DeepVD: Toward Class-Separation Features for Neural Network Vulnerability Detection

Document Type

Conference Proceeding

Publication Date

1-1-2023

Abstract

The advances of machine learning (ML) including deep learning (DL) have enabled several approaches to implicitly learn vulnerable code patterns to automatically detect software vulnerabilities. A recent study showed that despite successes, the existing ML/DL-based vulnerability detection (VD) models are limited in the ability to distinguish between the two classes of vulnerability and benign code. We propose DeepVD, a graph-based neural network VD model that emphasizes on class-separation features between vulnerability and benign code. DeepVDleverages three types of class-separation features at different levels of abstraction: statement types (similar to Part-of-Speech tagging), Post-Dominator Tree (covering regular flows of execution), and Exception Flow Graph (covering the exception and error-handling flows). We conducted several experiments to evaluate DeepVD in a real-world vulnerability dataset of 303 projects with 13,130 vulnerable methods. Our results show that DeepVD relatively improves over the state-of-the-art ML/DL-based VD approaches 13%-29.6% in precision, 15.6%-28.9% in recall, and 16.4%-25.8% in F-score. Our ablation study confirms that our designed features and components help DeepVDachieve high class-separability for vulnerability and benign code.

Identifier

85171747544 (Scopus)

ISBN

[9781665457019]

Publication Title

Proceedings International Conference on Software Engineering

External Full Text Location

https://doi.org/10.1109/ICSE48619.2023.00189

ISSN

02705257

First Page

2249

Last Page

2261

Grant

CNS-2120386

Fund Ref

National Science Foundation

This document is currently not available here.

Share

COinS