research-article

HGIVul: : Detecting inter-procedural vulnerabilities based on hypergraph convolution

Authors:

Zihua Song,

Junfeng Wang,

Kaiyuan Yang,

Jigang WangAuthors Info & Claims

Volume 160, Issue C

https://doi.org/10.1016/j.infsof.2023.107219

Published: 01 August 2023 Publication History

Abstract

Context:

Detecting source code vulnerabilities is one way to block cyber attacks from an early stage. Vulnerability-triggered code typically involves one or more function procedures, while current research pays more attention to the code on a single procedure. Due to lacking a comprehensive analysis of multiple vulnerability-related procedures, current methods suffer disorder false-positive and false-negative rates, especially in detecting inter-procedural vulnerability.

Objective:

This paper proposes HGIVul, an inter-procedural vulnerability detection method for source code based on hypergraph convolution. The key of HGIVul is to derive the syntax-semantic characteristic from multiple procedures in a suitable code information space, which brings more balanced detection.

Methods:

Firstly, the potential vulnerability-related code trace across multiple procedures is located via static analyzer Infer. Then, HGIVul reconstructs the soft inter-procedural control flow graph (ICFG) from the trace to restore the complex relationship between multiple-procedural codes. Next, HGIVul performs multi-level graph convolution on the soft ICFG to grasp holistic code characteristics within multiple procedures. Finally, a classifier is applied to the extracted code features for vulnerability detection.

Results:

The experimental results show that HGIVul outperforms in detecting vulnerabilities and identifying vulnerability types, with the F1-measure of 66.33% and 79.58% for detection and identification, respectively. Moreover, the experiment on cross-projects indicates HGIVul has a better detection ability.

Conclusion:

The proposed HGIVul achieves a balanced detection performance than the related state-of-the-art methods, which proves that fusing syntactic–semantic information from multiple procedures benefits inter-procedural vulnerability detection. In addition, the results applied to five actual projects indicate that HGIVul has the feasibility of detection in practical.

References

[1]

Murphy-Hill Emerson, Zimmermann Thomas, Bird Christian, Nagappan Nachiappan, The design space of bug fixes and how developers navigate it, IEEE Trans. Softw. Eng. 41 (1) (2015) 65–81,.

Abstract

Context:

Objective:

Methods:

Results:

Conclusion:

References

Cited By

Recommendations

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities

Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection

Adapting Static Taint Analyzers to Software Marketplaces: A Leverage Point for Mass Vulnerability Detection?

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations