Software vulnerability detection (SVD) in source code remains a significant challenge, capturing the attention of researchers due to its critical importance. Numerous automated detection techniques have emerged, leveraging deep learning and large language models. Graph Neural Network models have been used for SVD and have shown promising results. However, graph-based models often struggle to capture long-term dependencies within code snippets due to simplistic hop neighborhood encoding. This study explores the potential of enhancing graph neural networks by capturing both local and global complex code structures through node and edge embeddings. By generating contextualised embeddings using Node2vec model, we aim to enrich the model’s understanding of source code through an advanced subgraph construction. Our results demonstrate an improvement in the detection capabilities of graph neural networks for identifying vulnerabilities at the statement level in Java source code. Specifically, the proposed approach has achieved a detection precision of up to 82.08% (i.e., improvement of 11.33%), enhancing the model’s noise robustness and detection capability.
Enhanced Graph Neural Networks for Vulnerability Detection in Java via Advanced Subgraph Construction / Lekeufack Foulefack, Rosmael Zidane; Marchetto, Alessandro. - (2025), pp. 131-148. (Intervento presentato al convegno 36th IFIP WG 6.1 International Conference on Testing Software and Systems (ICTSS 2024) tenutosi a London, UK nel October 30 - November 1, 2024) [10.1007/978-3-031-80889-0_9].
Enhanced Graph Neural Networks for Vulnerability Detection in Java via Advanced Subgraph Construction
Lekeufack Foulefack, Rosmael Zidane;Marchetto, Alessandro
2025-01-01
Abstract
Software vulnerability detection (SVD) in source code remains a significant challenge, capturing the attention of researchers due to its critical importance. Numerous automated detection techniques have emerged, leveraging deep learning and large language models. Graph Neural Network models have been used for SVD and have shown promising results. However, graph-based models often struggle to capture long-term dependencies within code snippets due to simplistic hop neighborhood encoding. This study explores the potential of enhancing graph neural networks by capturing both local and global complex code structures through node and edge embeddings. By generating contextualised embeddings using Node2vec model, we aim to enrich the model’s understanding of source code through an advanced subgraph construction. Our results demonstrate an improvement in the detection capabilities of graph neural networks for identifying vulnerabilities at the statement level in Java source code. Specifically, the proposed approach has achieved a detection precision of up to 82.08% (i.e., improvement of 11.33%), enhancing the model’s noise robustness and detection capability.| File | Dimensione | Formato | |
|---|---|---|---|
|
2.pdf
Solo gestori archivio
Descrizione: PDF paper
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.06 MB
Formato
Adobe PDF
|
1.06 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
