A multitype software buffer overflow vulnerability prediction method based on a software graph structure and a self-attentive graph neural network

•A method for predicting buffer overflow vulnerabilities in multiple types of software is proposed.•A software vulnerability feature set called GSVFset is proposed.•A vulnerability feature update mechanism based on self-attentive graph neural network is designed. Buffer overflow vulnerabilities are...

Full description

Saved in:
Bibliographic Details
Published in:Information and software technology Vol. 160; p. 107246
Main Authors: Zheng, Zhangqi, Liu, Yongshan, Zhang, Bing, Liu, Xinqian, He, Hongyan, Gong, Xiang
Format: Journal Article
Language:English
Published: Elsevier B.V 01.08.2023
Subjects:
Graph neural networks
Multitype buffer overflow vulnerability
Self-attentive
Software graph structure
Software graph structure
Graph neural networks
Multitype buffer overflow vulnerability
Self-attentive
ISSN:0950-5849, 1873-6025
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract •A method for predicting buffer overflow vulnerabilities in multiple types of software is proposed.•A software vulnerability feature set called GSVFset is proposed.•A vulnerability feature update mechanism based on self-attentive graph neural network is designed. Buffer overflow vulnerabilities are one of the most common and dangerous software vulnerabilities; however, the complexity of software code makes predicting buffer overflow vulnerabilities in software challenging. To accurately predict multiple types of software buffer overflow vulnerabilities, this paper proposes a multitype software buffer overflow vulnerability prediction method called MSVAGraph that is based on the graph structure of software and a self-attentive graph neural network. First, by analyzing software buffer overflow type vulnerabilities, a vulnerability feature set GSVFset extraction method based on graph structure is proposed to act as the software's basic unit. Second, a self-attentive pooling mechanism is used to design a vulnerability feature update mechanism based on a self-attentive graph neural network to transform the graph structure of the vulnerability feature set GSVFset into a feature vector representation. Finally, based on the updated GSVFset feature vector, a time-recursive-based neural network is designed to construct a prediction method for multitype software buffer overflow vulnerabilities. The method proposed in this paper validates executable programs of four types of buffer overflow vulnerabilities in the Juliet dataset using precision, accuracy, recall and F1 value as evaluation metrics. The prediction results have higher values after introducing the self-attentive pooling mechanism. The proposed MSVAGraph achieves high precision, accuracy, recall and F1 value, and can better preserve the network topology and node content information of graphs in the software's graph structure.
AbstractList •A method for predicting buffer overflow vulnerabilities in multiple types of software is proposed.•A software vulnerability feature set called GSVFset is proposed.•A vulnerability feature update mechanism based on self-attentive graph neural network is designed. Buffer overflow vulnerabilities are one of the most common and dangerous software vulnerabilities; however, the complexity of software code makes predicting buffer overflow vulnerabilities in software challenging. To accurately predict multiple types of software buffer overflow vulnerabilities, this paper proposes a multitype software buffer overflow vulnerability prediction method called MSVAGraph that is based on the graph structure of software and a self-attentive graph neural network. First, by analyzing software buffer overflow type vulnerabilities, a vulnerability feature set GSVFset extraction method based on graph structure is proposed to act as the software's basic unit. Second, a self-attentive pooling mechanism is used to design a vulnerability feature update mechanism based on a self-attentive graph neural network to transform the graph structure of the vulnerability feature set GSVFset into a feature vector representation. Finally, based on the updated GSVFset feature vector, a time-recursive-based neural network is designed to construct a prediction method for multitype software buffer overflow vulnerabilities. The method proposed in this paper validates executable programs of four types of buffer overflow vulnerabilities in the Juliet dataset using precision, accuracy, recall and F1 value as evaluation metrics. The prediction results have higher values after introducing the self-attentive pooling mechanism. The proposed MSVAGraph achieves high precision, accuracy, recall and F1 value, and can better preserve the network topology and node content information of graphs in the software's graph structure.
