@inproceedings{0782a26eab2d43feabf24ac9404aa070,
title = "DeepVD: Toward Class-Separation Features for Neural Network Vulnerability Detection",
abstract = "The advances of machine learning (ML) including deep learning (DL) have enabled several approaches to implicitly learn vulnerable code patterns to automatically detect software vulnerabilities. A recent study showed that despite successes, the existing ML/DL-based vulnerability detection (VD) models are limited in the ability to distinguish between the two classes of vulnerability and benign code. We propose DeepVD, a graph-based neural network VD model that emphasizes on class-separation features between vulnerability and benign code. DeepVDleverages three types of class-separation features at different levels of abstraction: statement types (similar to Part-of-Speech tagging), Post-Dominator Tree (covering regular flows of execution), and Exception Flow Graph (covering the exception and error-handling flows). We conducted several experiments to evaluate DeepVD in a real-world vulnerability dataset of 303 projects with 13,130 vulnerable methods. Our results show that DeepVD relatively improves over the state-of-the-art ML/DL-based VD approaches 13%-29.6% in precision, 15.6%-28.9% in recall, and 16.4%-25.8% in F-score. Our ablation study confirms that our designed features and components help DeepVDachieve high class-separability for vulnerability and benign code.",
keywords = "class separation, graph neural network, neural vulnerability detection",
author = "Wenbo Wang and Nguyen, {Tien N.} and Shaohua Wang and Yi Li and Jiyuan Zhang and Aashish Yadavally",
note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 45th IEEE/ACM International Conference on Software Engineering, ICSE 2023 ; Conference date: 15-05-2023 Through 16-05-2023",
year = "2023",
doi = "10.1109/ICSE48619.2023.00189",
language = "English (US)",
series = "Proceedings - International Conference on Software Engineering",
publisher = "IEEE Computer Society",
pages = "2249--2261",
booktitle = "Proceedings - 2023 IEEE/ACM 45th International Conference on Software Engineering, ICSE 2023",
address = "United States",
}