Software vulnerability detection via graph neural networks

Abstract

Detecting vulnerabilities in source code is a critical task for software security assurance. Recent research underscores the efficacy of Graph Neural Network (GNN)-based techniques in the binary classification of code vulnerabilities. However, as the number of vulnerability types increases, the binary outcomes offer limited support for accurate debugging and pinpointing vulnerabilities across different types. Additionally, the prevalent use of homogeneous GNN training has constrained the ability to effectively model the diverse relationships existing between code elements that contribute to various vulnerabilities. To address these challenges, this dissertation introduces an innovative approach to detecting software vulnerabilities utilizing GNNs. This approach centers on the synthesis and refinement of three distinct graph representations: Compact Abstract Graphs (CAGs), Inter-Procedural Abstract Graphs (IPAGs), and Inter-Procedural Compressed Code Property Graphs (ICCPGs). The goal is to overcome the hurdles associated with accurately classifying and pinpointing a wide array of vulnerability types within software code, spanning multiple programming languages. The proposed approach aims to propel the state-of-the-art in deep learning-based software vulnerability detection. This synthesis promises a more nuanced, efficient, and comprehensive solution, advancing the capability to address the evolving landscape of software vulnerabilities.