Abstract
In computer security, semantic learning is helpful in understanding vulnerability requirements, realizing source code semantics, and constructing vulnerability knowledge. Nevertheless, learning how to extract and select the most valuable features for software vulnerability detection remains difficult. In this paper, we first derive a subset of vulnerability knowledge representations from the Functional Connectivity (FC) of Graph Gated Sequence Neural Networks (GGNNs). The Gated Graph Sequence Neural Networks can be utilized to capture the long-term dependency to understand a high-level representation of potential vulnerabilities in order to detect vulnerabilities on a target project. Studying functional connectivity-based Graph Neural Networks ensures our deep understanding of the operation of sequence graph networks as highly complex interconnected systems. This ensures that the model focuses on vulnerability-related code, which makes it more appropriate for vulnerability mining tasks. Which constructs a composite semantic code property graph for code representation based on the causes of vulnerabilities. The experimental findings indicate that the suggested Model can select relevant discriminative features and achieve superior performance than benchmark methods.
Similar content being viewed by others
Data availability
Enquiries about data availability should be directed to the authors.
References
Abualigah LM, Khader AT (2017) Unsupervised text feature selection technique based on hybrid particle swarm optimization algorithm with genetic operators for the text clustering. J Supercomput 73:4773–4795. https://doi.org/10.1007/s11227-017-2046-2
Abualigah LM, Qasim M (2019) Feature selection and enhanced krill herd algorithm for text document clustering. Studies Comp Intelligence, Springer, Cham. https://doi.org/10.1007/978-3-030-10674-4
Abualigah LM, Khader AT, Hanandeh ES (2018a) Hybrid clustering analysis using improved krill herd algorithm. Appl Intell 48:4047–4071. https://doi.org/10.1007/s10489-018-1190-6
Abualigah LM, Khader AT, Hanandeh ES (2018b) A new feature selection method to improve the document clustering using particle swarm optimization algorithm. J Comput Sci 25:456–466. https://doi.org/10.1016/j.jocs.2017.07.018
Abualigah L, Yousri D, Abd Elaziz M, Ewees AA, Al-Qaness MA, Gandomi AH (2021) Aquila Optimizer: a novel meta-heuristic optimization algorithm. Comput Ind Eng 157:107250. https://doi.org/10.1016/J.CIE.2021.107250
Abualigah LM, Elaziz MA, Sumari P, Geem ZW, Gandomi AH (2022) Reptile search algorithm (RSA): A nature-inspired meta-heuristic optimizer. Expert Syst Appl 191:116158. https://doi.org/10.1016/j.eswa.2021.116158
Agushaka JO, Ezugwu AE, Abualigah L (2022) Dwarf mongoose optimization algorithm. Comput Methods Appl Mech Eng 114570:391. https://doi.org/10.1016/j.cma.2022.114570
Alom MdZ, Taha TM et al (2019) A state-of-the-art survey on deep learning theory and architectures. Electronics 8:292. https://doi.org/10.3390/electronics8030292
Al-qaness MAA, Ewees AA, Abualigah L, AlRassas AM, Thanh HV, Elaziz MA (2022) Evaluating the applications of dendritic neuron model with metaheuristic optimization algorithms for crude-oil-production forecasting. Entropy 24(11):1674. https://doi.org/10.3390/e24111674
Arora B, VC S, Dheemanth GR, Thakral M, Kumar N (2021) Code semantic detection, 2021 asian conference on ınnovation in technology (ASIANCON), pp 1–6 https://doi.org/10.1109/ASIANCON51346.2021.9544660.
Banan A et al (2020) Deep learning-based appearance features extraction for automated carp species identification. Aquacult Eng 89:102053
Cao S, Sun X, Bo L, Wei Y, Li B (2021) BGNN4VD: constructing bidirectional graph neural-network for vulnerability detection. Inf Softw Technol 136:106576
Cao S, Sun X, Bo L, Wu R, Li B, Tao C (2022). MVD: Memory-related vulnerability detection based on flow-sensitive graph neural networks. In: 2022 IEEE/ACM 44th ınternational conference on software engineering (ICSE), pp 1456–1468.
