A multi-type vulnerability detection framework with parallel perspective fusion and hierarchical feature enhancement

Abstract

A core problem of vulnerability detection is to detect multi-type vulnerabilities simultaneously by characterizing vulnerabilities of high diversity and complexity in real program source code. Current methods mainly adjust and compromise multiple code representations such as code sequence and code graph based on composite graph. However, sequential features extracted by graph are hardly sufficient to model the contextual semantic associations of the token sequence. Meanwhile, structural features of the code graph extracted by models based on Euclidean Graph Neural Network are difficult to fit the tree-like calling relationships between code lines. These limitations make it difficult to detect diverse vulnerabilities. In addition, most of the existing models ignore the type of code statement, which is closely associated with some specific vulnerability types. In this paper, we propose a Parallelism Framework with Hierarchical feature Enhancement for Multi-type Vulnerability Detection (PFHE-MVD). PFHE-MVD models program code from three parallel perspectives, containing sequence, code graph, and Abstract Syntax Tree statistic. Hyperbolic Graph Convolutional Neural Network is integrated to model the top-down hierarchical calling structure in program code graph through hyperbolic space mapping. Besides, the statement type of code is embedded along with the code text to strengthen the identification ability for different types of vulnerabilities. Experimental results show that PFHE-MVD achieves new state-of-the-art results in multi-type vulnerability detection. PFHE-MVD captures tree-like hierarchical code structure feature and enhances the distinguishing ability for vulnerabilities by code statement type embedding.