Software Vulnerability Detection Using a Lightweight Graph Neural Network

TL;DR

This paper introduces VulGNN, a lightweight graph neural network for vulnerability detection that rivals large language models in performance while being significantly smaller and more efficient.

Contribution

The paper presents VulGNN, a novel GNN-based model that is smaller, faster to retrain, and deployable at the edge, addressing scalability issues of LLMs in vulnerability detection.

Findings

VulGNN achieves near-Large Language Model performance.

VulGNN is 100 times smaller than LLMs.

VulGNN is efficient for real-world deployment.

Abstract

Large Language Models (LLMs) have emerged as a popular choice in vulnerability detection studies given their foundational capabilities, open source availability, and variety of models, but have limited scalability due to extensive compute requirements. Using the natural graph relational structure of code, we show that our proposed graph neural network (GNN) based deep learning model VulGNN for vulnerability detection can achieve performance almost on par with LLMs, but is 100 times smaller in size and fast to retrain and customize. We describe the VulGNN architecture, ablation studies on components, learning rates, and generalizability to different code datasets. As a lightweight model for vulnerability analysis, VulGNN is efficient and deployable at the edge as part of real-world software development pipelines.