Inductive Vulnerability Detection via Gated Graph Neural Network

Abstract

Vulnerability detection is an essential means to ensure the normal operation of various software tools and system security. The Recurrent Neural Networks (RNNs) have achieved remarkable results in vulnerability detection, but the sequence-based code representation has great limitations in feature expression and propagation. In this paper, we propose a fine-grained code vulnerability detection framework based on Gated Graph Neural Network (GGNN). Firstly, we process the source code into fine-grained slices. Secondly, graph embedding of code slices is constructed by clustering neighborhood information. Finally, GGNN is used to learn the syntax and semantic information of vulnerability codes for graph-level classification. Furthermore, we theoretically analyze that GGNN has a strong inductive learning ability. This means that the model requires only a small amount of training data to obtain sufficient advanced features, which is significant for vulnerability detection tasks that are difficult to collect data sets. We carry out conventional experiments and inductive experiments with manually collected data sets, and the results show that the framework is superior to RNNs in vulnerability detection performance. Moreover, our framework performs better than RNNs under inductive conditions.