ArticleNumber 107246
Author He, Hongyan
Gong, Xiang
Liu, Yongshan
Zhang, Bing
Liu, Xinqian
Zheng, Zhangqi
Author_xml – sequence: 1
  givenname: Zhangqi
  surname: Zheng
  fullname: Zheng, Zhangqi
  organization: School of Information Science and Engineering, Yanshan University, Qinhuangdao, Hebei China
– sequence: 2
  givenname: Yongshan
  surname: Liu
  fullname: Liu, Yongshan
  email: 451499304@qq.com
  organization: School of Information Science and Engineering, Yanshan University, Qinhuangdao, Hebei China
– sequence: 3
  givenname: Bing
  orcidid: 0000-0002-9867-8439
  surname: Zhang
  fullname: Zhang, Bing
  organization: School of Information Science and Engineering, Yanshan University, Qinhuangdao, Hebei China
– sequence: 4
  givenname: Xinqian
  surname: Liu
  fullname: Liu, Xinqian
  organization: School of Computer Science and Technology, Shandong University of Technology, Zibo, 255000, China
– sequence: 5
  givenname: Hongyan
  surname: He
  fullname: He, Hongyan
  organization: School of Information Science and Engineering, Yanshan University, Qinhuangdao, Hebei China
– sequence: 6
  givenname: Xiang
  surname: Gong
  fullname: Gong, Xiang
  organization: Hebei University of Environmental Engineering, Qinhuangdao 066102,China
BookMark eNqFkMtKAzEYhYMoWC9v4CIvMDWZmWYSF0IRbyC4cR8yyR-bOk1KkmnxNXxiU6oILnR1-C_nwPlO0KEPHhC6oGRKCWWXy6nzNgU7rUndlFVXt-wATSjvmoqRenaIJkTMSDXjrThGJyktCaEdacgEfczxahyyy-9rwCUib1UE3I_WQsRhA9EOYYs34-Ahqt4N5RGvIxinswseryAvgsG9SmBwmdVPxmtU6wVOOY46j2VW3uzOMNhK5Qw-u833k4cxqqFI3ob4doaOrBoSnH_pKXq5u325eaienu8fb-ZPlW4Iy5WxnOuaUcF1J3rbMc4NJVbwmemNbepOgxbGKsGga1UjhCHUsLYhhgnLSXOKrvaxOoaUIlipXVa7VjkqN0hK5A6uXMo9XLmDK_dwi7n9ZV5Ht1Lx_T_b9d4GpdfGQZRJO_C68IygszTB_R3wCeSQnQw
CitedBy_id crossref_primary_10_1145_3699711
crossref_primary_10_1007_s11227_025_07605_z
Cites_doi 10.26599/TST.2019.9010068
10.1109/TSE.2021.3087402
10.1002/tee.23467
10.18653/v1/N18-1202
10.1109/ACCESS.2020.3034766
10.1109/TII.2019.2942800
10.1016/j.ins.2020.11.053
10.1145/2507288.2507312
10.1016/j.jnca.2021.103009
10.1109/TIFS.2020.3047756
10.1007/s11859-019-1380-z
10.1109/JPROC.2020.2993293
10.1109/ACCESS.2020.3016774
ContentType Journal Article
Copyright 2023 Elsevier B.V.
Copyright_xml – notice: 2023 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.infsof.2023.107246
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Business
EISSN 1873-6025
ExternalDocumentID 10_1016_j_infsof_2023_107246
S0950584923001003
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1~.
1~5
29I
4.4
457
4G.
5GY
5VS
7-5
71M
77K
8P~
9JN
AABNK
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
AAYOK
ABBOA
ABFNM
ABFRF
ABJNI
ABMAC
ABTAH
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACGOD
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADJOM
ADMUD
AEBSH
AEFWE
AEKER
AENEX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-Q
G8K
GBLVA
GBOLZ
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
ROL
RPZ
SBC
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TWZ
UHS
UNMZH
WH7
WUQ
XFK
ZY4
~G-
77I
9DU
AATTM
AAXKI
AAYWO
AAYXX
ABDPE
ABWVN
ACLOT
ACRPL
ACVFH
ADCNI
ADNMO
AEIPS
AEUPX
AFJKZ
AFPUW
AGQPQ
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
CITATION
EFKBS
~HD
ID FETCH-LOGICAL-c306t-df88c26198c79bf7688d10f985dbdf327cec9dfa96e74a399d01d6430d69f803
ISICitedReferencesCount 3
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000997597900001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0950-5849
IngestDate Tue Nov 18 21:54:59 EST 2025
Sat Nov 29 07:04:41 EST 2025
Fri Feb 23 02:38:30 EST 2024
IsPeerReviewed true
IsScholarly true
Keywords Software graph structure
Graph neural networks
Multitype buffer overflow vulnerability
Self-attentive
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c306t-df88c26198c79bf7688d10f985dbdf327cec9dfa96e74a399d01d6430d69f803
ORCID 0000-0002-9867-8439
ParticipantIDs crossref_citationtrail_10_1016_j_infsof_2023_107246
crossref_primary_10_1016_j_infsof_2023_107246
elsevier_sciencedirect_doi_10_1016_j_infsof_2023_107246
PublicationCentury 2000
PublicationDate August 2023
2023-08-00
PublicationDateYYYYMMDD 2023-08-01
PublicationDate_xml – month: 08
  year: 2023
  text: August 2023
PublicationDecade 2020
PublicationTitle Information and software technology
PublicationYear 2023
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Peerzada, Kumar (bib0023) 2021
Li (bib0058) 2012
Zhang, Xu (bib0057) 2021
Zeng, Lin, Pan, Tai, Zhang (bib0024) 2020; 8
Croft, Xie, Babar (bib0007) 2022
Graves (bib0056) 2012
T.N. Kipf, and M. Welling, “Semi-supervised classification with graph convolutional networks,” 10.48550/arXiv.1609.02907. 2016.
Williams, Barranco, Naim, Dey, Hossain, Akbar (bib0017) 2020; 92
Huang, Wang, Yang, Su, Nie, Xin (bib0014) 2019; 56
M. Peters, M. Neumann, M. Lyyer, M. Gardner, and L. Zettlemoyer, “Deep contextualized word representations,” 2018.
Wang, Liu, Tan (bib0025) 2016
Yan, Li, Wu, Zhou (bib0009) 2021; 16
Zhou, Chen, Liu, Ackah-Arthur, Chen, Zhang, Zeng (bib0035) 2019; 24
Ren, Zheng, Liu, Wei, Yan (bib0003) 2019
Scarselli, M, Tsoi, Hagenbuchner, Monfardini (bib0036) 2009
Bilgin, Ersoy, Soykan, Tomur, Çomak, Karaçay (bib0016) 2020; 8
Liu, Dibaei, Tai, Chen, Zhang, Xiang (bib0028) 2020; 16
Luo, Bo, Kun, Lou (bib0020) 2020
Han (bib0002) 2008
.