Cho K, Van Merrienboer B, Gulcehre C, Bahdanau D, Bougares F, Schwenk H, Bengio Y (2014) Learning phrase representations using rnn encoderdecoder for statistical machine translation. arXiv preprint arXiv:1406.1078
Choi Mj, Jeong S, Oh H, Choo J (2017) End-to-end prediction of buffer overruns from raw source code via neural memory networks. arXiv preprint arXiv:1703.02458
Chowdhury I, Zulkernine M (2011) Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J Syst Architecture 57(3):294–313
Dahou A, Al-qaness M, Elaziz M, Helmi A (2022) Human activity recognition in IoHT applications using arithmetic optimization algorithm and deep learning. Measurement 199:111445. https://doi.org/10.1016/j.measurement.2022.111445
Dinler BÖ, Şahin, BC (2021) Prediction of phishing web sites with deep learning using WEKA environment . Avrupa Bilim ve Teknoloji Dergisi, Ejosat Özel Sayı 2021 ARACONF , 35–41 https://doi.org/10.31590/ejosat.901465
Ewees AA., Al-qaness MAA., Abualigah LM, Elaziz M Abd (2022) HBO-LSTM: optimized long short term memory with heap-based optimizer for wind power forecasting, ISSN 1110–0168, https://doi.org/10.1016/j.enconman.2022.116022.
Gori M, Monfardini G, Scarselli F, (2005) A new model for learning in graph domains,In: Proceedings. 2005 IEEE international joint conference on neural networks, pp 729–734 vol 2, https://doi.org/10.1109/IJCNN.2005.1555942.
Guo W et al (2022) HyVulDect: a hybrid semantic vulnerability mining system based on graph neural network. Comput Secur. https://doi.org/10.1016/j.cose.2022.102823
Hin D, Kan A, Chen H, Babar MA (2022). LineVD: statement-level vulnerability detection using graph neural networks. 2022 In: IEEE/ACM 19th ınternational conference on mining software repositories (MSR), 596–607.
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Lee J, Choi SH, Kim C, Lim SH, Park KW (2017) Learning binary code with deep learning to detect software weakness. In: KSII the 9th ınternational conference on ınternet (ICONI) 2017 Symposium
Li M, Li C, Li S, Wu Y, Zhang B, Wen Y (2021) ACGVD: vulnerability detection based on comprehensive graph via graph neural network with attention. ICICS, Cham, Springer
Li X, Wang L, Xin Y, Yang Y, Chen Y, (2013) Automated vulnerability detection in source code using minimum intermediate representation learning, Appl. Sci., vol. 10, no. 5, pp 1692, Mar. 2020. Yamaguchi F., Wressnegger C., Gascon H., and Rieck Chucky K.: Exposing missing checks in source code for vulnerability discovery. In: Proceedings of the 2013 SIGSAC CCS, pp 499510. ACM
Li Y, Tarlow D, Brockschmidt M, Zemel R. (2016) Gated graph sequence neural networks. CoRR, abs/1511.05493.
Li Y, Tarlow D, Brockschmidt M, Zemel R (2017) Gated graph sequence neural networks,1511 05493
Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z, Wang J (2018) SySeVR: A framework for using deep learning to detect software vulnerabilities. arXiv:1807.06756
Li Z, Zou D, Xu S, Ou X, Jin H, S. Wang, Z. Deng, Zhong Y (2018) Vuldeepecker: a deep learning-based system for vulnerability detection. In: Proceedings of NDSS
Lin G, Zhang J, Luo W, Pan L, Xiang Y, De Vel O, Montague P (2018) Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans Ind Inf 14(7):3289–3297
Lin G, Xiao W, Zhang LY, Gao S, Tai Y, Zhang J (2021) Deep neural-based vulnerability discovery demystified: data, model and performance. Neural Comput Appl 33:1–14
Lin G, Zhang J, Luo W, Pan L, Xiang Y (2017) Poster: vulnerability discovery with function representation learning from unlabeled projects, In: Proceedings of the 2017 SIGSAC Conference on CCS. ACM, pp 2539–2541
Lin G, Xiao W, Zhang J, Xiang Y (2019) Deep learning-based vulnerable function detection: a Benchmark. ICICS
McCabe TJ (1976) A complexity measure. TSE, (4):308 320
Nagappan N Ball T (2005) Use of relative code churn measures to predict system defect density. In: Proceedings of the 27th international conference on Software engineering, pp 284 292. ACM
National vulnerability database (nvd). https://nvd.nist.gov/, 2018. Accessed: 2022–11–15
Neuhaus S, Zimmermann T, Holler C, Zeller A (2007) Predicting vulnerable software components. In: Proceedings of the 14th Conference on CCS, pp 529 540. ACM
Nguyen V, Nguyen DQ, Nguyen V, Le T, Tran QH, Phung DQ (2021) ReGVD: Revisiting graph neural networks for vulnerability detection. ArXiv, abs/2110.07317.
