A software vulnerability detection method based on multi-modality with unified processing

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Information and Software Technology Pub Date : 2025-03-09 DOI:10.1016/j.infsof.2025.107703

Wenjing Cai , Junlin Chen , Jiaping Yu , Wei Hu , Lipeng Gao

{"title":"A software vulnerability detection method based on multi-modality with unified processing","authors":"Wenjing Cai , Junlin Chen , Jiaping Yu , Wei Hu , Lipeng Gao","doi":"10.1016/j.infsof.2025.107703","DOIUrl":null,"url":null,"abstract":"<div><div>With the development of the Internet and the Internet of Things, software has become an indispensable part, making software vulnerabilities one of the main threats to computer security. In recent years, a multitude of deep learning-based software vulnerability detection methods have been proposed, especially those based on multimodal approaches. Although these multimodal methods have proven to be effective, they often treat each modality separately. We propose a novel multimodal deep learning method for software vulnerability detection that achieves unified processing of various modalities. This method uses complex network analysis to convert the Code Property Graph into an image-like matrix, obtains key fragments from the source code using code slicing, and then uses a Transformer for function-level vulnerability detection. This enables deeper integration of information from multiple modalities, enhancing detection accuracy. Additionally, it significantly simplifies the model architecture. The result shows that compared to the state-of-the-art methods, our method has improved accuracy by 3%. Furthermore, our approach is capable of detecting some of the vulnerabilities recently released by CVE.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107703"},"PeriodicalIF":3.8000,"publicationDate":"2025-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584925000424","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the development of the Internet and the Internet of Things, software has become an indispensable part, making software vulnerabilities one of the main threats to computer security. In recent years, a multitude of deep learning-based software vulnerability detection methods have been proposed, especially those based on multimodal approaches. Although these multimodal methods have proven to be effective, they often treat each modality separately. We propose a novel multimodal deep learning method for software vulnerability detection that achieves unified processing of various modalities. This method uses complex network analysis to convert the Code Property Graph into an image-like matrix, obtains key fragments from the source code using code slicing, and then uses a Transformer for function-level vulnerability detection. This enables deeper integration of information from multiple modalities, enhancing detection accuracy. Additionally, it significantly simplifies the model architecture. The result shows that compared to the state-of-the-art methods, our method has improved accuracy by 3%. Furthermore, our approach is capable of detecting some of the vulnerabilities recently released by CVE.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

随着互联网和物联网的发展，软件已成为不可或缺的一部分，软件漏洞也成为计算机安全的主要威胁之一。近年来，人们提出了许多基于深度学习的软件漏洞检测方法，尤其是那些基于多模态方法的方法。虽然这些多模态方法已被证明是有效的，但它们通常是将每种模态分开处理。我们提出了一种用于软件漏洞检测的新型多模态深度学习方法，可实现对各种模态的统一处理。该方法利用复杂的网络分析将代码属性图转换为类似图像的矩阵，利用代码切片从源代码中获取关键片段，然后利用变换器进行函数级漏洞检测。这样就能更深入地整合来自多种模式的信息，提高检测的准确性。此外，它还大大简化了模型架构。结果表明，与最先进的方法相比，我们的方法提高了 3% 的准确率。此外，我们的方法还能检测到 CVE 最近发布的一些漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.

期刊最新文献

A systematic literature review of agile software development projects Dynamic information utilization for securing Ethereum smart contracts: A literature review A software vulnerability detection method based on multi-modality with unified processing Editorial Board Fairness-aware practices from developers’ perspective: A survey