Structure-Aware Code Vulnerability Analysis With Graph Neural Networks

TL;DR

This paper investigates the use of graph neural networks for detecting software vulnerabilities in Java code, demonstrating that specific configurations and data strategies significantly enhance detection accuracy.

Contribution

It introduces a novel application of GNNs to vulnerability detection with insights on optimal configurations and data inclusion strategies.

Findings

Certain GNN configurations improve vulnerability detection accuracy.

Pruning graph elements and excluding some code representations enhance model performance.

Including random data in training boosts GNN effectiveness.

Abstract

This study explores the effectiveness of graph neural networks (GNNs) for vulnerability detection in software code, utilizing a real-world dataset of Java vulnerability-fixing commits. The dataset's structure, based on the number of modified methods in each commit, offers a natural partition that facilitates diverse investigative scenarios. The primary focus is to evaluate the general applicability of GNNs in identifying vulnerable code segments and distinguishing these from their fixed versions, as well as from random non-vulnerable code. Through a series of experiments, the research addresses key questions about the suitability of different configurations and subsets of data in enhancing the prediction accuracy of GNN models. Experiments indicate that certain model configurations, such as the pruning of specific graph elements and the exclusion of certain types of code representation, significantly improve performance. Additionally, the study highlights the importance of including random data in training to optimize the detection capabilities of GNNs.