Tang, Meng, Wang, Ren, Wang, Yang, Can (bib0018) 2021
Yamaguchi, Golde, Arp, Rieck (bib0045) 2014
Hu, Chen, Zhang, Liu, Bao, Ackah-Arthur, Zhang (bib0034) 2020; 25
Li, Zou, Xu, Ou, Jin, Wang, Deng, Zhong (bib0027) 2018
Ghaffarian, Shahriari (bib0038) 2021; 553
Mikolov, Corrado, Kai, Dean (bib0055) 2013
Tamura, Yamada (bib0019) 2021
Wang, Ye, Tang, Tan, Huang, Fang, Feng, Bian, Wang (bib0043) 2020; 16
Pennington, Socher, Manning (bib0052) 2014
Lin, Wu, Wu, Liu, Zeng, Tan (bib0012) 2019
Wu, Yin, Du, Jia, Dong (bib0010) 2020
Lin, Wen, Han, Zhang, Y (bib0029) 2020; 108
Cao, Sun, Bo, Wei, Li (bib0040) 2021; 136
Li, Yang, Wang (bib0001) 2017
Thomas, Reps (bib0044) 1998
Han, Wu, Xin (bib0013) 2016
Mikolov, Corrado, Kai, Dean (bib0051) 2013
Zhang (bib0008) 2019
Korpi, Koskinen (bib0048) 2007
Hanif, Nasir, Razak, Firdaus, Anuar (bib0006) 2021
Cui, Hao, Jiao, Fei, Yun (bib0033) 2021; 16
Z. Li, D. Zou, S. Xu, Z. Chen, and H. Jin, “VulDeeLocator: a deep learning-based fine-grained vulnerability detector,” 2020.
Pavitdeep, Singh, Satwinder, Singh, Jatinder, and Kaur, “Tool for generating code metrics for C# source code using abstract syntax tree technique,” Software Engineering Notes Acm Sigsoft, 2013.
Yang, Cheng, Zeng, Lang, Zhu, Shi (bib0021) 2021
Zhou, Liu, Siow, Du, Liu (bib0039) 2019
Rozi, Ban S. Ozawa, Kim, Takahashi, Inoue (bib0041) 2021
Lee, Lee, Kang (bib0050) 2019
Li, Gu, Sun, Lin, Yue, Guo, Hu, Wang, Zhang (bib0030) 2021; 1558
Choi, Jeong, Oh, Choo (bib0026) 2017
Krinke, Breu (bib0047) 2004
Zhou J., Cui G., Zhang Z., et al. “Graph neural networks: a review of methods and applications,”, 10.48550/arXiv.1812.08434[P]. 2018.
Vaswani, Shazeer, Parmar, Uszkoreit. L. Jones, Gomez, Kaiser, Polosuknin (bib0054) 2017
Zeng, Nie, Chen, Li, Du, Shi (bib0032) 2020
Hin, Kan, Chen, Babar (bib0022) 2022
Zheng, Jiang, Su (bib0042) 2021
Zhang, Liu, Wang, Ruan, Fang (bib0015) 2019
Chakraborty, Krishna, Ding, Ray (bib0031) 2022; 48
Pereira (bib0011) 2020
Graves (10.1016/j.infsof.2023.107246_bib0056) 2012
Croft (10.1016/j.infsof.2023.107246_bib0007) 2022
Liu (10.1016/j.infsof.2023.107246_bib0028) 2020; 16
Wu (10.1016/j.infsof.2023.107246_bib0010) 2020
Thomas (10.1016/j.infsof.2023.107246_bib0044) 1998
Rozi (10.1016/j.infsof.2023.107246_bib0041) 2021
Pereira (10.1016/j.infsof.2023.107246_bib0011) 2020
Luo (10.1016/j.infsof.2023.107246_bib0020) 2020
10.1016/j.infsof.2023.107246_bib0053
Yang (10.1016/j.infsof.2023.107246_bib0021) 2021
Hanif (10.1016/j.infsof.2023.107246_bib0006) 2021
Han (10.1016/j.infsof.2023.107246_bib0002) 2008
Zhang (10.1016/j.infsof.2023.107246_bib0057) 2021
Williams (10.1016/j.infsof.2023.107246_bib0017) 2020; 92
Pennington (10.1016/j.infsof.2023.107246_bib0052) 2014
Lin (10.1016/j.infsof.2023.107246_bib0029) 2020; 108
Li (10.1016/j.infsof.2023.107246_bib0001) 2017
Zhang (10.1016/j.infsof.2023.107246_bib0015) 2019
Korpi (10.1016/j.infsof.2023.107246_bib0048) 2007
Peerzada (10.1016/j.infsof.2023.107246_bib0023) 2021
Hin (10.1016/j.infsof.2023.107246_bib0022) 2022
10.1016/j.infsof.2023.107246_bib0046
10.1016/j.infsof.2023.107246_bib0005
Hu (10.1016/j.infsof.2023.107246_bib0034) 2020; 25
10.1016/j.infsof.2023.107246_bib0049
10.1016/j.infsof.2023.107246_bib0004
Ghaffarian (10.1016/j.infsof.2023.107246_bib0038) 2021; 553
Wang (10.1016/j.infsof.2023.107246_bib0025) 2016
Ren (10.1016/j.infsof.2023.107246_bib0003) 2019
Bilgin (10.1016/j.infsof.2023.107246_bib0016) 2020; 8
Yan (10.1016/j.infsof.2023.107246_bib0009) 2021; 16
Chakraborty (10.1016/j.infsof.2023.107246_bib0031) 2022; 48
Cui (10.1016/j.infsof.2023.107246_bib0033) 2021; 16
Yamaguchi (10.1016/j.infsof.2023.107246_bib0045) 2014
Krinke (10.1016/j.infsof.2023.107246_bib0047) 2004
10.1016/j.infsof.2023.107246_bib0037
