Open Access iconOpen Access

ARTICLE

crossmark

HCRVD: A Vulnerability Detection System Based on CST-PDG Hierarchical Code Representation Learning

by Zhihui Song, Jinchen Xu, Kewei Li, Zheng Shan*

School of Cyberspace Security, Information Engineering University, Zhengzhou, 450001, China

* Corresponding Author: Zheng Shan. Email: email

Computers, Materials & Continua 2024, 79(3), 4573-4601. https://doi.org/10.32604/cmc.2024.049310

Abstract

Prior studies have demonstrated that deep learning-based approaches can enhance the performance of source code vulnerability detection by training neural networks to learn vulnerability patterns in code representations. However, due to limitations in code representation and neural network design, the validity and practicality of the model still need to be improved. Additionally, due to differences in programming languages, most methods lack cross-language detection generality. To address these issues, in this paper, we analyze the shortcomings of previous code representations and neural networks. We propose a novel hierarchical code representation that combines Concrete Syntax Trees (CST) with Program Dependence Graphs (PDG). Furthermore, we introduce a Tree-Graph-Gated-Attention (TGGA) network based on gated recurrent units and attention mechanisms to build a Hierarchical Code Representation learning-based Vulnerability Detection (HCRVD) system. This system enables cross-language vulnerability detection at the function-level. The experiments show that HCRVD surpasses many competitors in vulnerability detection capabilities. It benefits from the hierarchical code representation learning method, and outperforms baseline in cross-language vulnerability detection by 9.772% and 11.819% in the C/C++ and Java datasets, respectively. Moreover, HCRVD has certain ability to detect vulnerabilities in unknown programming languages and is useful in real open-source projects. HCRVD shows good validity, generality and practicality.

Keywords


Cite This Article

APA Style
Song, Z., Xu, J., Li, K., Shan, Z. (2024). HCRVD: A vulnerability detection system based on CST-PDG hierarchical code representation learning. Computers, Materials & Continua, 79(3), 4573-4601. https://doi.org/10.32604/cmc.2024.049310
Vancouver Style
Song Z, Xu J, Li K, Shan Z. HCRVD: A vulnerability detection system based on CST-PDG hierarchical code representation learning. Comput Mater Contin. 2024;79(3):4573-4601 https://doi.org/10.32604/cmc.2024.049310
IEEE Style
Z. Song, J. Xu, K. Li, and Z. Shan, “HCRVD: A Vulnerability Detection System Based on CST-PDG Hierarchical Code Representation Learning,” Comput. Mater. Contin., vol. 79, no. 3, pp. 4573-4601, 2024. https://doi.org/10.32604/cmc.2024.049310



cc Copyright © 2024 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 445

    View

  • 168

    Download

  • 0

    Like

Share Link