Go to ICLR 2022 Conference homepageReGVD: Revisiting Graph Neural Networks for Vulnerability Detection
Keywords: Vulnerability Detection, Cyber Security, Graph Neural Networks, Programming Language
Abstract: Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. Inspired by the successful applications of pre-trained programming language models such as CodeBERT and graph neural networks (GNNs) for natural language processing, we propose ReGVD, a general and novel graph neural network-based model for vulnerability detection. In particular, ReGVD views a given source code as a flat sequence of tokens and then examines two effective methods of utilizing unique tokens and indexes respectively to construct a single graph as an input, wherein node features are initialized only by the embedding layer of a pre-trained PL model. Next, ReGVD leverages a practical advantage of residual connection among GNN layers and explores a beneficial mixture of graph-level sum and max poolings to return a graph embedding for the given source code. Experimental results demonstrate that ReGVD outperforms the existing state-of-the-art models and obtain the highest accuracy on the real-world benchmark dataset from CodeXGLUE for vulnerability detection.
Community Implementations: [ 2 code implementations](https://www.catalyzex.com/paper/regvd-revisiting-graph-neural-networks-for/code)
5 Replies
Loading