A new approach to software vulnerability detection based on CPG analysis

Abstract

Detecting source code vulnerabilities is an essential issue today. In this paper, to improve the efficiency of detecting vulnerabilities in software written in C/C++, we propose to use a combination of Deep Graph Convolutional Neural Network (DGCNN) and code property graph (CPG). Specifically, 3 main proposed phases in the research method include: phase 1: building feature profiles of source code. At this step, we suggest using analysis techniques such as Word2vec, one hot encoding to standardize and analyze the source code; phase 2: extracting features of source code based on feature profiles. Accordingly, at this phase, we propose to use Deep Graph Convolutional Neural Network (DGCNN) model to analyze and extract features of the source code; phase 3: classifying source code based on the features extracted in phase 2 to find normal source code and source code containing security vulnerabilities. Some scenarios for comparing and evaluating the proposed method in this study compared with other approaches we have taken show the superior effectiveness of our approach. Besides, this result proves that our method in this paper is not only correct and reasonable, but it also opens up a new approach to the task of detecting source code vulnerabilities.