GRACE: Graph Convolutional Networks with Residual Connections and Contrastive Embedding Learning for Code Vulnerability Detection
摘要
With the increasing complexity of software systems, code vulnerability detection has become a core challenge for ensuring software security. Traditional static analysis, dynamic analysis and hybrid analysis face limitations such as high false alarm rate and insufficient path coverage in detection efficiency and accuracy, making it difficult to cope with the vulnerability detection needs of large-scale complex codes. In recent years, vulnerability detection techniques based on graph convolutional networks show potential, but still have problems such as gradient vanishing, feature over-smoothing, and dependence on high-quality features. Therefore, a code vulnerability detection method is proposed in this paper, which integrates graph convolutional networks, residual connections, and contrastive learning, aiming to improve the detection performance of complex code vulnerabilities. Specifically, the text sequence of the code is first constructed as a graph structure. Then, a large-scale language model is employed to extract both structural and semantic features. Finally, the method is trained on the graph topology to learn node embeddings by leveraging neighborhood and node features, ultimately generating prediction results. Extensive experiments on the ReVeal dataset are conducted to evaluate the effectiveness of the proposed method, and the results indicate that it outperforms other baseline methods in code vulnerability detection.