BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection
Previous studies have shown that existing deep learning-based approaches can significantly improve the performance of vulnerability detection. They represent code in various forms and mine vulnerability features with deep learning models. However, the differences of code representation forms and dee...
Gespeichert in:
| Veröffentlicht in: | Information and software technology Jg. 136; S. 106576 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Elsevier B.V
01.08.2021
|
| Schlagworte: | |
| ISSN: | 0950-5849, 1873-6025 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Previous studies have shown that existing deep learning-based approaches can significantly improve the performance of vulnerability detection. They represent code in various forms and mine vulnerability features with deep learning models. However, the differences of code representation forms and deep learning models make various approaches still have some limitations. In practice, their false-positive rate (FPR) and false-negative rate (FNR) are still high.
To address the limitations of existing deep learning-based vulnerability detection approaches, we propose BGNN4VD (Bidirectional Graph Neural Network for Vulnerability Detection), a vulnerability detection approach by constructing a Bidirectional Graph Neural-Network (BGNN).
In Phase 1, we extract the syntax and semantic information of source code through abstract syntax tree (AST), control flow graph (CFG), and data flow graph (DFG). Then in Phase 2, we use vectorized source code as input to Bidirectional Graph Neural-Network (BGNN). In Phase 3, we learn the different features between vulnerable code and non-vulnerable code by introducing backward edges on the basis of traditional Graph Neural-Network (GNN). Finally in Phase 4, a Convolutional Neural-Network (CNN) is used to further extract features and detect vulnerabilities through a classifier.
We evaluate BGNN4VD on four popular C/C++ projects from NVD and GitHub, and compare it with four state-of-the-art (Flawfinder, RATS, SySeVR, and VUDDY) vulnerab ility detection approaches. Experiment results show that, when compared these baselines, BGNN4VD achieves 4.9%, 11.0%, and 8.4% improvement in F1-measure, accuracy and precision, respectively.
The proposed BGNN4VD achieves a higher precision and accuracy than the state-of-the-art methods. In addition, when applied on the latest vulnerabilities reported by CVE, BGNN4VD can still achieve a precision at 45.1%, which demonstrates the feasibility of BGNN4VD in practical application. |
|---|---|
| AbstractList | Previous studies have shown that existing deep learning-based approaches can significantly improve the performance of vulnerability detection. They represent code in various forms and mine vulnerability features with deep learning models. However, the differences of code representation forms and deep learning models make various approaches still have some limitations. In practice, their false-positive rate (FPR) and false-negative rate (FNR) are still high.
To address the limitations of existing deep learning-based vulnerability detection approaches, we propose BGNN4VD (Bidirectional Graph Neural Network for Vulnerability Detection), a vulnerability detection approach by constructing a Bidirectional Graph Neural-Network (BGNN).
In Phase 1, we extract the syntax and semantic information of source code through abstract syntax tree (AST), control flow graph (CFG), and data flow graph (DFG). Then in Phase 2, we use vectorized source code as input to Bidirectional Graph Neural-Network (BGNN). In Phase 3, we learn the different features between vulnerable code and non-vulnerable code by introducing backward edges on the basis of traditional Graph Neural-Network (GNN). Finally in Phase 4, a Convolutional Neural-Network (CNN) is used to further extract features and detect vulnerabilities through a classifier.
We evaluate BGNN4VD on four popular C/C++ projects from NVD and GitHub, and compare it with four state-of-the-art (Flawfinder, RATS, SySeVR, and VUDDY) vulnerab ility detection approaches. Experiment results show that, when compared these baselines, BGNN4VD achieves 4.9%, 11.0%, and 8.4% improvement in F1-measure, accuracy and precision, respectively.
