Detect software vulnerabilities with weight biases via graph neural networks

Code vulnerabilities are common in software systems and may cause many problems, including Stack Overflow, memory leaks, and so on. Public reports show that code vulnerabilities are increasing year by year, which brings greater threats to the security of software systems. Thus a variety of neural network models have been developed to detect code vulnerabilities. However, the previous neural network models cannot fully express the semantics and structure of the code with as little overhead as possible, and they also cannot enhance learning of difficult samples. Addressing to this issue, we designed a model built upon GGNN for Detecting Software Vulnerabilities (GDSV), which contains three components. Specifically, Graph Embedding component extracts the semantic and structural features, and generates a graph representation of the code; GGNN component learns these features and detects vulnerabilities in the code; weighted component improves the learning ability of Vulnerable samples through the Focal Loss function. A serial of experiments on the datasets of FFmpeg and QEMU were conducted, and the results show that GDSV performs better than the state-of-the-art efforts based on various widely used evaluations.