Code Property Graph based Vulnerability Type Identification with Fusion Representation
Abstract: Deep learning-based vulnerability detection methods have become one of the mainstream methods of vulnerability detection. The vulnerability type information is of great value in helping vulnerability location and vulnerability remediation. This paper proposes a framework for Vulnerability Type Identification based on Code Property Graph with Fusion Representation. First, this paper uses code property graph information. Code property graph(CPG) is a joint data structure that combines Abstract Syntax Trees(AST), Control Flow Graphs (CFG), and Program Dependency Graphs (PDG). We encode CPG information. Secondly, we use Convolutional neural network combined with Recurrent Neural Network(CNN-RNN) and Attention-Based Bidirectional Gate Recurrent Unit (Att-BiGRU) to extract AST and CFG combined with PDG information. We fuse the extracted features to obtain an effective representation. And then, we perform multi-classification to derive the predicted value of the vulnerability type. Finally, we use 59 vulnerabilities with third-level CWE-ID for evaluation. The experiments show that this paper’s code property graph information can better represent the type information of vulnerabilities. Compared with the classical RNNs, our model in this paper has a more accurate identification effect.
Loading