.S., Wang, K.S.T.: Heterogeneous graph transformer. In: Proceedings of The Web Conference 2020, WWW, vol. 04202020, pp. 2704–2710.Association for Computing Machinery, New York (2020)
NVD: Software assurance reference dataset (2018). https://samate.nist.gov/SRD/index
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, H., Yang, H., Zhang, L. (2022). VDHGT: A Source Code Vulnerability Detection Method Based on Heterogeneous Graph Transformer. In: Chen, X., Shen, J., Susilo, W. (eds) Cyberspace Safety and Security. CSS 2022. Lecture Notes in Computer Science, vol 13547. Springer, Cham. https://doi.org/10.1007/978-3-031-18067-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-18067-5_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18066-8
Online ISBN: 978-3-031-18067-5
eBook Packages: Computer ScienceComputer Science (R0)