Tamura (10.1016/j.infsof.2023.107246_bib0019) 2021
Zeng (10.1016/j.infsof.2023.107246_bib0024) 2020; 8
Zhou (10.1016/j.infsof.2023.107246_bib0035) 2019; 24
Tang (10.1016/j.infsof.2023.107246_bib0018) 2021
Scarselli (10.1016/j.infsof.2023.107246_bib0036) 2009
Mikolov (10.1016/j.infsof.2023.107246_bib0051) 2013
Huang (10.1016/j.infsof.2023.107246_bib0014) 2019; 56
Li (10.1016/j.infsof.2023.107246_bib0027) 2018
Zheng (10.1016/j.infsof.2023.107246_bib0042) 2021
Lin (10.1016/j.infsof.2023.107246_bib0012) 2019
Han (10.1016/j.infsof.2023.107246_bib0013) 2016
Wang (10.1016/j.infsof.2023.107246_bib0043) 2020; 16
Vaswani (10.1016/j.infsof.2023.107246_bib0054) 2017
Zeng (10.1016/j.infsof.2023.107246_bib0032) 2020
Choi (10.1016/j.infsof.2023.107246_bib0026) 2017
Cao (10.1016/j.infsof.2023.107246_bib0040) 2021; 136
Zhang (10.1016/j.infsof.2023.107246_bib0008) 2019
Mikolov (10.1016/j.infsof.2023.107246_bib0055) 2013
Li (10.1016/j.infsof.2023.107246_bib0030) 2021; 1558
Lee (10.1016/j.infsof.2023.107246_bib0050) 2019
Li (10.1016/j.infsof.2023.107246_bib0058) 2012
Zhou (10.1016/j.infsof.2023.107246_bib0039) 2019
References_xml – reference: Zhou J., Cui G., Zhang Z., et al. “Graph neural networks: a review of methods and applications,”, 10.48550/arXiv.1812.08434[P]. 2018.
– start-page: 38
  year: 2020
  end-page: 45
  ident: bib0010
  article-title: Graph-based vulnerability detection via extracting features from sliced code
  publication-title: Proceedings of 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion
– volume: 16
  start-page: 1943
  year: 2020
  end-page: 1958
  ident: bib0043
  article-title: Combining graph-based learning with automated data collection for code vulnerability detection
  publication-title: IEEE Trans. Inf. Forensics Security
– volume: 108
  start-page: 1825
  year: 2020
  end-page: 1848
  ident: bib0029
  article-title: Software vulnerability detection using deep neural networks: a survey
  publication-title: Proc. IEEE
– year: 2019
  ident: bib0012
  article-title: A survey of the key technology of software vulnerability mining
  publication-title: Proceedings of 2018 International Symposium on Power Electronics and Control Engineering
– reference: T.N. Kipf, and M. Welling, “Semi-supervised classification with graph convolutional networks,” 10.48550/arXiv.1609.02907. 2016.
– year: 2009
  ident: bib0036
  article-title: The graph neural network model
  publication-title: IEEE Trans. Neural Netw.
– volume: 8
  start-page: 197158
  year: 2020
  end-page: 197172
  ident: bib0024
  article-title: Software vulnerability analysis and discovery using deep learning techniques: a survey
  publication-title: IEEE Access
– volume: 92
  start-page: 1
  year: 2020
  end-page: 43
  ident: bib0017
  article-title: A vulnerability analysis and prediction framework
  publication-title: Comput. Security
– volume: 25
  start-page: 604
  year: 2020
  end-page: 613
  ident: bib0034
  article-title: A memory-related vulnerability detection approach based on vulnerability features
  publication-title: Tsinghua Sci. Technol.
– start-page: 1546
  year: 2017
  end-page: 1553
  ident: bib0026
  article-title: End-to-End prediction of buffer overruns from raw source code via neural memory networks
  publication-title: Proceedings of the 26th International Joint Conference on Artificial Intelligence
– year: 2008
  ident: bib0002
  article-title: Vulnerability exploitation of buffer overflow in windows environment
  publication-title: Comput. Dev. Appl.
– volume: 1558
  start-page: 342
  year: 2021
  end-page: 351
  ident: bib0030
  article-title: A review of data representation methods for vulnerability mining using deep learning
  publication-title: Commun. Comput. Inf. Sci.