Oyelade ON, Ezugwu AE-S, Mohamed TIA, Abualigah L (2022) Ebola optimization search algorithm: a new nature-inspired metaheuristic optimization algorithm. IEEE Access 10:16150–16177. https://doi.org/10.1109/ACCESS.2022.3147821
Sabottke C, Suciu O, Dumitras T (2015) Vulnerability disclosure in the age of social media: exploiting twitter for predicting real-world exploits. In: USENIX Security Symposium, pp 1041 1056
Sahin CB (2021a) The role of vulnerable software metrics on software maintainability prediction. Avrupa Bilim Ve Teknoloji Dergisi 23:686–696. https://doi.org/10.31590/ejosat.858720
Sahin CB (2021b) Deep-immune-network model for vulnerable clone detection. Manch J Artif Intell Appl Sci 2(2):213–218
Sahin BC (2022) Learning optimized patterns of software vulnerabilities with the clock-work memory mechanism. EJOSAT 41:156–165
Sahin CB, Abualigah L (2021) A novel deep learning-based feature selection model for improving the static analysis of vulnerability detection. Neural Comput & Applic. https://doi.org/10.1007/s00521-021-06047-x
Sahin CB, Dinler ÖB, Abualigah L (2021) Prediction of software vulnerability based deep symbiotic genetic algorithms: Phenotyping of dominant-features. Appl Intell. https://doi.org/10.1007/s10489-021-02324-3
Sahin CB (2021c). DCW-RNN: Improving class level metrics for software vulnerability detection using artificial ımmune system with clock-work recurrent neural network, 2021c In: ınternational conference on ınnovations in ıntelligent systems and applications (INISTA), 2021c, pp 1–8
Scarselli F, Gori M, Tsoi AC, Hagenbuchner M, Monfardini G (2009) The graph neural network model. IEEE TNN 20:61–80
Scarselli F, Tsoi AC, Hagenbuchner M (2018) The vapnik–chervonenkis dimension of graph and recursive neural networks. Neural Netw 108:248–259
Sestili CD, Snavely WS, VanHoudnos NM (2018) Towards security defect prediction with ai. arXiv preprint arXiv:1808.09897
Shin Y, Williams L (2013) Can traditional fault prediction models be used for vulnerability prediction. Empir Softw Eng 18(1):25–59
Shin Y, Meneely A, Williams L, Osborne JA (2011) Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IIEEE Trans. Software Eng 37(6):772–787
Shin Y. and Williams L. (2008) An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of the second ACM-IEEE international symposium on Empirical software engineering and measurement, pp 315 317. ACM
Singh S, Chaturvedi A (2020) Applying deep learning for discovery and analysis of software vulnerabilities: a brief survey. Springer, Singapore
The common vulnerability and exposures (cve). https://cve.mitre.org/ index.html, 2018. Accessed: 2021-07-11.
Ullah A, Aznaoui H, Sahin CB, Sadie M, Ozlem Dinler ÖB, Imane L (2022) Cloud computing and 5G challenges and open issues. Int J Adv Appl Sci 11–3:187. https://doi.org/10.11591/ijaas.v11.i3.pp187-193
Votipka D, Stevens R, Redmiles E, Hu J, Mazurek M (2018) Hackers vs. testers: A comparison of software vulnerability discovery processes. In: 2018 IEEE Symposium on Security and Privacy (SP), pp 374–391. IEEE.
Wei H, Lin G, Li L, Jia H (2021) A context-aware neural embedding for function-level vulnerability detection. Algorithms 14:335. https://doi.org/10.3390/a14110335
Yamaguchi F, Lottmann M, Rieck K (2012) Generalized vulnerability extrapolation using abstract syntax trees, In Proceedings of the 28th ACSAC. ACM, pp 359–368.
Ye F, Zhou S, Venkat A., Marcus R, Tatbul N, Tithi JJ, Hasabnis N, Petersen P, Mattson,TG, Kraska T, Dubey PK, Sarkar V, Gottschlich JE. (2020). MISIM: a neural code semantics similarity system using the context-aware semantics structure.
Zeng P, Lin G, Pan L, Tai Y, Zhang J (2020) Software vulnerability analysis and discovery using deep learning techniques: a survey. IEEE Access 8:197158–197172
Zhou J, Cui G, Shengding Hu, Zhang Z, Yang C, Liu Z, Wang L, Li C, Sun M (2020) Graph neural networks: a review of methods and applications. AI Open. https://doi.org/10.1016/j.aiopen.2021.01.001
Zhou Y, Liu S, Siow J, Du X, Liu Y (2019) Devign : effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Proceedings of the Advances in Neural Information Processing Systems, Vancouver, BC, Canada, pp 8–14 December.
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
There is no conflict of interest for authorship.
Ethical approval
This manuscript does not contain any studies with human participants carried out by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Şahin, C.B. Semantic-based vulnerability detection by functional connectivity of gated graph sequence neural networks. Soft Comput 27, 5703–5719 (2023). https://doi.org/10.1007/s00500-022-07777-3
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-022-07777-3