MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection

MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection

This paper presents MultiGLICE (Multi class Graph Neural Network with Program Slice), a model for static code analysis to detect security vulnerabilities. MultiGLICE extends our previous GLICE model with multiclass detection for a large number of vulnerabilities across multiple programming languages...

Full description

Saved in:
Bibliographic Details
Main Authors: Wesley de Kraker, Harald Vranken, Arjen Hommersom
Format: Article
Language:English
Published: MDPI AG 2025-03-01
Series:Computers
Subjects:
code analysis
vulnerability detection
graph neural networks
program slicing
machine learning
Online Access:https://www.mdpi.com/2073-431X/14/3/98
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper presents MultiGLICE (Multi class Graph Neural Network with Program Slice), a model for static code analysis to detect security vulnerabilities. MultiGLICE extends our previous GLICE model with multiclass detection for a large number of vulnerabilities across multiple programming languages. It builds upon the earlier SySeVR and FUNDED models and uniquely integrates inter-procedural program slicing with a graph neural network. Users can configure the depth of the inter-procedural analysis, which allows a trade-off between the detection performance and computational efficiency. Increasing the depth of the inter-procedural analysis improves the detection performance, at the cost of computational efficiency. We conduct experiments with MultiGLICE for the multiclass detection of 38 different CWE types in C/C++, C#, Java, and PHP code. We evaluate the trade-offs in the depth of the inter-procedural analysis and compare its vulnerability detection performance and resource usage with those of prior models. Our experimental results show that MultiGLICE improves the weighted F1-score by about 23% when compared to the FUNDED model adapted for multiclass classification. Furthermore, MultiGLICE offers a significant improvement in computational efficiency. The time required to train the MultiGLICE model is approximately 17 times less than that of FUNDED.
ISSN:2073-431X

Similar Items