– start-page: 224
  year: 2021
  end-page: 236
  ident: bib0021
  article-title: Asteria: deep learning-based AST-encoding for cross-platform binary code similarity detection
  publication-title: Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks
– start-page: 1
  year: 2021
  end-page: 4
  ident: bib0023
  article-title: Analyzing software vulnerabilities using machine learning
  publication-title: Proceedings of the 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions)
– reference: Pavitdeep, Singh, Satwinder, Singh, Jatinder, and Kaur, “Tool for generating code metrics for C# source code using abstract syntax tree technique,” Software Engineering Notes Acm Sigsoft, 2013.
– volume: 136
  start-page: 1
  year: 2021
  end-page: 11
  ident: bib0040
  article-title: BGNN4VD: constructing bidirectional graph neural-network for vulnerability detection
  publication-title: Inf. Softw. Technol.
– year: 2017
  ident: bib0054
  article-title: Attention is all you need
  publication-title: Proceedings of the 31st Conference on Neural Information Processing Systems
– year: 2019
  ident: bib0050
  article-title: Self-attentive graph pooling
  publication-title: Proceedings of the 36 International Conference on Machine Learning
– start-page: 114
  year: 2016
  end-page: 123
  ident: bib0013
  article-title: A return-value-unchecked vulnerability detection method based on property graph
  publication-title: Proceedings of 2016 International Conference on Intelligent and Interactive Systems and Applications
– year: 2004
  ident: bib0047
  article-title: Control-flow-graph-based aspect mining
  publication-title: Workshop On Aspect Reverse Engineering
– volume: 16
  start-page: 1635
  year: 2021
  end-page: 1641
  ident: bib0009
  article-title: DFlow: a data flow analysis tool for C/C++
  publication-title: IEEJ Trans. Electr. Electron. Eng.
– year: 2022
  ident: bib0007
  article-title: Data preparation for software vulnerability prediction: a systematic literature review
  publication-title: IEEE Trans. Softw. En.
– volume: 56
  start-page: 2299
  year: 2019
  end-page: 2314
  ident: bib0014
  article-title: Automatic software vulnerability discovery and exploit under the limited resource conditions
  publication-title: J. Comput. Res. Dev.
– year: 2017
  ident: bib0001
  article-title: Study of the buffer overflow vulnerability prevention of software systems
  publication-title: Chinese High Technology Letters
– start-page: 669
  year: 2021
  end-page: 680
  ident: bib0041
  article-title: JStrack: enriching malicious JavaScript detection based on AST graph analysis and attentive mechanism
  publication-title: Proceedings of the 28th International Conference on Neural Information Processing
– start-page: 1
  year: 2021
  end-page: 8
  ident: bib0018
  article-title: A comparative study of neural network techniques for automatic software vulnerability detection
  publication-title: Proceedings of 2020 International Symposium on Theoretical Aspects of Software Engineering
– start-page: 1
  year: 2018
  end-page: 15
  ident: bib0027
  article-title: VulDeePecker: a deep learning-based system for vulnerability detection
  publication-title: Proceedings of 2018 Network and Distributed Systems Security (NDSS) Symposium
– start-page: 701
  year: 1998
  end-page: 726
  ident: bib0044
  article-title: Program Analysis Via Graph Reachability
– start-page: 1
  year: 2013
  end-page: 12
  ident: bib0051
  article-title: Efficient Estimation of word representation in vector space
  publication-title: Proceedings of 2013 International Conference on Learning
– reference: M. Peters, M. Neumann, M. Lyyer, M. Gardner, and L. Zettlemoyer, “Deep contextualized word representations,” 2018.
– volume: 24
  start-page: 149
  year: 2019
  end-page: 160
  ident: bib0035
  article-title: A method for software vulnerability detection based on improved control flow graph
  publication-title: Wuhan Univ. J. Nat. Sci.
– start-page: 1532
  year: 2014
  end-page: 1543
  ident: bib0052
  article-title: Glove: global vectors for word representation
  publication-title: Proceedings of 2014 Conference on Empirical Methods in Natural Language Processing
– start-page: 1664
  year: 2020
  end-page: 1671
  ident: bib0032
  article-title: An efficient vulnerability extrapolation using similarity of graph kernel of PDGs
  publication-title: Proceedings of 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications
– year: 2012
  ident: bib0056
  article-title: Long Short-Term Memory
– start-page: 1
  year: 2019
  end-page: 13
  ident: bib0003
  article-title: A Buffer Overflow Prediction Approach Based on Software Metrics and Machine Learning
– start-page: 596
  year: 2022
  end-page: 607
  ident: bib0022
  article-title: LineVD: statement-level vulnerability detection using graph neural networks
  publication-title: Proceedings of 2022 IEEE/ACM 19th International Conference on Mining Software Repositories
– year: 2021
  ident: bib0006
  article-title: The rise of software vulnerability: taxonomy of software vulnerabilities detection and machine learning approaches
  publication-title: J. Netw. Comput. Appl.
