MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks

TL;DR

MVD leverages flow-sensitive graph neural networks to improve detection accuracy of memory-related vulnerabilities by jointly analyzing code and flow information, outperforming existing methods.

Contribution

Introduces MVD, a novel flow-sensitive GNN-based approach that effectively captures implicit vulnerability patterns using combined code and flow data.

Findings

MVD achieves higher detection accuracy than state-of-the-art methods.

MVD outperforms static analysis tools in identifying memory vulnerabilities.

MVD balances detection accuracy with computational efficiency.

Abstract

Memory-related vulnerabilities constitute severe threats to the security of modern software. Despite the success of deep learning-based approaches to generic vulnerability detection, they are still limited by the underutilization of flow information when applied for detecting memory-related vulnerabilities, leading to high false positives. In this paper,we propose MVD, a statement-level Memory-related Vulnerability Detection approach based on flow-sensitive graph neural networks (FS-GNN). FS-GNN is employed to jointly embed both unstructured information (i.e., source code) and structured information (i.e., control- and data-flow) to capture implicit memory-related vulnerability patterns. We evaluate MVD on the dataset which contains 4,353 real-world memory-related vulnerabilities, and compare our approach with three state-of-the-art deep learning-based approaches as well as five popular static analysisbased memory detectors. The experiment results show that MVD achieves better detection accuracy, outperforming both state-of-theart DL-based and static analysis-based approaches. Furthermore, MVD makes a great trade-off between accuracy and efficiency.