In recent years, security testing and vulnerability detection in source code have experienced a significant transformation with the adoption of data-driven techniques. This shift has reduced reliance on manual analysis, addressed the high false-positive rates of static analyzers, and accelerated the early detection of software bugs, ultimately mitigating the risk of cyberattacks. Among these advancements, graph-based approaches have shown promising results by capturing structural and contextual patterns within source code. However, such methods often rely solely on the code under analysis, limiting their ability to comprehensively learn vulnerable patterns. This study explores the integration of domain-specific knowledge into a Graph Neural Network (GNN)-based model to enhance its understanding and detection of vulnerabilities. By incorporating resources such as Common Vulnerability Exposure (CVE) descriptions, Common Weakness Enumeration (CWE) definitions, and sample functions provided by security experts at the MITRE Corporation, we aim to enrich the model's knowledge base. Our approach demonstrates significant improvements on a Java vulnerability dataset across all considerable metrics. This finding underscores the value of domain-specific augmentation in advancing vulnerability detection capabilities.
Incorporating Domain Knowledge into GNNs for Advanced Vulnerability Detection in Java / Foulefack, Rosmael; Marchetto, Alessandro. - (2025), pp. 160-169. ( 2025 IEEE/ACM International Conference on Automation of Software Test (AST 2025) Canada 26 April - 4 May 2025) [10.1109/AST66626.2025.00022].
Incorporating Domain Knowledge into GNNs for Advanced Vulnerability Detection in Java
Foulefack, Rosmael
;Marchetto, Alessandro
2025-01-01
Abstract
In recent years, security testing and vulnerability detection in source code have experienced a significant transformation with the adoption of data-driven techniques. This shift has reduced reliance on manual analysis, addressed the high false-positive rates of static analyzers, and accelerated the early detection of software bugs, ultimately mitigating the risk of cyberattacks. Among these advancements, graph-based approaches have shown promising results by capturing structural and contextual patterns within source code. However, such methods often rely solely on the code under analysis, limiting their ability to comprehensively learn vulnerable patterns. This study explores the integration of domain-specific knowledge into a Graph Neural Network (GNN)-based model to enhance its understanding and detection of vulnerabilities. By incorporating resources such as Common Vulnerability Exposure (CVE) descriptions, Common Weakness Enumeration (CWE) definitions, and sample functions provided by security experts at the MITRE Corporation, we aim to enrich the model's knowledge base. Our approach demonstrates significant improvements on a Java vulnerability dataset across all considerable metrics. This finding underscores the value of domain-specific augmentation in advancing vulnerability detection capabilities.| File | Dimensione | Formato | |
|---|---|---|---|
|
Incorporating_Domain_Knowledge_into_GNNs_for_Advanced_Vulnerability_Detection_in_Java.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
729.42 kB
Formato
Adobe PDF
|
729.42 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
