Vignat: Vulnerability identification by learning code semantics via graph attention networks
This addresses the challenge of scalable and accurate vulnerability detection for cybersecurity in large software projects, representing an incremental improvement with a novel method for a known bottleneck.
The paper tackles the problem of identifying software vulnerabilities in large codebases by proposing Vignat, an attention-based framework that uses graph attention networks on code property graphs, achieving 57.38% accuracy on datasets from popular C libraries.
Vulnerability identification is crucial to protect software systems from attacks for cyber-security. However, huge projects have more than millions of lines of code, and the complex dependencies make it hard to carry out traditional static and dynamic methods. Furthermore, the semantic structure of various types of vulnerabilities differs greatly and may occur simultaneously, making general rule-based methods difficult to extend. In this paper, we propose \textit{Vignat}, a novel attention-based framework for identifying vulnerabilities by learning graph-level semantic representations of code. We represent codes with code property graphs (CPGs) in fine grain and use graph attention networks (GATs) for vulnerability detection. The results show that Vignat is able to achieve $57.38\%$ accuracy on reliable datasets derived from popular C libraries. Furthermore, the interpretability of our GATs provides valuable insights into vulnerability patterns.