首页|CS-GNN:用于真实世界漏洞检测的类敏感图神经网络

CS-GNN:用于真实世界漏洞检测的类敏感图神经网络

扫码查看
原文链接
  • 万方数据
  • 维普
针对当前大多数基于深度学习的漏洞检测方法在应用于工业5.0系统中检测不平衡的真实世界的漏洞时,受到程序代码流程信息利用不足的限制,导致误报率很高的问题,提出了类敏感图神经网络(class-sensitive graph neural network,CS-GNN),一种新型的函数级真实世界漏洞检测方法.该方法基于代码属性图(code property graph,CPG)和异构图Transformer(heterogeneous graph transformer,HGT),有效提升了漏洞检测的能力和可靠性,以保护消费者数字生态系统的安全.HGT用于接收和学习代码生成的CPG上丰富的语义信息和语句间的关联信息,可以很好地学习到漏洞代码的相关特征.此外,还添加了一个新型的卷积池化模块,用于更好地进行样本特征区分.实验结果表明,CS-GNN实现了更好的检测准确度、精确度、召回率和F1得分,在同样的数据集上,将最先进的基于深度学习的方法提高了 13.21%~153.75%.
CS-GNN:A class-sensitive graph neural network for real-world vulnerability detection
Most current deep learning-based vulnerability detection methods struggle with detecting imbalanced real-world vulnerabilities in Industrial 5.0 systems,often resulting in high false-positive rates due to insufficient utilization of program control flow information.To address this issue,this paper proposes a class-sensitive graph neural network(CS-GNN),a novel function-level vulnerability detection method for real-world scenarios.The method leverages a code property graph(CPG)and a heterogeneous graph transformer(HGT)to enhance the detection capability and reliability,thereby protec-ting the security of the consumer digital ecosystem.The HGT is used to capture and learn rich semantic information and the relationships between statements within the CPG generated from the code,enabling it to effectively learn vulnerability-relat-ed features.Additionally,a novel convolutional pooling module is introduced to improve feature distinction among samples.Experimental results show that CS-GNN achieves superior detection accuracy,precision,recall,and Fl score,outperfor-ming state-of-the-art deep learning methods by 13.21%to 153.75%on the same dataset.

industry 5.0consumer digital ecosystemsvulnerability detectiongraph neural networkheterogeneous graph

范春、瞿治国、王保卫、孙乐

展开 >

南京信息工程大学计算机学院,南京,210044

工业5.0 消费者数字生态系统 漏洞检测 图神经网络 异构图

国家自然科学基金面上项目国家自然科学基金面上项目网络与交换技术国家重点实验室开放基金项目(北京邮电大学)江苏省高等学校优势学科建设(PAPD)江苏省大气环境与装备技术协同创新中心(CICAEET)江苏省大气环境与装备技术协同创新中心(CICAEET)Priority Academic Program Development of Jiangsu Higher Education Institutions(PAPD)Collaborative Innovation Center of Atmospheric Environment and Equipment Technology(CICAEET)

6137313162071240SKLNST-2020-l-176137313162071240

2024

10.3979/j.issn.1673-825X.202311220389

重庆邮电大学学报(自然科学版)
重庆邮电大学

重庆邮电大学学报(自然科学版)

CSTPCD北大核心
影响因子:0.66
ISSN:1673-825X
年,卷(期):2024.36(5)