SpringerLink
Log in

Software Vulnerability Detection Using an Enhanced Generalization Strategy

  • Conference paper
  • First Online:
Dependable Software Engineering. Theories, Tools, and Applications (SETTA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14464))

  • 331 Accesses

Abstract

Detecting vulnerabilities in software is crucial for preventing cybersecurity attacks, and current machine learning-based methods rely on large amounts of labeled data to train detection models. On the one hand, a major assumption is that the training and test data follow an identical distribution. However, vulnerabilities in different software projects may exhibit various distributions due to their application scenarios, coding habits, and other factors. On the other hand, when detecting vulnerabilities in new projects, it is time-consuming to retrain and test the models. Especially for new projects being developed, it has few or no instances of vulnerabilities. Therefore, how to leverage previous learning experience to learn new projects faster is important. To address these issues, we propose VulGML, a vulnerability detection approach using graph embedding and meta-learning. The goal is to establish a model with enhanced generalization, so that the model trained on multiple known projects can detect vulnerabilities in new projects. To further illustrate the strong generalization of VulGML, we also choose multiple known vulnerability types to train the meta-learning model and a new vulnerability type for vulnerability detection. Experimental results show that VulGML outperforms the state-of-the-art methods by 6.44–39.61% in detecting new projects, achieves an accuracy higher than 77.80% when detecting vulnerabilities in new vulnerability types, and its modules have greatly improved detection performance, demonstrating that VulGML is potentially valuable in practical usage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 60.98
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 79.17
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cao, S., Sun, X., Bo, L., Wei, Y., Li, B.: BGNN4VD: constructing bidirectional graph neural-network for vulnerability detection. Inf. Softw. Technol. 136, 106576 (2021)

    Article  Google Scholar 

  2. Chakraborty, S., Krishna, R., Ding, Y., Ray, B.: Deep learning based vulnerability detection: are we there yet. IEEE Trans. Softw. Eng. (2021)

    Google Scholar 

  3. CVEDetails. https://www.cvedetails.com/

  4. Dey, R., Salem, F.M.: Gate-variants of gated recurrent unit (GRU) neural networks. In: 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 1597–1600. IEEE (2017)

    Google Scholar 

  5. Dharma, E.M., Gaol, F.L., Warnars, H., Soewito, B.: The accuracy comparison among word2vec, glove, and fasttext towards convolution neural network (CNN) text classification. J. Theor. Appl. Inf. Technol. 100(2), 31 (2022)

    Google Scholar 

  6. Dowd, M., McDonald, J., Schuh, J.: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Pearson Education (2006)

    Google Scholar 

  7. Guo, W., Fang, Y., Huang, C., Ou, H., Lin, C., Guo, Y.: HyVulDect: a hybrid semantic vulnerability mining system based on graph neural network. Comput. Secur. 102823 (2022)

    Google Scholar 

  8. Hu, Z., Dong, Y., Wang, K., Chang, K.W., Sun, Y.: GPT-GNN: generative pre-training of graph neural networks. In: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 1857–1867 (2020)

    Google Scholar 

  9. Li, X., **n, Y., Zhu, H., Yang, Y., Chen, Y.: Cross-domain vulnerability detection using graph embedding and domain adaptation. Comput. Secur. 125, 103017 (2023)

    Article  Google Scholar 

  10. Li, Z., Zou, D., Xu, S., **, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secure Comput. 19(4), 2244–2258 (2021)

    Article  Google Scholar 

  11. Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. ar**v preprint ar**v:1801.01681 (2018)

  12. Liu, S., et al.: CD-VulD: cross-domain vulnerability discovery based on deep domain adaptation. IEEE Trans. Dependable Secure Comput. 19(1), 438–451 (2020)

    Article  Google Scholar 

  13. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. ar**v preprint ar**v:1301.3781 (2013)

  14. Nam, J., Pan, S.J., Kim, S.: Transfer defect learning. In: 2013 35th International Conference on Software Engineering (ICSE), pp. 382–391. IEEE (2013)

    Google Scholar 

  15. Nguyen, V.A., Nguyen, D.Q., Nguyen, V., Le, T., Tran, Q.H., Phung, D.: ReGVD: revisiting graph neural networks for vulnerability detection. In: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings, pp. 178–182 (2022)

    Google Scholar 

  16. NVD. https://nvd.nist.gov/

  17. Wang, H., et al.: Combining graph-based learning with automated data collection for code vulnerability detection. IEEE Trans. Inf. Forensics Secur. 16, 1943–1958 (2020)

    Article  Google Scholar 

  18. Wartschinski, L., Noller, Y., Vogel, T., Kehrer, T., Grunske, L.: VUDENC: vulnerability detection with deep learning on a natural codebase for Python. Inf. Softw. Technol. 144, 106809 (2022)

    Article  Google Scholar 

  19. Wu, Y., Zou, D., Dou, S., Yang, W., Xu, D., **, H.: VulCNN: an image-inspired scalable vulnerability detection system. In: Proceedings of the 44th International Conference on Software Engineering, pp. 2365–2376 (2022)

    Google Scholar 

  20. Xu, Y., et al.: A unified framework for metric transfer learning. IEEE Trans. Knowl. Data Eng. 29(6), 1158–1171 (2017)

    Article  Google Scholar 

  21. Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: 2014 IEEE Symposium on Security and Privacy, pp. 590–604. IEEE (2014)

    Google Scholar 

  22. Zha, D., Lai, K.H., Wan, M., Hu, X.: Meta-AAD: active anomaly detection with deep reinforcement learning. In: 2020 IEEE International Conference on Data Mining (ICDM), pp. 771–780. IEEE (2020)

    Google Scholar 

  23. Zhang, L., et al.: CBGRU: a detection method of smart contract vulnerability based on a hybrid model. Sensors 22(9), 3577 (2022)

    Article  Google Scholar 

  24. Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Advances in Neural Information Processing Systems, vol. 32 (2019)

    Google Scholar 

Download references

Acknowledgement

This work is supported by the National Natural Science Foundation of China under Grant 61972392, Grant 62072453 and Grant 62202462.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Bei**g, China

    Hao Sun, Yang **ao & Hongsong Zhu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Bei**g, China

    Hao Sun

  3. Institute of Security, China Academy of Information and Communications Technology, Bei**g, China

    Zhe Bu & Chengsheng Zhou

  4. Zhongguancun Laboratory, Bei**g, China

    Zhiyu Hao

Authors
  1. Hao Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhe Bu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang **ao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chengsheng Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhiyu Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hongsong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hongsong Zhu .

Editor information

Editors and Affiliations

  1. Saarland University, Saarbrücken, Germany

    Holger Hermanns

  2. Singapore Management University, Singapore, Singapore

    Jun Sun

  3. Nan**g University, Nan**g, China

    Lei Bu

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sun, H., Bu, Z., **ao, Y., Zhou, C., Hao, Z., Zhu, H. (2024). Software Vulnerability Detection Using an Enhanced Generalization Strategy. In: Hermanns, H., Sun, J., Bu, L. (eds) Dependable Software Engineering. Theories, Tools, and Applications. SETTA 2023. Lecture Notes in Computer Science, vol 14464. Springer, Singapore. https://doi.org/10.1007/978-981-99-8664-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-8664-4_13

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-8663-7

  • Online ISBN: 978-981-99-8664-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation