Cross Domain Vulnerability Detection using Graph Contrastive Learning
Keywords: Graph Learning, Vulnerability Detection, Contrastive Learning, Cross Domain Control Property Graph, Augmentation
TL;DR: We have proposed a new graph dataset for the first time to detect vulnerabilities in source and binary level codes and then used contrastive learning for dealing with labeling.
Abstract: To overcome the difficulty of finding good-quality labeled data in domains such as vulnerability detection, Self--Supervised Learning (SSL) methods such as Contrastive Learning (CL) algorithms were developed. We evaluate the performance of one such state-of-the-art CL method, GraphCL, that trains on our graph dataset generated from code repositories of six widely used C/C++ applications. We also propose a custom graph type having a new structure that combines both code-level and binary-level CPG graphs. This is because, even though existing graph types such as AST, CFG and CPG are effective in detecting vulnerabilities in the source code, it is ineffective in detecting the ones that only occur in the binary-level. Hence, to detect those vulnerabilities, we propose a new graph type, Cross Domain Control Property Graph (CDCPG). We perform extensive experiments, using different augmentation techniques and loss functions to show that our custom graph type, CDCPG, performs better than other graph types in many scenarios.
9 Replies
Loading