The proposed BGNN4VD achieves a higher precision and accuracy than the state-of-the-art methods. In addition, when applied on the latest vulnerabilities reported by CVE, BGNN4VD can still achieve a precision at 45.1%, which demonstrates the feasibility of BGNN4VD in practical application. |
| ArticleNumber | 106576 |
| Author | Wei, Ying Li, Bin Sun, Xiaobing Bo, Lili Cao, Sicong |
| Author_xml | – sequence: 1 givenname: Sicong surname: Cao fullname: Cao, Sicong organization: School of Information Engineering, Yangzhou University, Yangzhou, China – sequence: 2 givenname: Xiaobing orcidid: 0000-0001-5165-5080 surname: Sun fullname: Sun, Xiaobing email: xbsun@yzu.edu.cn organization: School of Information Engineering, Yangzhou University, Yangzhou, China – sequence: 3 givenname: Lili surname: Bo fullname: Bo, Lili organization: School of Information Engineering, Yangzhou University, Yangzhou, China – sequence: 4 givenname: Ying surname: Wei fullname: Wei, Ying organization: School of Information Engineering, Yangzhou University, Yangzhou, China – sequence: 5 givenname: Bin surname: Li fullname: Li, Bin email: lb@yzu.edu.cn organization: School of Information Engineering, Yangzhou University, Yangzhou, China |
| BookMark | eNqFkMtOwzAQRS1UJNrCH7DID6SM83CSLpBoCwWpCpvSreU4Y3AJdmW7oP49rcKKBazmaqRzNXNGZGCsQUKuKUwoUHaznWijvFWTBBJ6XLG8YGdkSMsijRkk-YAMocohzsusuiAj77cAtIAUhmQ9W9Z1tllMo7k1Pri9DNq8RjPdaofHbI3ooqUTu7eoxr0TXVxj-LLuPVLWRZt9Z9CJRnc6HKIFhh65JOdKdB6vfuaYvDzcr-eP8ep5-TS_W8UyBRZiZFXZVAKgkBLLsmUsU2WKaYN5nsoqqxKa0SaHiuWQFa1AkUloEqUEolLYpmMy7Xuls947VFzqIE4XBCd0xynwkx--5b0ffvLDez9HOPsF75z-EO7wH3bbY3h87FOj415qNBJ7Yby1-u-CbxgYhQE |
| CitedBy_id | crossref_primary_10_1109_TSE_2023_3285910 crossref_primary_10_1016_j_cose_2023_103341 crossref_primary_10_1016_j_infsof_2025_107826 crossref_primary_10_1145_3721977 crossref_primary_10_1016_j_cose_2023_103501 crossref_primary_10_1186_s13638_023_02242_7 crossref_primary_10_1007_s10664_023_10319_6 crossref_primary_10_1145_3699711 crossref_primary_10_1145_3694782 crossref_primary_10_3390_aerospace10050465 crossref_primary_10_3390_e24050651 crossref_primary_10_1109_JIOT_2023_3294496 crossref_primary_10_1002_smr_2508 crossref_primary_10_1145_3712190 crossref_primary_10_3390_s22093577 crossref_primary_10_1016_j_cose_2025_104548 crossref_primary_10_1155_2022_4875859 crossref_primary_10_1016_j_future_2024_107671 crossref_primary_10_1016_j_cose_2022_102823 crossref_primary_10_1016_j_cose_2024_103992 crossref_primary_10_1016_j_jss_2024_112031 crossref_primary_10_1016_j_cose_2024_103994 crossref_primary_10_1002_smr_70026 crossref_primary_10_1016_j_jss_2025_112459 crossref_primary_10_1016_j_jss_2024_112038 crossref_primary_10_1016_j_infsof_2023_107168 crossref_primary_10_1016_j_infsof_2024_107544 crossref_primary_10_32604_cmc_2023_029135 crossref_primary_10_1145_3763230 crossref_primary_10_1109_ACCESS_2022_3191115 crossref_primary_10_1016_j_infsof_2025_107722 crossref_primary_10_1016_j_jss_2023_111775 crossref_primary_10_1109_ACCESS_2024_3467180 crossref_primary_10_1016_j_infsof_2023_107371 crossref_primary_10_3390_app15126524 crossref_primary_10_1016_j_cose_2024_103930 crossref_primary_10_1016_j_infsof_2025_107739 crossref_primary_10_32604_cmc_2024_049310 crossref_primary_10_1109_TII_2024_3413305 crossref_primary_10_1109_MC_2022_3228924 crossref_primary_10_1007_s00521_022_08046_y crossref_primary_10_1016_j_cose_2022_102915 crossref_primary_10_1049_sfw2_12066 crossref_primary_10_1109_TR_2023_3319318 crossref_primary_10_1016_j_infsof_2024_107566 crossref_primary_10_1016_j_scico_2024_103156 crossref_primary_10_1016_j_jss_2023_111706 crossref_primary_10_1088_1674_1056_acb9fa crossref_primary_10_1109_ACCESS_2023_3338162 crossref_primary_10_1016_j_jss_2023_111705 crossref_primary_10_1016_j_cose_2024_103787 crossref_primary_10_1016_j_future_2024_107504 crossref_primary_10_1007_s00500_022_07777_3 crossref_primary_10_1109_ACCESS_2024_3378533 crossref_primary_10_1109_ACCESS_2023_3309850 crossref_primary_10_1007_s10664_022_10216_4 crossref_primary_10_1016_j_ins_2024_121370 crossref_primary_10_1016_j_cose_2025_104350 crossref_primary_10_3390_electronics11091334 crossref_primary_10_1016_j_jss_2023_111832 crossref_primary_10_32604_cmc_2024_050281 crossref_primary_10_1109_TSE_2022_3147265 crossref_primary_10_1155_2022_1919907 crossref_primary_10_3390_s25061816 crossref_primary_10_3390_math12101447 crossref_primary_10_26634_jse_17_4_19813 crossref_primary_10_1093_comjnl_bxaf094 