GLICE: Combining Graph Neural Networks and Program Slicing to Improve Software Vulnerability Detection

Wesley De Kraker, Harald Vranken, Arjen Hommmersom

Research output: Chapter in Book/Report/Conference proceedingConference Article in proceedingAcademicpeer-review

Abstract

This paper introduces the GLICE (Graph Neural Network with program slice) model for static code analysis to detect vulnerabilities in source code. GLICE combines inter-procedural program slicing with a Graph Neural Network. It builds upon and extends prior work that applies program slicing (as in the SySeVR model) and Graph Neural Networks (as in the FUNDED model) for vulnerability detection. We apply GLICE on a data set of C/C++ code samples with out-of-bounds write (CWE-787) and out-of-bounds read (CWE-125) butter overflow vulnerabilities. We perform experiments with GLICE to evaluate trade-offs in the depth of the inter-procedural analysis, and to compare GLICE with prior models by evaluating the effectiveness for vulnerability detection and the usage of resources. Our experimental results show that detection accuracy of GLICE improves up to 13% when compared to FUNDED, while the time required to train the GLICE model is about 9 times smaller. GLICE allows configuring the depth of the interprocedural analysis. Our experimental results show that increasing the depth will improve detection, which however requires more computing resources. This allows a user of GLICE to steer the trade-off between detection accuracy and computational efficiency.

Original languageEnglish
Title of host publication8th IEEE European Symposium on Security and Privacy Workshops
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages34-41
Number of pages8
ISBN (Electronic)9798350327205
ISBN (Print)9798350327212
DOIs
Publication statusPublished - 2023
Event8th IEEE European Symposium on Security and Privacy Workshops - Delft, Netherlands
Duration: 3 Jul 20237 Jul 2023
Conference number: 8

Conference

Conference8th IEEE European Symposium on Security and Privacy Workshops
Abbreviated titleEuro S and PW 2023
Country/TerritoryNetherlands
CityDelft
Period3/07/237/07/23

Keywords

  • Graph neural network
  • Program slicing
  • Static source code analysis
  • Vulnerability detection

Fingerprint

Dive into the research topics of 'GLICE: Combining Graph Neural Networks and Program Slicing to Improve Software Vulnerability Detection'. Together they form a unique fingerprint.

Cite this