Vulnerability Detection in C/C++ Source Code With Graph Representation Learning

An open challenge in software vulnerability detection is how to identify potential vulnerabilities of source code at a fine-grained level automatically. This paper proposes an approach to automate vulnerability detection in source code at the software function level based on graph representation learning without the efforts of security experts. The proposed approach firstly represents software functions as Simplified Code Property Graphs (SCPG), which can conserve syntactic and semantic information of source code while keeping itself small enough for computing. It then utilizes graph neural network and multi layer perceptrons to learn graph representations and extract features automatically, saving efforts of feature engineering. The comparison experiments demonstrate the effectiveness of the proposed approach.