crossref_primary_10_1145_3624744 crossref_primary_10_1016_j_infsof_2024_107581 crossref_primary_10_1145_3640333 crossref_primary_10_1016_j_cose_2024_104139 crossref_primary_10_1016_j_infsof_2024_107406 crossref_primary_10_1007_s10515_025_00532_6 crossref_primary_10_3390_jcp1040035 crossref_primary_10_1016_j_cose_2024_104098 crossref_primary_10_1016_j_jss_2025_112581 crossref_primary_10_1155_2021_9997641 crossref_primary_10_1016_j_asoc_2025_113057 crossref_primary_10_3390_electronics13245007 crossref_primary_10_1109_TKDE_2023_3333371 crossref_primary_10_1016_j_infsof_2025_107893 crossref_primary_10_1142_S0218194025500408 crossref_primary_10_1007_s13042_023_01824_7 crossref_primary_10_1016_j_infsof_2024_107517 crossref_primary_10_1016_j_cose_2024_103732 crossref_primary_10_1016_j_infsof_2023_107219 crossref_primary_10_1016_j_hcc_2024_100268 crossref_primary_10_1109_ACCESS_2022_3216395 crossref_primary_10_1186_s42400_024_00245_5 crossref_primary_10_1016_j_jss_2025_112595 crossref_primary_10_1109_JIOT_2024_3381641 crossref_primary_10_1016_j_cose_2024_104024 crossref_primary_10_3390_s24217089 crossref_primary_10_3103_S0146411623080126 crossref_primary_10_1016_j_eswa_2023_121865 crossref_primary_10_1007_s42979_025_03777_w crossref_primary_10_1109_MITP_2023_3284628 |
| Cites_doi | 10.1109/TSE.2005.112 10.1007/s10664-016-9447-3 10.1109/TSE.2011.103 10.1145/3276517 10.1016/j.jss.2020.110659 10.1016/j.jss.2020.110538 10.1007/s11432-017-9459-5 10.1016/j.infsof.2013.02.009 10.1109/TSE.2017.2659751 10.1109/TSE.2010.81 10.1016/j.infsof.2019.07.003 10.1007/s10664-018-9661-2 |
| ContentType | Journal Article |
| Copyright | 2021 |
| Copyright_xml | – notice: 2021 |
| DBID | AAYXX CITATION |
| DOI | 10.1016/j.infsof.2021.106576 |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Business |
| EISSN | 1873-6025 |
| ExternalDocumentID | 10_1016_j_infsof_2021_106576 S0950584921000586 |
| GroupedDBID | --K --M -~X .DC .~1 0R~ 1B1 1~. 1~5 29I 4.4 457 4G. 5GY 5VS 7-5 71M 77K 8P~ 9JN AABNK AACTN AAEDT AAEDW AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AAXUO AAYFN AAYOK ABBOA ABFNM ABFRF ABJNI ABMAC ABTAH ABXDB ABYKQ ACDAQ ACGFO ACGFS ACGOD ACNNM ACRLP ACZNC ADBBV ADEZE ADJOM ADMUD AEBSH AEFWE AEKER AENEX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIKHN AITUG AJBFU AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD ASPBG AVWKF AXJTR AZFZN BKOJK BKOMP BLXMC CS3 DU5 EBS EFJIC EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-Q G8K GBLVA GBOLZ HLZ HVGLF HZ~ IHE J1W KOM LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. PQQKQ Q38 R2- RIG ROL RPZ SBC SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TWZ UHS UNMZH WH7 WUQ XFK ZY4 ~G- 77I 9DU AATTM AAXKI AAYWO AAYXX ABDPE ABWVN ACLOT ACRPL ACVFH ADCNI ADNMO AEIPS AEUPX AFJKZ AFPUW AGQPQ AIGII AIIUN AKBMS AKRWK AKYEP ANKPU APXCP CITATION EFKBS ~HD |
| ID | FETCH-LOGICAL-c306t-e698b9a007cce88d664f83e3be553c9492141b50965047daea4c0b2ffaeeffed3 |
| ISICitedReferencesCount | 152 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000655363900005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 0950-5849 |
| IngestDate | Tue Nov 18 22:45:15 EST 2025 Sat Nov 29 07:06:23 EST 2025 Fri Feb 23 02:42:37 EST 2024 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Keywords | Bidirectional Graph Neural-Network Code representation Vulnerability detection |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c306t-e698b9a007cce88d664f83e3be553c9492141b50965047daea4c0b2ffaeeffed3 |
| ORCID | 0000-0001-5165-5080 |
| ParticipantIDs | crossref_citationtrail_10_1016_j_infsof_2021_106576 crossref_primary_10_1016_j_infsof_2021_106576 elsevier_sciencedirect_doi_10_1016_j_infsof_2021_106576 |
| PublicationCentury | 2000 |
| PublicationDate | August 2021 2021-08-00 |
| PublicationDateYYYYMMDD | 2021-08-01 |
| PublicationDate_xml | – month: 08 year: 2021 text: August 2021 |
| PublicationDecade | 2020 |
| PublicationTitle | Information and software technology |
| PublicationYear | 2021 |
| Publisher | Elsevier B.V |
| Publisher_xml | – name: Elsevier B.V |
