VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives
Source code vulnerabilities are one of the significant threats to software security. Existing deep learning-based detection methods have proven their effectiveness. However, most of them extract code information on a single intermediate representation of code (IRC), which often fails to extract mult...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2024-01-01
|
| Series: | IET Information Security |
| Online Access: | http://dx.doi.org/10.1049/2024/4313185 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832553161194209280 |
|---|---|
| author | Xiansheng Cao Junfeng Wang Peng Wu Zhiyang Fang |
| author_facet | Xiansheng Cao Junfeng Wang Peng Wu Zhiyang Fang |
| author_sort | Xiansheng Cao |
| collection | DOAJ |
| description | Source code vulnerabilities are one of the significant threats to software security. Existing deep learning-based detection methods have proven their effectiveness. However, most of them extract code information on a single intermediate representation of code (IRC), which often fails to extract multiple information hidden in the code fully, significantly limiting their performance. To address this problem, we propose VulMPFF, a vulnerability detection method that fuses code features under multiple perspectives. It extracts IRC from three perspectives: code sequence, lexical and syntactic relations, and graph structure to capture the vulnerability information in the code, which effectively realizes the complementary information of multiple IRCs and improves vulnerability detection performance. Specifically, VulMPFF extracts serialized abstract syntax tree as IRC from code sequence, lexical and syntactic relation perspective, and code property graph as IRC from graph structure perspective, and uses Bi-LSTM model with attention mechanism and graph neural network with attention mechanism to learn the code features from multiple perspectives and fuse them to detect the vulnerabilities in the code, respectively. We design a dual-attention mechanism to highlight critical code information for vulnerability triggering and better accomplish the vulnerability detection task. We evaluate our approach on three datasets. Experiments show that VulMPFF outperforms existing state-of-the-art vulnerability detection methods (i.e., Rats, FlawFinder, VulDeePecker, SySeVR, Devign, and Reveal) in Acc and F1 score, with improvements ranging from 14.71% to 145.78% and 152.08% to 344.77%, respectively. Meanwhile, experiments in the open-source project demonstrate that VulMPFF has the potential to detect vulnerabilities in real-world environments. |
| format | Article |
| id | doaj-art-eb2080502ff64b8b86c955853a9f81ae |
| institution | Kabale University |
| issn | 1751-8717 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-eb2080502ff64b8b86c955853a9f81ae2025-02-03T05:55:20ZengWileyIET Information Security1751-87172024-01-01202410.1049/2024/4313185VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple PerspectivesXiansheng Cao0Junfeng Wang1Peng Wu2Zhiyang Fang3School of Cyber Science and EngineeringCollege of Computer ScienceSchool of Information and EngineeringSchool of Cyber Science and EngineeringSource code vulnerabilities are one of the significant threats to software security. Existing deep learning-based detection methods have proven their effectiveness. However, most of them extract code information on a single intermediate representation of code (IRC), which often fails to extract multiple information hidden in the code fully, significantly limiting their performance. To address this problem, we propose VulMPFF, a vulnerability detection method that fuses code features under multiple perspectives. It extracts IRC from three perspectives: code sequence, lexical and syntactic relations, and graph structure to capture the vulnerability information in the code, which effectively realizes the complementary information of multiple IRCs and improves vulnerability detection performance. Specifically, VulMPFF extracts serialized abstract syntax tree as IRC from code sequence, lexical and syntactic relation perspective, and code property graph as IRC from graph structure perspective, and uses Bi-LSTM model with attention mechanism and graph neural network with attention mechanism to learn the code features from multiple perspectives and fuse them to detect the vulnerabilities in the code, respectively. We design a dual-attention mechanism to highlight critical code information for vulnerability triggering and better accomplish the vulnerability detection task. We evaluate our approach on three datasets. Experiments show that VulMPFF outperforms existing state-of-the-art vulnerability detection methods (i.e., Rats, FlawFinder, VulDeePecker, SySeVR, Devign, and Reveal) in Acc and F1 score, with improvements ranging from 14.71% to 145.78% and 152.08% to 344.77%, respectively. Meanwhile, experiments in the open-source project demonstrate that VulMPFF has the potential to detect vulnerabilities in real-world environments.http://dx.doi.org/10.1049/2024/4313185 |
| spellingShingle | Xiansheng Cao Junfeng Wang Peng Wu Zhiyang Fang VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives IET Information Security |
| title | VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives |
| title_full | VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives |
| title_fullStr | VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives |
| title_full_unstemmed | VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives |
| title_short | VulMPFF: A Vulnerability Detection Method for Fusing Code Features in Multiple Perspectives |
| title_sort | vulmpff a vulnerability detection method for fusing code features in multiple perspectives |
| url | http://dx.doi.org/10.1049/2024/4313185 |
| work_keys_str_mv | AT xianshengcao vulmpffavulnerabilitydetectionmethodforfusingcodefeaturesinmultipleperspectives AT junfengwang vulmpffavulnerabilitydetectionmethodforfusingcodefeaturesinmultipleperspectives AT pengwu vulmpffavulnerabilitydetectionmethodforfusingcodefeaturesinmultipleperspectives AT zhiyangfang vulmpffavulnerabilitydetectionmethodforfusingcodefeaturesinmultipleperspectives |