Boosting Vulnerability Detection with Inter-function Multilateral Association Insights

TL;DR

This paper introduces IFMA-VD, a novel framework that leverages inter-function multilateral association analysis using hypergraphs to improve vulnerability detection accuracy in software systems.

Contribution

It proposes a hypergraph-based approach to capture complex inter-function relationships, enhancing deep learning vulnerability detection methods.

Findings

Improved F-measure and Recall on three vulnerability datasets

Multilateral association features enhance code representation

Validated effectiveness on real-world datasets

Abstract

Vulnerability detection is a crucial yet challenging technique for ensuring the security of software systems. Currently, most deep learning-based vulnerability detection methods focus on stand-alone functions, neglecting the complex inter-function interrelations, particularly the multilateral associations. This oversight can fail to detect vulnerabilities in these interrelations. To address this gap, we present an Inter-Function Multilateral Association analysis framework for Vulnerability Detection (IFMA-VD). The cornerstone of the IFMA-VD lies in constructing a code behavior hypergraph and utilizing hyperedge convolution to extract multilateral association features. Specifically, we first parse functions into a code property graph to generate intra-function features. Following this, we construct a code behavior hypergraph by segmenting the program dependency graph to isolate and encode behavioral features into hyperedges. Finally, we utilize a hypergraph network to capture the multilateral association knowledge for augmenting vulnerability detection. We evaluate IFMA-VD on three widely used vulnerability datasets and demonstrate improvements in F-measure and Recall compared to baseline methods. Additionally, we illustrate that multilateral association features can boost code feature representation and validate the effectiveness of IFMA-VD on real-world datasets.