| References | Gascon, Yamaguchi, Arp, Rieck (b36) 2013 Abadi, Barham, Chen, Chen, Davis, Dean, Devin, Ghemawat, Irving, Isard, Kudlur, Levenberg, Monga, Moore, Murray, Steiner, Tucker, Vasudevan, Warden, Wicke, Yu, Zheng (b38) 2016 Xu, Li, Deng, Chen (b14) 2018 Zhou, Sun, Xia, Li, Chen (b21) 2019; 114 Huang, Xia, Lo (b26) 2019; 24 Li, Zou, Xu, Ou, Jin, Wang, Deng, Zhong (b27) 2018 Munaiah, Camilo, Wigham, Meneely, Nagappan (b3) 2017; 22 Boudjema, Verlan, Mokdad, Faure (b11) 2020; 3 Yuan, Lu, Wang, Xue (b15) 2014 Dam, Tran, Pham, Ng, Grundy, Ghose (b31) 2017 Yi, Yang, Guo, Wang, Liu, Zhao (b12) 2018; 44 Gyimóthy, Ferenc, Siket (b22) 2005; 31 Zhang, Zheng, Zou, Hassan (b25) 2016 Zheng, Gao, Wu, Liu, Xun, Liu, Chen (b40) 2020; 168 Zhuang, Liu, Qian, Liu, Wang, He (b2) 2020 Xu, Xu, Chen, Song, Liu, Liu (b17) 2020 Zhang, Cui, Neumann, Chen (b41) 2018 Li, Zou, Xu, Jin, Zhu, Chen, Wang, Wang (b28) 2018 Radjenovic, Hericko, Torkar, Zivkovic (b24) 2013; 55 Shin, Meneely, Williams, Osborne (b6) 2011; 37 Ni, Li, Sun, Chen, Tang, Shi (b8) 2020; 163 Baxter, Yahin, de Moura, Sant’Anna, Bier (b34) 1998 Kipf, Welling (b37) 2017 Yamaguchi, Lottmann, Rieck (b7) 2012 Liu, Jin, Xu, Bu, Zou, Zhang (b18) 2019 Sun, Peng, Zhang, Liu, Cai (b1) 2019; 62 Guo, Li, Yin, Gao (b13) 2019; vol. 11999 Nam, Kim (b20) 2015 Wu, Wang, Liu, Wang (b29) 2017 Russell, Kim, Hamilton, Lazovich, Harer, Ozdemir, Ellingwood, McConley (b30) 2018 Li, Tarlow, Brockschmidt, Zemel (b33) 2016 Drozd, Wagner (b10) 2018 Xu, Chen, Chandramohan, Liu, Song (b19) 2017 Pradel, Sen (b42) 2018; 2 Kingma, Ba (b39) 2015 Kim, Woo, Lee, Oh (b5) 2017 Zhou, Liu, Siow, Du, Liu (b32) 2019 Sparks, Embleton, Cunningham, Zou (b35) 2007 Liu, Shen, Zhu, Niu, Li, Zhang (b16) 2020 Hall, Beecham, Bowes, Gray, Counsell (b23) 2012; 38 Younis, Malaiya, Anderson, Ray (b43) 2016 Jiang, Liu, Jiang, Zhang, Mei (b9) 2020 Du, Chen, Li, Guo, Zhou, Liu, Jiang (b4) 2019 Yuan (10.1016/j.infsof.2021.106576_b15) 2014 Sparks (10.1016/j.infsof.2021.106576_b35) 2007 Yi (10.1016/j.infsof.2021.106576_b12) 2018; 44 Li (10.1016/j.infsof.2021.106576_b33) 2016 Zhou (10.1016/j.infsof.2021.106576_b32) 2019 Xu (10.1016/j.infsof.2021.106576_b17) 2020 Ni (10.1016/j.infsof.2021.106576_b8) 2020; 163 Gyimóthy (10.1016/j.infsof.2021.106576_b22) 2005; 31 Gascon (10.1016/j.infsof.2021.106576_b36) 2013 Zheng (10.1016/j.infsof.2021.106576_b40) 2020; 168 Li (10.1016/j.infsof.2021.106576_b28) 2018 Younis (10.1016/j.infsof.2021.106576_b43) 2016 Abadi (10.1016/j.infsof.2021.106576_b38) 2016 Liu (10.1016/j.infsof.2021.106576_b16) 2020 Liu (10.1016/j.infsof.2021.106576_b18) 2019 Hall (10.1016/j.infsof.2021.106576_b23) 2012; 38 Zhang (10.1016/j.infsof.2021.106576_b25) 2016 Guo (10.1016/j.infsof.2021.106576_b13) 2019; vol. 11999 Shin (10.1016/j.infsof.2021.106576_b6) 2011; 37 Jiang (10.1016/j.infsof.2021.106576_b9) 2020 Zhuang (10.1016/j.infsof.2021.106576_b2) 2020 Drozd (10.1016/j.infsof.2021.106576_b10) 2018 Kingma (10.1016/j.infsof.2021.106576_b39) 2015 Yamaguchi (10.1016/j.infsof.2021.106576_b7) 2012 Zhou (10.1016/j.infsof.2021.106576_b21) 2019; 114 Boudjema (10.1016/j.infsof.2021.106576_b11) 2020; 3 Zhang (10.1016/j.infsof.2021.106576_b41) 2018 Dam (10.1016/j.infsof.2021.106576_b31) 2017 Kipf (10.1016/j.infsof.2021.106576_b37) 2017 Russell (10.1016/j.infsof.2021.106576_b30) 2018 Munaiah (10.1016/j.infsof.2021.106576_b3) 2017; 22 Li (10.1016/j.infsof.2021.106576_b27) 2018 Sun (10.1016/j.infsof.2021.106576_b1) 2019; 62 Pradel (10.1016/j.infsof.2021.106576_b42) 2018; 2 Huang (10.1016/j.infsof.2021.106576_b26) 2019; 24 Nam (10.1016/j.infsof.2021.106576_b20) 2015 Xu (10.1016/j.infsof.2021.106576_b19) 2017 Kim (10.1016/j.infsof.2021.106576_b5) 2017 Radjenovic (10.1016/j.infsof.2021.106576_b24) 2013; 55 Du (10.1016/j.infsof.2021.106576_b4) 2019 Wu (10.1016/j.infsof.2021.106576_b29) 2017 Xu (10.1016/j.infsof.2021.106576_b14) 2018 Baxter (10.1016/j.infsof.2021.106576_b34) 1998 |
| References_xml | – start-page: 1 year: 2020 ident: b16 article-title: Deep learning based program generation from requirements text: Are we there yet? publication-title: IEEE Trans. Softw. Eng. – start-page: 462 year: 2017 end-page: 472 ident: b19 article-title: SPAIN: security patch analysis for binaries towards understanding the pain and pills publication-title: Proceedings of the 39th International Conference on Software Engineering, ICSE 2017, Buenos Aires, Argentina, May 20-28, 2017 – start-page: 368 year: 1998 end-page: 377 ident: b34 article-title: Clone detection using abstract syntax trees publication-title: 1998 International Conference on Software Maintenance, ICSM 1998, Bethesda, Maryland, USA, November 16-19, 1998 – start-page: 1 year: 2019 ident: b18 article-title: Deep learning based code smell detection publication-title: IEEE Trans. Softw. Eng. – start-page: 595 year: 2017 end-page: 614 ident: b5 article-title: VUDDY: a scalable