ACGVD: Vulnerability Detection Based on Comprehensive Graph via Graph Neural Network with Attention

Vulnerability is one of the main causes of network intrusion. An effective way to mitigate security threats is to find and repair vulnerabilities as soon as possible. Traditional vulnerability detection methods are limited by expert knowledge. Existing deep learning-based methods neglect the connection between semantic graphs and cannot effectively deal with the structure information. Graph neural network brings new insight into vulnerability detection. However, benign nodes on the graph account for a large proportion, resulting in vulnerability information could be disturbed by them. To address the limitations of existing vulnerability detection approaches, in this paper, we propose ACGVD, a vulnerability detection method by constructing a graph network with attention. We first combine multiple semantic graphs together to form a more comprehensive graph. We then adopt the Graph neural network instead of the sequence-based model to automatically analyze the comprehensive graph. In order to solve the problem that the vulnerability information could be covered up, we add a double-level attention mechanism to the graph model. We also add a novel classification layer to extract the high-level features of the code. To make the experiment more realistic, the model is trained over the latest published real-world dataset. The experiment results demonstrate that compared with state-of-the-art methods, our model ACGVD achieves 5.01%, 13.89%, and 8.27% improvement in accuracy, recall and F1-score, respectively.