– start-page: 590
  year: 2014
  end-page: 604
  ident: bib0045
  article-title: Modeling and discovering vulnerabilities with code property graphs
  publication-title: Proceedings of 2014 IEEE Symposium on Security and Privacy
– volume: 553
  start-page: 189
  year: 2021
  end-page: 207
  ident: bib0038
  article-title: Neural software vulnerability analysis using rich intermediate graph representations of programs
  publication-title: Inf. Sci. (Ny)
– year: 2007
  ident: bib0048
  article-title: Supporting Impact Analysis By Program Dependence Graph Based Forward Slicing
– year: 2021
  ident: bib0057
  article-title: Performance comparisons of Bi-LSTM and Bi-GRU networks in Chinese word segmentation
  publication-title: Proceedings of the 5th International Conference on Deep Learning Technologies
– start-page: 46
  year: 2019
  end-page: 53
  ident: bib0015
  article-title: AutoDE: automated vulnerability discovery and exploitation
  publication-title: Proceedings of 2019 IEEE Fourth International Conference on Data Science in Cyberspace
– volume: 48
  start-page: 3280
  year: 2022
  end-page: 3296
  ident: bib0031
  article-title: Deep learning based vulnerability detection: are we there yet?
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 1
  year: 2020
  end-page: 6
  ident: bib0020
  article-title: Study on software vulnerability features and Its Identification Method
  publication-title: Math. Probl. Eng.
– reference: Z. Li, D. Zou, S. Xu, Z. Chen, and H. Jin, “VulDeeLocator: a deep learning-based fine-grained vulnerability detector,” 2020.
– start-page: 1
  year: 2019
  end-page: 71
  ident: bib0008
  article-title: A Detection Approach For Buffer Overflow Vulnerability Based On Data Control Flow Graph
– reference: .
– volume: 16
  start-page: 2004
  year: 2021
  end-page: 2017
  ident: bib0033
  article-title: VulDetector: detecting vulnerabilities using weighted feature graph comparison
  publication-title: IEEE Trans. Inf. Forensics Security
– start-page: 457
  year: 2021
  end-page: 467
  ident: bib0042
  article-title: VulSPG: vulnerability detection based on slice property graph representation learning
  publication-title: Proceedings of the32nd International Symposium on Software Reliability Engineering
– year: 2012
  ident: bib0058
  article-title: Statistical Learning Method [M]
– volume: 8
  start-page: 150672
  year: 2020
  end-page: 150684
  ident: bib0016
  article-title: Vulnerability prediction from source code using machine learning
  publication-title: IEEE Access
– start-page: 123
  year: 2020
  end-page: 126
  ident: bib0011
  article-title: Techniques and tools for advanced software vulnerability detection
  publication-title: Proceedings of 2020 IEEE International Symposium on Software Reliability Engineering Workshops
– start-page: 10197
  year: 2019
  end-page: 10207
  ident: bib0039
  article-title: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks
  publication-title: Proceedings of the 33rd Neural Information Processing Systems. Neural Information Processing Systems
– volume: 16
  start-page: 2154
  year: 2020
  end-page: 2163
  ident: bib0028
  article-title: Cyber vulnerability intelligence for internet of things binary
  publication-title: IEEE Trans. Ind. Inf.
– start-page: 297
  year: 2016
  end-page: 308
  ident: bib0025
  article-title: Automatically learning semantic features for defect prediction
  publication-title: Proceedings of 2016 IEEE/ACM 38th International Conference on Software Engineering
– start-page: 161
  year: 2021
  end-page: 178
  ident: bib0019
  article-title: A Method of Vulnerability Analysis Based On Deep Learning For Open Source Software
– year: 2013
  ident: bib0055
  article-title: BERT: pre-training of deep bidirectional transformers for language understanding
  publication-title: Proceedings of 2013 International Conference on Learning Representations
– start-page: 46
  year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0015
  article-title: AutoDE: automated vulnerability discovery and exploitation
– start-page: 596
  year: 2022
  ident: 10.1016/j.infsof.2023.107246_bib0022
  article-title: LineVD: statement-level vulnerability detection using graph neural networks
– volume: 25
  start-page: 604
  issue: 5
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0034
  article-title: A memory-related vulnerability detection approach based on vulnerability features
  publication-title: Tsinghua Sci. Technol.
  doi: 10.26599/TST.2019.9010068
– volume: 92
  start-page: 1
  issue: 101751
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0017
  article-title: A vulnerability analysis and prediction framework
  publication-title: Comput. Security
– start-page: 590
  year: 2014
  ident: 10.1016/j.infsof.2023.107246_bib0045
  article-title: Modeling and discovering vulnerabilities with code property graphs
– year: 2004
  ident: 10.1016/j.infsof.2023.107246_bib0047
  article-title: Control-flow-graph-based aspect mining
– year: 2007
  ident: 10.1016/j.infsof.2023.107246_bib0048
– start-page: 1
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0018
  article-title: A comparative study of neural network techniques for automatic software vulnerability detection
– start-page: 224
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0021
  article-title: Asteria: deep learning-based AST-encoding for cross-platform binary code similarity detection
– year: 2022
  ident: 10.1016/j.infsof.2023.107246_bib0007
  article-title: Data preparation for software vulnerability prediction: a systematic literature review
  publication-title: IEEE Trans. Softw. En.
– volume: 56
  start-page: 2299
  issue: 11
  year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0014
  article-title: Automatic software vulnerability discovery and exploit under the limited resource conditions
  publication-title: J. Comput. Res. Dev.