approach for vulnerable code clone discovery publication-title: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017 – volume: 114 start-page: 204 year: 2019 end-page: 216 ident: b21 article-title: Improving defect prediction with deep forest publication-title: Inf. Softw. Technol. – start-page: 473 year: 2018 end-page: 487 ident: b14 article-title: Deeprefiner: Multi-layer android malware detection system applying deep neural networks publication-title: 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, April 24-26, 2018 – volume: 2 start-page: 147:1 year: 2018 end-page: 147:25 ident: b42 article-title: Deepbugs: a learning approach to name-based bug detection publication-title: Proc. ACM Program. Lang. – start-page: 3283 year: 2020 end-page: 3290 ident: b2 article-title: Smart contract vulnerability detection using graph neural network publication-title: Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence, IJCAI 2020 – volume: 62 start-page: 19102:1 year: 2019 end-page: 19102:3 ident: b1 article-title: How security bugs are fixed and what can be improved: an empirical study with mozilla publication-title: Sci. China Inf. Sci. – volume: 31 start-page: 897 year: 2005 end-page: 910 ident: b22 article-title: Empirical validation of object-oriented metrics on open source software for fault prediction publication-title: IEEE Trans. Softw. Eng. – start-page: 477 year: 2007 end-page: 486 ident: b35 article-title: Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting publication-title: 23rd Annual Computer Security Applications Conference (ACSAC 2007), December 10-14, 2007, Miami Beach, Florida, USA – start-page: 265 year: 2016 end-page: 283 ident: b38 article-title: Tensorflow: A system for large-scale machine learning publication-title: 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Savannah, GA, USA, November 2-4, 2016 – volume: 168 year: 2020 ident: b40 article-title: The impact factors on the performance of machine learning-based vulnerability detection: A comparative study publication-title: J. Syst. Softw. – volume: 37 start-page: 772 year: 2011 end-page: 787 ident: b6 article-title: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities publication-title: IEEE Trans. Softw. Eng. – start-page: 4438 year: 2018 end-page: 4445 ident: b41 article-title: An end-to-end deep learning architecture for graph classification publication-title: Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence, (AAAI-18), the 30th Innovative Applications of Artificial Intelligence (IAAI-18), and the 8th AAAI Symposium on Educational Advances in Artificial Intelligence (EAAI-18), New Orleans, Louisiana, USA, February 2-7, 2018 – year: 2018 ident: b10 article-title: Fuzzergym: A competitive framework for fuzzing and learning – start-page: 1298 year: 2017 end-page: 1302 ident: b29 article-title: Vulnerability detection with deep learning publication-title: 2017 3rd IEEE International Conference on Computer and Communications (ICCC) – start-page: 757 year: 2018 end-page: 762 ident: b30 article-title: Automated vulnerability detection in source code using deep representation learning publication-title: 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018, Orlando, FL, USA, December 17-20, 2018 – volume: 55 start-page: 1397 year: 2013 end-page: 1418 ident: b24 article-title: Software fault prediction metrics: A systematic literature review publication-title: Inf. Softw. Technol. – volume: 22 start-page: 1305 year: 2017 end-page: 1347 ident: b3 article-title: Do bugs foreshadow vulnerabilities? An in-depth study of the chromium project publication-title: Empir. Softw. Eng. – volume: 3 year: 2020 ident: b11 article-title: VYPER: Vulnerability detection in binary code publication-title: Secur. Priv. – volume: 24 start-page: 2823 year: 2019 end-page: 2862 ident: b26 article-title: Revisiting supervised and unsupervised models for effort-aware just-in-time defect prediction publication-title: Empir. Softw. Eng. – start-page: 376 year: 2020 end-page: 387 ident: b17 article-title: Patch based vulnerability matching for binary programs publication-title: ISSTA ’20: 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, USA, July 18-22, 2020 – year: 2016 ident: b33 article-title: Gated graph sequence neural networks publication-title: 4th International Conference on Learning Representations, ICLR 2016, San Juan, Puerto Rico, May 2-4, 2016, Conference Track Proceedings – volume: 163 year: 2020 ident: