Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2023

Abstract

Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propose a learning-based approach namely SnapVuln, which first utilizes multiple vulnerability-specific inter-procedural slicing algorithms to capture vulnerability semantics of various types and then employs a Gated Graph Neural Network (GGNN) with an attention mechanism to learn vulnerability semantics. We compare SnapVuln with state-of-the-art learning-based approaches on two public datasets, and confirm that SnapVuln outperforms them. We further perform an ablation study and demonstrate that the completeness and precision of vulnerability semantics captured by SnapVuln contribute to the performance improvement.

Keywords

code representations, program semantics, Vulnerability detection

Discipline

Artificial Intelligence and Robotics | Information Security | Theory and Algorithms

Research Areas

Intelligent Systems and Optimization

Publication

ESEC/FSE '23: Proceedings of ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, December 3-9

First Page

1371

Last Page

1383

ISBN

9798400703270

Identifier

10.1145/3611643.3616351

Publisher

ACM

City or Country

New York

Additional URL

https://doi.org/10.1145/3611643.3616351

Share

COinS