– year: 2013
  ident: 10.1016/j.infsof.2023.107246_bib0055
  article-title: BERT: pre-training of deep bidirectional transformers for language understanding
– ident: 10.1016/j.infsof.2023.107246_bib0049
– year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0012
  article-title: A survey of the key technology of software vulnerability mining
– start-page: 1
  year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0003
– start-page: 1
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0023
  article-title: Analyzing software vulnerabilities using machine learning
– start-page: 123
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0011
  article-title: Techniques and tools for advanced software vulnerability detection
– volume: 48
  start-page: 3280
  issue: 9
  year: 2022
  ident: 10.1016/j.infsof.2023.107246_bib0031
  article-title: Deep learning based vulnerability detection: are we there yet?
  publication-title: IEEE Trans. Softw. Eng.
  doi: 10.1109/TSE.2021.3087402
– volume: 16
  start-page: 1943
  issue: 99
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0043
  article-title: Combining graph-based learning with automated data collection for code vulnerability detection
  publication-title: IEEE Trans. Inf. Forensics Security
– start-page: 161
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0019
– year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0050
  article-title: Self-attentive graph pooling
– volume: 16
  start-page: 1635
  issue: 12
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0009
  article-title: DFlow: a data flow analysis tool for C/C++
  publication-title: IEEJ Trans. Electr. Electron. Eng.
  doi: 10.1002/tee.23467
– ident: 10.1016/j.infsof.2023.107246_bib0053
  doi: 10.18653/v1/N18-1202
– start-page: 114
  year: 2016
  ident: 10.1016/j.infsof.2023.107246_bib0013
  article-title: A return-value-unchecked vulnerability detection method based on property graph
– start-page: 701
  year: 1998
  ident: 10.1016/j.infsof.2023.107246_bib0044
– volume: 8
  start-page: 197158
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0024
  article-title: Software vulnerability analysis and discovery using deep learning techniques: a survey
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2020.3034766
– start-page: 1
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0020
  article-title: Study on software vulnerability features and Its Identification Method
  publication-title: Math. Probl. Eng.
– volume: 16
  start-page: 2154
  issue: 3
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0028
  article-title: Cyber vulnerability intelligence for internet of things binary
  publication-title: IEEE Trans. Ind. Inf.
  doi: 10.1109/TII.2019.2942800
– year: 2017
  ident: 10.1016/j.infsof.2023.107246_bib0001
  article-title: Study of the buffer overflow vulnerability prevention of software systems
– ident: 10.1016/j.infsof.2023.107246_bib0037
– volume: 553
  start-page: 189
  issue: 5
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0038
  article-title: Neural software vulnerability analysis using rich intermediate graph representations of programs
  publication-title: Inf. Sci. (Ny)
  doi: 10.1016/j.ins.2020.11.053
– start-page: 297
  year: 2016
  ident: 10.1016/j.infsof.2023.107246_bib0025
  article-title: Automatically learning semantic features for defect prediction
– start-page: 38
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0010
  article-title: Graph-based vulnerability detection via extracting features from sliced code
– ident: 10.1016/j.infsof.2023.107246_bib0046
  doi: 10.1145/2507288.2507312
– volume: 1558
  start-page: 342
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0030
  article-title: A review of data representation methods for vulnerability mining using deep learning
  publication-title: Commun. Comput. Inf. Sci.
– year: 2008
  ident: 10.1016/j.infsof.2023.107246_bib0002
  article-title: Vulnerability exploitation of buffer overflow in windows environment
  publication-title: Comput. Dev. Appl.
– ident: 10.1016/j.infsof.2023.107246_bib0005
– year: 2012
  ident: 10.1016/j.infsof.2023.107246_bib0056
– year: 2012
  ident: 10.1016/j.infsof.2023.107246_bib0058
– year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0006
  article-title: The rise of software vulnerability: taxonomy of software vulnerabilities detection and machine learning approaches
  publication-title: J. Netw. Comput. Appl.
  doi: 10.1016/j.jnca.2021.103009
– year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0057
  article-title: Performance comparisons of Bi-LSTM and Bi-GRU networks in Chinese word segmentation
– volume: 136
  start-page: 1
  issue: 1
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0040
  article-title: BGNN4VD: constructing bidirectional graph neural-network for vulnerability detection
  publication-title: Inf. Softw. Technol.
– start-page: 1664
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0032
  article-title: An efficient vulnerability extrapolation using similarity of graph kernel of PDGs
– start-page: 457
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0042
  article-title: VulSPG: vulnerability detection based on slice property graph representation learning
– volume: 16
  start-page: 2004
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0033
  article-title: VulDetector: detecting vulnerabilities using weighted feature graph comparison
  publication-title: IEEE Trans. Inf. Forensics Security
  doi: 10.1109/TIFS.2020.3047756
– start-page: 1
  year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0008
– start-page: 1546
  year: 2017
  ident: 10.1016/j.infsof.2023.107246_bib0026
  article-title: End-to-End prediction of buffer overruns from raw source code via neural memory networks
– volume: 24
  start-page: 149
  issue: 2
  year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0035
  article-title: A method for software vulnerability detection based on improved control flow graph
  publication-title: Wuhan Univ. J. Nat. Sci.