b8 article-title: Analyzing bug fix for automatic bug cause classification publication-title: J. Syst. Softw. – volume: 38 start-page: 1276 year: 2012 end-page: 1304 ident: b23 article-title: A systematic literature review on fault prediction performance in software engineering publication-title: IEEE Trans. Softw. Eng. – start-page: 60 year: 2019 end-page: 71 ident: b4 article-title: Leopard: identifying vulnerable code for vulnerability assessment through program metrics publication-title: Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019 – volume: 44 start-page: 25 year: 2018 end-page: 43 ident: b12 article-title: Eliminating path redundancy via postconditioned symbolic execution publication-title: IEEE Trans. Softw. Eng. – volume: vol. 11999 start-page: 199 year: 2019 end-page: 218 ident: b13 article-title: Vulhunter: An automated vulnerability detection system based on deep learning and bytecode publication-title: Information and Communications Security - 21st International Conference, ICICS 2019, Beijing, China, December 15-17, 2019, Revised Selected Papers – year: 2018 ident: b27 article-title: Vuldeepecker: A deep learning-based system for vulnerability detection publication-title: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 – start-page: 1 year: 2020 ident: b9 article-title: Heuristic and neural network based prediction of project-specific api member access publication-title: IEEE Trans. Softw. Eng. – start-page: 371 year: 2014 end-page: 372 ident: b15 article-title: Droid-sec: deep learning in android malware detection publication-title: ACM SIGCOMM 2014 Conference, SIGCOMM’14, Chicago, IL, USA, August 17-22, 2014 – start-page: 45 year: 2013 end-page: 54 ident: b36 article-title: Structural detection of android malware using embedded call graphs publication-title: AISec’13, Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, Co-Located with CCS 2013, Berlin, Germany, November 4, 2013 – year: 2018 ident: b28 article-title: Sysevr: A framework for using deep learning to detect software vulnerabilities – year: 2017 ident: b31 article-title: Automatic feature learning for vulnerability prediction – year: 2017 ident: b37 article-title: Semi-supervised classification with graph convolutional networks publication-title: 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24-26, 2017, Conference Track Proceedings – start-page: 359 year: 2012 end-page: 368 ident: b7 article-title: Generalized vulnerability extrapolation using abstract syntax trees publication-title: 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3-7 December 2012 – start-page: 97 year: 2016 end-page: 104 ident: b43 article-title: To fear or not to fear that is the question: Code characteristics of a vulnerable functionwith an existing exploit publication-title: Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, CODASPY 2016, New Orleans, la, USA, March 9-11, 2016 – start-page: 10197 year: 2019 end-page: 10207 ident: b32 article-title: Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks publication-title: Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019, 8-14 December 2019, Vancouver, BC, Canada – start-page: 452 year: 2015 end-page: 463 ident: b20 article-title: CLAMI: Defect prediction on unlabeled datasets (T) publication-title: 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, Lincoln, NE, USA, November 9-13, 2015 – start-page: 309 year: 2016 end-page: 320 ident: b25 article-title: Cross-project defect prediction using a connectivity-based unsupervised classifier publication-title: Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 – year: 2015 ident: b39 article-title: Adam: A method for stochastic optimization publication-title: 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings – year: 2018 ident: 10.1016/j.infsof.2021.106576_b10 – start-page: 595 year: 2017 ident: 10.1016/j.infsof.2021.106576_b5 article-title: VUDDY: a scalable approach for vulnerable code clone discovery – start-page: 4438 year: 2018 ident: 10.1016/j.infsof.2021.106576_b41 article-title: An end-to-end deep learning architecture for graph classification – volume: 31 start-page: 897 issue: 10 year: 2005 ident: 10.1016/j.infsof.2021.106576_b22 article-title: Empirical validation of object-oriented metrics on open source software for fault prediction publication-title: IEEE Trans. Softw. Eng. doi: 10.1109/TSE.2005.112 – volume: 22 start-page: 1305 issue: 3 year: 2017 ident: 10.1016/j.infsof.2021.106576_b3 