Suitable is the Best: Task-Oriented Knowledge Fusion in Vulnerability Detection

Jingjing Wang; Minhuan Huang; Yuanping Nie; Xiang Li; Qianjin Du; Wei Kong; Huan Deng; Xiaohui Kuang

Suitable is the Best: Task-Oriented Knowledge Fusion in Vulnerability Detection

Jingjing Wang, Minhuan Huang, Yuanping Nie, Xiang Li, Qianjin Du, Wei Kong, Huan Deng, Xiaohui Kuang

Published: 25 Sept 2024, Last Modified: 06 Nov 2024NeurIPS 2024 posterEveryoneRevisionsBibTeXCC BY-NC 4.0

Keywords: deep learning, Graph Neural Networks, vulnerability detection, static analysis, software security, knowledge fusion

TL;DR: We propose KF-GVD, a knowledge fusion-based GNN model for task-oriented source code vulnerability detection.

Abstract: Deep learning technologies have demonstrated remarkable performance in vulnerability detection. Existing works primarily adopt a uniform and consistent feature learning pattern across the entire target set. While designed for general-purpose detection tasks, they lack sensitivity towards target code comprising multiple functional modules or diverse vulnerability subtypes. In this paper, we present a knowledge fusion-based vulnerability detection method (KF-GVD) that integrates specific vulnerability knowledge into the Graph Neural Network feature learning process. KF-GVD achieves accurate vulnerability detection across different functional modules of the Linux kernel and vulnerability subtypes without compromising general task performance. Extensive experiments demonstrate that KF-GVD outperforms SOTAs on function-level and statement-level vulnerability detection across various target tasks, with an average increase of 40.9% in precision and 26.1% in recall. Notably, KF-GVD discovered 9 undisclosed vulnerabilities when employing on C/C++ open-source projects without ground truth.

Supplementary Material: zip

Primary Area: Machine learning for other sciences and fields

Submission Number: 10296

Loading