pith. sign in

arxiv: 2006.08614 · v1 · pith:DVEMKQZInew · submitted 2020-06-15 · 💻 cs.SE · cs.CR· cs.LG· cs.PL

Learning to map source code to software vulnerability using code-as-a-graph

classification 💻 cs.SE cs.CRcs.LGcs.PL
keywords graphcodelearningsourceencodingneuralsamplethen
0
0 comments X
read the original abstract

We explore the applicability of Graph Neural Networks in learning the nuances of source code from a security perspective. Specifically, whether signatures of vulnerabilities in source code can be learned from its graph representation, in terms of relationships between nodes and edges. We create a pipeline we call AI4VA, which first encodes a sample source code into a Code Property Graph. The extracted graph is then vectorized in a manner which preserves its semantic information. A Gated Graph Neural Network is then trained using several such graphs to automatically extract templates differentiating the graph of a vulnerable sample from a healthy one. Our model outperforms static analyzers, classic machine learning, as well as CNN and RNN-based deep learning models on two of the three datasets we experiment with. We thus show that a code-as-graph encoding is more meaningful for vulnerability detection than existing code-as-photo and linear sequence encoding approaches. (Submitted Oct 2019, Paper #28, ICST)

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.