article-title: Do bugs foreshadow vulnerabilities? An in-depth study of the chromium project publication-title: Empir. Softw. Eng. doi: 10.1007/s10664-016-9447-3 – start-page: 1 year: 2019 ident: 10.1016/j.infsof.2021.106576_b18 article-title: Deep learning based code smell detection publication-title: IEEE Trans. Softw. Eng. – volume: 38 start-page: 1276 issue: 6 year: 2012 ident: 10.1016/j.infsof.2021.106576_b23 article-title: A systematic literature review on fault prediction performance in software engineering publication-title: IEEE Trans. Softw. Eng. doi: 10.1109/TSE.2011.103 – start-page: 477 year: 2007 ident: 10.1016/j.infsof.2021.106576_b35 article-title: Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting – start-page: 45 year: 2013 ident: 10.1016/j.infsof.2021.106576_b36 article-title: Structural detection of android malware using embedded call graphs – start-page: 473 year: 2018 ident: 10.1016/j.infsof.2021.106576_b14 article-title: Deeprefiner: Multi-layer android malware detection system applying deep neural networks – volume: 2 start-page: 147:1 issue: OOPSLA year: 2018 ident: 10.1016/j.infsof.2021.106576_b42 article-title: Deepbugs: a learning approach to name-based bug detection publication-title: Proc. ACM Program. Lang. doi: 10.1145/3276517 – start-page: 1 year: 2020 ident: 10.1016/j.infsof.2021.106576_b9 article-title: Heuristic and neural network based prediction of project-specific api member access publication-title: IEEE Trans. Softw. Eng. – volume: 168 year: 2020 ident: 10.1016/j.infsof.2021.106576_b40 article-title: The impact factors on the performance of machine learning-based vulnerability detection: A comparative study publication-title: J. Syst. Softw. doi: 10.1016/j.jss.2020.110659 – start-page: 371 year: 2014 ident: 10.1016/j.infsof.2021.106576_b15 article-title: Droid-sec: deep learning in android malware detection – year: 2015 ident: 10.1016/j.infsof.2021.106576_b39 article-title: Adam: A method for stochastic optimization – year: 2016 ident: 10.1016/j.infsof.2021.106576_b33 article-title: Gated graph sequence neural networks – volume: 163 year: 2020 ident: 10.1016/j.infsof.2021.106576_b8 article-title: Analyzing bug fix for automatic bug cause classification publication-title: J. Syst. Softw. doi: 10.1016/j.jss.2020.110538 – start-page: 265 year: 2016 ident: 10.1016/j.infsof.2021.106576_b38 article-title: Tensorflow: A system for large-scale machine learning – volume: 62 start-page: 19102:1 issue: 1 year: 2019 ident: 10.1016/j.infsof.2021.106576_b1 article-title: How security bugs are fixed and what can be improved: an empirical study with mozilla publication-title: Sci. China Inf. Sci. doi: 10.1007/s11432-017-9459-5 – year: 2018 ident: 10.1016/j.infsof.2021.106576_b27 article-title: Vuldeepecker: A deep learning-based system for vulnerability detection – start-page: 368 year: 1998 ident: 10.1016/j.infsof.2021.106576_b34 article-title: Clone detection using abstract syntax trees – start-page: 3283 year: 2020 ident: 10.1016/j.infsof.2021.106576_b2 article-title: Smart contract vulnerability detection using graph neural network – start-page: 376 year: 2020 ident: 10.1016/j.infsof.2021.106576_b17 article-title: Patch based vulnerability matching for binary programs – volume: 55 start-page: 1397 issue: 8 year: 2013 ident: 10.1016/j.infsof.2021.106576_b24 article-title: Software fault prediction metrics: A systematic literature review publication-title: Inf. Softw. Technol. doi: 10.1016/j.infsof.2013.02.009 – volume: 44 start-page: 25 issue: 1 year: 2018 ident: 10.1016/j.infsof.2021.106576_b12 article-title: Eliminating path redundancy via postconditioned symbolic execution publication-title: IEEE Trans. Softw. Eng. doi: 10.1109/TSE.2017.2659751 – start-page: 359 year: 2012 ident: 10.1016/j.infsof.2021.106576_b7 article-title: Generalized vulnerability extrapolation using abstract syntax trees – volume: 37 start-page: 772 issue: 6 year: 2011 ident: 10.1016/j.infsof.2021.106576_b6 article-title: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities publication-title: IEEE Trans. Softw. Eng. doi: 10.1109/TSE.2010.81 – year: 2017 ident: 10.1016/j.infsof.2021.106576_b37 article-title: Semi-supervised classification with graph convolutional networks – start-page: 97 year: 2016 ident: 10.1016/j.infsof.2021.106576_b43 article-title: To fear or not to fear that is the question: Code characteristics of a vulnerable functionwith an existing exploit – start-page: 