  doi: 10.1007/s11859-019-1380-z
– start-page: 10197
  year: 2019
  ident: 10.1016/j.infsof.2023.107246_bib0039
  article-title: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks
– year: 2017
  ident: 10.1016/j.infsof.2023.107246_bib0054
  article-title: Attention is all you need
– start-page: 1
  year: 2013
  ident: 10.1016/j.infsof.2023.107246_bib0051
  article-title: Efficient Estimation of word representation in vector space
– start-page: 1
  year: 2018
  ident: 10.1016/j.infsof.2023.107246_bib0027
  article-title: VulDeePecker: a deep learning-based system for vulnerability detection
– ident: 10.1016/j.infsof.2023.107246_bib0004
– volume: 108
  start-page: 1825
  issue: 10
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0029
  article-title: Software vulnerability detection using deep neural networks: a survey
  publication-title: Proc. IEEE
  doi: 10.1109/JPROC.2020.2993293
– year: 2009
  ident: 10.1016/j.infsof.2023.107246_bib0036
  article-title: The graph neural network model
  publication-title: IEEE Trans. Neural Netw.
– start-page: 669
  year: 2021
  ident: 10.1016/j.infsof.2023.107246_bib0041
  article-title: JStrack: enriching malicious JavaScript detection based on AST graph analysis and attentive mechanism
– start-page: 1532
  year: 2014
  ident: 10.1016/j.infsof.2023.107246_bib0052
  article-title: Glove: global vectors for word representation
– volume: 8
  start-page: 150672
  issue: 99
  year: 2020
  ident: 10.1016/j.infsof.2023.107246_bib0016
  article-title: Vulnerability prediction from source code using machine learning
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2020.3016774
SSID ssj0017030
Score 2.3888206
Snippet •A method for predicting buffer overflow vulnerabilities in multiple types of software is proposed.•A software vulnerability feature set called GSVFset is...
SourceID crossref
elsevier
SourceType Enrichment Source
Index Database
Publisher
StartPage 107246
SubjectTerms Graph neural networks
Multitype buffer overflow vulnerability
Self-attentive
Software graph structure
Title A multitype software buffer overflow vulnerability prediction method based on a software graph structure and a self-attentive graph neural network
URI https://dx.doi.org/10.1016/j.infsof.2023.107246
Volume 160
WOSCitedRecordID wos000997597900001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  customDbUrl:
  eissn: 1873-6025
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0017030
  issn: 0950-5849
  databaseCode: AIEXJ
  dateStart: 19950101
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lb9QwELZWLUJcEE9RXvKB28rISTaxc9yiIkCoQmKFVlyixI5pqijbdh8tf6P_hH_I2GMnLYt4SVyi3cSP7H5fxjOTmTEhL0xaC1h2IqZqmbFJJisGdlbEhMl1BbLBcOfM-fReHB7K-Tz_MBp9C7kwm1Z0nby4yE_-K9RwDsC2qbN_AXc_KJyAzwA6HAF2OP4R8FMMEnS-1SUI2XMb21Wt7T4oYxuvadrF-Xizbm25aRcZ-9UWCtAN7hmOO0qP7eKm7YuEchjD1bYeY8HZ8NoBLtetYbZIZ-eCkLCRrZIJ2HcYY35VAfbpT6sQBd2Pvtry8X8-qlEQOaf2adPHDjVrt3Asui_Lo4Hcvet7P6zGQ9t5052G58C7OOKkD7Dzfret3BvvwOQM1CcUuDWKbykSlnFMpe7lO25YsLVWoNvi2Bo48Ftf2onhpIgnP5Tmdov9RzudnQ1MNjBhbX3Z3VikOQjS3enbg_m7_tWVFaFY4BFvL-RruqDC7bl-rg9d0XFmd8htb5zQKZLqLhnV3T1yM-RG3CeXU9pziwbkKHKLBm7Ra9yiA7cocos6blH4Xg5jONrQnlsUqGEvX-OWb4Tcop5bD8js9cHs1RvmN_VgCqzTFdNGSmXNdqlEXhmwdqWOuMllqittklioWuXalHlWi0kJ6rPmkQa1messN5InD8lOt-jqR4Smia4ML0FjjdOJSnOpueF6IqBLlCiu90gS_tlC-YL3dt-VtgiRjccF4lFYPArEY4-wvtcJFnz5TXsRQCu80orKaAE8-2XPx__c8wm5NTwmT8kOgFM_IzfUZtUsz557Qn4HUIfHYQ
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+multitype+software+buffer+overflow+vulnerability+prediction+method+based+on+a+software+graph+structure+and+a+self-attentive+graph+neural+network&rft.jtitle=Information+and+software+technology&rft.au=Zheng%2C+Zhangqi&rft.au=Liu%2C+Yongshan&rft.au=Zhang%2C+Bing&rft.au=Liu%2C+Xinqian&rft.date=2023-08-01&rft.pub=Elsevier+B.V&rft.issn=0950-5849&rft.eissn=1873-6025&rft.volume=160&rft_id=info:doi/10.1016%2Fj.infsof.2023.107246&rft.externalDocID=S0950584923001003
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0950-5849&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0950-5849&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0950-5849&client=summon