Comparison of Program Representations on Vulnerability Detection with Graph Neural Networks

Yoola Choi; Young Woo Kwon

doi:10.5573/IEIESPC.2021.10.6.477

Comparison of Program Representations on Vulnerability Detection with Graph Neural Networks

Yoola Choi, Young Woo Kwon

Kyungpook National University

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

As software vulnerabilities have surged, efforts to discover them have increased. The syntactic and semantic information of a program is required to detect vulnerabilities. Each information can be represented as a graph, such as Abstract Syntax Tree and Program Dependency Graph. In this paper, the program representations were extracted using various static analysis tools, including Clang Static Analyzer, Joern, and SVF, and compared using Graph Neural Networks to select the appropriate representations for vulnerability detection in C/C++. From the comparison, PDG shows the best performance among the multiple representations. This result indicates a suitable program representation and a tool for vulnerability detection that can be utilized in research utilizing graph neural networks.

Original language	English
Pages (from-to)	477-482
Number of pages	6
Journal	IEIE Transactions on Smart Processing and Computing
Volume	10
Issue number	6
DOIs	https://doi.org/10.5573/IEIESPC.2021.10.6.477
State	Published - 2021

Keywords

Graph neural networks
Static program analysis
Vulnerability detection

Access to Document

10.5573/IEIESPC.2021.10.6.477

Cite this

@article{f67cdbeb5c5746dcaddee213833332af,

title = "Comparison of Program Representations on Vulnerability Detection with Graph Neural Networks",

abstract = "As software vulnerabilities have surged, efforts to discover them have increased. The syntactic and semantic information of a program is required to detect vulnerabilities. Each information can be represented as a graph, such as Abstract Syntax Tree and Program Dependency Graph. In this paper, the program representations were extracted using various static analysis tools, including Clang Static Analyzer, Joern, and SVF, and compared using Graph Neural Networks to select the appropriate representations for vulnerability detection in C/C++. From the comparison, PDG shows the best performance among the multiple representations. This result indicates a suitable program representation and a tool for vulnerability detection that can be utilized in research utilizing graph neural networks.",

keywords = "Graph neural networks, Static program analysis, Vulnerability detection",

author = "Yoola Choi and Kwon, {Young Woo}",

note = "Publisher Copyright: Copyrights {\textcopyright} 2021 The Institute of Electronics and Information Engineer",

year = "2021",

doi = "10.5573/IEIESPC.2021.10.6.477",

language = "English",

volume = "10",

pages = "477--482",

journal = "IEIE Transactions on Smart Processing and Computing",

issn = "2287-5255",

publisher = "Institute of Electronics Engineers of Korea",

number = "6",

}

TY - JOUR

T1 - Comparison of Program Representations on Vulnerability Detection with Graph Neural Networks

AU - Choi, Yoola

AU - Kwon, Young Woo

PY - 2021

Y1 - 2021

N2 - As software vulnerabilities have surged, efforts to discover them have increased. The syntactic and semantic information of a program is required to detect vulnerabilities. Each information can be represented as a graph, such as Abstract Syntax Tree and Program Dependency Graph. In this paper, the program representations were extracted using various static analysis tools, including Clang Static Analyzer, Joern, and SVF, and compared using Graph Neural Networks to select the appropriate representations for vulnerability detection in C/C++. From the comparison, PDG shows the best performance among the multiple representations. This result indicates a suitable program representation and a tool for vulnerability detection that can be utilized in research utilizing graph neural networks.

AB - As software vulnerabilities have surged, efforts to discover them have increased. The syntactic and semantic information of a program is required to detect vulnerabilities. Each information can be represented as a graph, such as Abstract Syntax Tree and Program Dependency Graph. In this paper, the program representations were extracted using various static analysis tools, including Clang Static Analyzer, Joern, and SVF, and compared using Graph Neural Networks to select the appropriate representations for vulnerability detection in C/C++. From the comparison, PDG shows the best performance among the multiple representations. This result indicates a suitable program representation and a tool for vulnerability detection that can be utilized in research utilizing graph neural networks.

KW - Graph neural networks

KW - Static program analysis

KW - Vulnerability detection

UR - http://www.scopus.com/inward/record.url?scp=85123220765&partnerID=8YFLogxK

U2 - 10.5573/IEIESPC.2021.10.6.477

DO - 10.5573/IEIESPC.2021.10.6.477

M3 - Article

AN - SCOPUS:85123220765

SN - 2287-5255

VL - 10

SP - 477

EP - 482

JO - IEIE Transactions on Smart Processing and Computing

JF - IEIE Transactions on Smart Processing and Computing

IS - 6

ER -

Comparison of Program Representations on Vulnerability Detection with Graph Neural Networks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this