1 year: 2020 ident: 10.1016/j.infsof.2021.106576_b16 article-title: Deep learning based program generation from requirements text: Are we there yet? publication-title: IEEE Trans. Softw. Eng. – start-page: 60 year: 2019 ident: 10.1016/j.infsof.2021.106576_b4 article-title: Leopard: identifying vulnerable code for vulnerability assessment through program metrics – year: 2017 ident: 10.1016/j.infsof.2021.106576_b31 – start-page: 10197 year: 2019 ident: 10.1016/j.infsof.2021.106576_b32 article-title: Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks – volume: 114 start-page: 204 year: 2019 ident: 10.1016/j.infsof.2021.106576_b21 article-title: Improving defect prediction with deep forest publication-title: Inf. Softw. Technol. doi: 10.1016/j.infsof.2019.07.003 – volume: 24 start-page: 2823 issue: 5 year: 2019 ident: 10.1016/j.infsof.2021.106576_b26 article-title: Revisiting supervised and unsupervised models for effort-aware just-in-time defect prediction publication-title: Empir. Softw. Eng. doi: 10.1007/s10664-018-9661-2 – volume: 3 issue: 2 year: 2020 ident: 10.1016/j.infsof.2021.106576_b11 article-title: VYPER: Vulnerability detection in binary code publication-title: Secur. Priv. – start-page: 452 year: 2015 ident: 10.1016/j.infsof.2021.106576_b20 article-title: CLAMI: Defect prediction on unlabeled datasets (T) – start-page: 462 year: 2017 ident: 10.1016/j.infsof.2021.106576_b19 article-title: SPAIN: security patch analysis for binaries towards understanding the pain and pills – year: 2018 ident: 10.1016/j.infsof.2021.106576_b28 – volume: vol. 11999 start-page: 199 year: 2019 ident: 10.1016/j.infsof.2021.106576_b13 article-title: Vulhunter: An automated vulnerability detection system based on deep learning and bytecode – start-page: 1298 year: 2017 ident: 10.1016/j.infsof.2021.106576_b29 article-title: Vulnerability detection with deep learning – start-page: 309 year: 2016 ident: 10.1016/j.infsof.2021.106576_b25 article-title: Cross-project defect prediction using a connectivity-based unsupervised classifier – start-page: 757 year: 2018 ident: 10.1016/j.infsof.2021.106576_b30 article-title: Automated vulnerability detection in source code using deep representation learning |
| SSID | ssj0017030 |
| Score | 2.665245 |
| Snippet | Previous studies have shown that existing deep learning-based approaches can significantly improve the performance of vulnerability detection. They represent... |
| SourceID | crossref elsevier |
| SourceType | Enrichment Source Index Database Publisher |
| StartPage | 106576 |
| SubjectTerms | Bidirectional Graph Neural-Network Code representation Vulnerability detection |
| Title | BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection |
| URI | https://dx.doi.org/10.1016/j.infsof.2021.106576 |
| Volume | 136 |
| WOSCitedRecordID | wos000655363900005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1873-6025 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017030 issn: 0950-5849 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3db9QwDI9gQ4gXxKfY-FAeeJuCem2aprztxhggVCHtOB1PVZOm002nbuLKGP89dpx2dxziS-KlqqKmae1fbMexHcaea9mAUs6ciG2VClknUuSJiYRTJgN92MTGF9Kevs-KQs9m-YcQVrT0xwlkbasvL_Pz_8pqaANmY-rsX7B7eCk0wD0wHa7Adrj-EePHR0Uhp69wqY-ncVJ92PZkbzwn9UW-vyMsVL2HpTmqhSgoFtyHHE6_LLAQtY-Z_QbiqKMuq0ZsSGHq-kjmJYjyrxhB1m346Q8q74o9BrwFFek3oLyom80rTD4bmsdn5CRYzK-2i3yswaf-oeCdiEdDbFxwmW2kzQTfYyTA8iFZ6Ujy6iwRKqIs6EE0U3GUDTFPHodTXJvAL77AgaFRpdkPVbW9nj7G4XC0GPcyUq2us-04S3OQgdv7bw9n74ZdJ5R-VJuRPq9PtfTxgJtj_dyUWTFPJnfY7bCu4PuEh7vsmmvvsZt9WsN9NgmweMlXQcHXQME9KPg6KDjwmq-Bgg-geMA-vj6cHLwR4UQNYWFp2MEMzLXJK7ALrXVa10rJRicuMS5NE5sjieTI-IpAkczqylXSRiZumspheFGdPGRb7VnrHjEOM9zWKjVSjRxMcZsbJ2N4b-0UqP9a77CkJ05pQ7l5PPVkUfZxhaclkbREkpZE0h0mhl7nVG7lN89nPd3LYDIS2UqAyi977v5zz8fs1hXSn7AtYJl7ym7Yi26-_PwsYOo77uqSyA |
| linkProvider | Elsevier |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=BGNN4VD%3A+Constructing+Bidirectional+Graph+Neural-Network+for+Vulnerability+Detection&rft.jtitle=Information+and+software+technology&rft.au=Cao%2C+Sicong&rft.au=Sun%2C+Xiaobing&rft.au=Bo%2C+Lili&rft.au=Wei%2C+Ying&rft.date=2021-08-01&rft.pub=Elsevier+B.V&rft.issn=0950-5849&rft.eissn=1873-6025&rft.volume=136&rft_id=info:doi/10.1016%2Fj.infsof.2021.106576&rft.externalDocID=S0950584921000586 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0950-5849&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0950-5849&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0950-5849&client=summon |