MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection
This paper presents MultiGLICE (Multi class Graph Neural Network with Program Slice), a model for static code analysis to detect security vulnerabilities. MultiGLICE extends our previous GLICE model with multiclass detection for a large number of vulnerabilities across multiple programming languages...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-03-01
|
| Series: | Computers |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2073-431X/14/3/98 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850089911592419328 |
|---|---|
| author | Wesley de Kraker Harald Vranken Arjen Hommersom |
| author_facet | Wesley de Kraker Harald Vranken Arjen Hommersom |
| author_sort | Wesley de Kraker |
| collection | DOAJ |
| description | This paper presents MultiGLICE (Multi class Graph Neural Network with Program Slice), a model for static code analysis to detect security vulnerabilities. MultiGLICE extends our previous GLICE model with multiclass detection for a large number of vulnerabilities across multiple programming languages. It builds upon the earlier SySeVR and FUNDED models and uniquely integrates inter-procedural program slicing with a graph neural network. Users can configure the depth of the inter-procedural analysis, which allows a trade-off between the detection performance and computational efficiency. Increasing the depth of the inter-procedural analysis improves the detection performance, at the cost of computational efficiency. We conduct experiments with MultiGLICE for the multiclass detection of 38 different CWE types in C/C++, C#, Java, and PHP code. We evaluate the trade-offs in the depth of the inter-procedural analysis and compare its vulnerability detection performance and resource usage with those of prior models. Our experimental results show that MultiGLICE improves the weighted F1-score by about 23% when compared to the FUNDED model adapted for multiclass classification. Furthermore, MultiGLICE offers a significant improvement in computational efficiency. The time required to train the MultiGLICE model is approximately 17 times less than that of FUNDED. |
| format | Article |
| id | doaj-art-0e4a5afab918433889b0a0bc2b363d46 |
| institution | DOAJ |
| issn | 2073-431X |
| language | English |
| publishDate | 2025-03-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Computers |
| spelling | doaj-art-0e4a5afab918433889b0a0bc2b363d462025-08-20T02:42:40ZengMDPI AGComputers2073-431X2025-03-011439810.3390/computers14030098MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability DetectionWesley de Kraker0Harald Vranken1Arjen Hommersom2Department of Computer Science, Open Universiteit, 6419 AT Heerlen, The NetherlandsDepartment of Computer Science, Open Universiteit, 6419 AT Heerlen, The NetherlandsDepartment of Computer Science, Open Universiteit, 6419 AT Heerlen, The NetherlandsThis paper presents MultiGLICE (Multi class Graph Neural Network with Program Slice), a model for static code analysis to detect security vulnerabilities. MultiGLICE extends our previous GLICE model with multiclass detection for a large number of vulnerabilities across multiple programming languages. It builds upon the earlier SySeVR and FUNDED models and uniquely integrates inter-procedural program slicing with a graph neural network. Users can configure the depth of the inter-procedural analysis, which allows a trade-off between the detection performance and computational efficiency. Increasing the depth of the inter-procedural analysis improves the detection performance, at the cost of computational efficiency. We conduct experiments with MultiGLICE for the multiclass detection of 38 different CWE types in C/C++, C#, Java, and PHP code. We evaluate the trade-offs in the depth of the inter-procedural analysis and compare its vulnerability detection performance and resource usage with those of prior models. Our experimental results show that MultiGLICE improves the weighted F1-score by about 23% when compared to the FUNDED model adapted for multiclass classification. Furthermore, MultiGLICE offers a significant improvement in computational efficiency. The time required to train the MultiGLICE model is approximately 17 times less than that of FUNDED.https://www.mdpi.com/2073-431X/14/3/98code analysisvulnerability detectiongraph neural networksprogram slicingmachine learning |
| spellingShingle | Wesley de Kraker Harald Vranken Arjen Hommersom MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection Computers code analysis vulnerability detection graph neural networks program slicing machine learning |
| title | MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection |
| title_full | MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection |
| title_fullStr | MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection |
| title_full_unstemmed | MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection |
| title_short | MultiGLICE: Combining Graph Neural Networks and Program Slicing for Multiclass Software Vulnerability Detection |
| title_sort | multiglice combining graph neural networks and program slicing for multiclass software vulnerability detection |
| topic | code analysis vulnerability detection graph neural networks program slicing machine learning |
| url | https://www.mdpi.com/2073-431X/14/3/98 |
| work_keys_str_mv | AT wesleydekraker multiglicecombininggraphneuralnetworksandprogramslicingformulticlasssoftwarevulnerabilitydetection AT haraldvranken multiglicecombininggraphneuralnetworksandprogramslicingformulticlasssoftwarevulnerabilitydetection AT arjenhommersom multiglicecombininggraphneuralnetworksandprogramslicingformulticlasssoftwarevulnerabilitydetection |