Keep It Simple: Towards Accurate Vulnerability Detection for Large Code Graphs

TL;DR

This paper introduces ANGLE, a novel method combining hierarchical graph refinement and context-aware learning to improve vulnerability detection in large code graphs, significantly outperforming existing approaches.

Contribution

The paper presents ANGLE, a new approach that effectively filters noise and captures long-distance dependencies in code graphs for vulnerability detection.

Findings

ANGLE outperforms baselines in accuracy and F1 score.

Significant improvements in large code graphs, up to 161.93%.

Effective hierarchical filtering reduces graph size and noise.

Abstract

Software vulnerability detection is crucial for high-quality software development. Recently, some studies utilizing Graph Neural Networks (GNNs) to learn the graph representation of code in vulnerability detection tasks have achieved remarkable success. However, existing graph-based approaches mainly face two limitations that prevent them from generalizing well to large code graphs: (1) the interference of noise information in the code graph; (2) the difficulty in capturing long-distance dependencies within the graph. To mitigate these problems, we propose a novel vulnerability detection method, ANGLE, whose novelty mainly embodies the hierarchical graph refinement and context-aware graph representation learning. The former hierarchically filters redundant information in the code graph, thereby reducing the size of the graph, while the latter collaboratively employs the Graph Transformer and GNN to learn code graph representations from both the global and local perspectives, thus capturing long-distance dependencies. Extensive experiments demonstrate promising results on three widely used benchmark datasets: our method significantly outperforms several other baselines in terms of the accuracy and F1 score. Particularly, in large code graphs, ANGLE achieves an improvement in accuracy of 34.27%-161.93% compared to the state-of-the-art method, AMPLE. Such results demonstrate the effectiveness of ANGLE in vulnerability detection tasks.