Neural software vulnerability analysis using rich intermediate graph representations of programs

Abstract

Security vulnerabilities are among the major concerns of modern software engineering. Successful results of machine learning techniques in various challenging applications have led to an emerging field of research to investigate the effectiveness of machine learning, and more recently, deep learning techniques, for the problem of software vulnerability analysis and discovery. In this paper, we explore the utilization of Graph Neural Networks as the latest trend and progress in the field of artificial neural networks. To this end, we propose an original neural vulnerability analysis approach, using customized intermediate graph representations of programs to train graph neural network models. Experimental results on a public suite of vulnerable programs show that the proposed approach is effective at the task of software vulnerability analysis. Additional empirical experiments answer complementary research questions about the proposed approach. In particular, we present experimental results for the challenging task of cross-project vulnerability analysis, with interesting insights on the capabilities of our novel approach. Furthermore, a software utility that was developed in the course of this study is also published as a further contribution to the research community.