Vulnerability detection is crucial in the field of software security. However, existing methods often suffer from interference caused by redundant information and insufficient cross-line semantic dependencies when handling large-scale and complex source code, which limits detection performance. To address these challenges, this paper proposes VULDA, a source code vulnerability detection method that integrates a Vulnerability-aware Code Mapping Graph (VCMG) with Local Dependency Context Aggregation (LDCA). VCMG significantly reduces redundancy in graph structures by aligning multi-granularity semantics to line-level nodes, thereby enhancing representational compactness. Additionally, it incorporates static heuristic rules and structural features to weight nodes, effectively improving the model’s sensitivity to key vulnerability-related code. Building upon this, the LDCA module aggregates both control-flow graph (CFG) and data-dependency graph (DDG) paths, achieving dual-context aggregation of logical and data semantics, which further enhances the model’s ability to express complex vulnerability patterns. Experimental results on multiple real-world datasets, including SARD, Reveal, and FFmpeg+Qemu, demonstrate that VULDA outperforms existing methods across various metrics, notably achieving a 23.09% improvement in F1 score on the Reveal dataset compared to the best baseline. Ablation studies further validate the effectiveness and complementarity of the VCMG and LDCA modules in boosting detection performance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

VULDA: Source Code Vulnerability Detection via Local Dependency Context Aggregation on Vulnerability-Aware Code Mapping Graph

  • Tao Peng,
  • Ling Gui,
  • Lijun Cai,
  • Junwei Tang,
  • Aoshuang Ye,
  • Fei Zhu

摘要

Vulnerability detection is crucial in the field of software security. However, existing methods often suffer from interference caused by redundant information and insufficient cross-line semantic dependencies when handling large-scale and complex source code, which limits detection performance. To address these challenges, this paper proposes VULDA, a source code vulnerability detection method that integrates a Vulnerability-aware Code Mapping Graph (VCMG) with Local Dependency Context Aggregation (LDCA). VCMG significantly reduces redundancy in graph structures by aligning multi-granularity semantics to line-level nodes, thereby enhancing representational compactness. Additionally, it incorporates static heuristic rules and structural features to weight nodes, effectively improving the model’s sensitivity to key vulnerability-related code. Building upon this, the LDCA module aggregates both control-flow graph (CFG) and data-dependency graph (DDG) paths, achieving dual-context aggregation of logical and data semantics, which further enhances the model’s ability to express complex vulnerability patterns. Experimental results on multiple real-world datasets, including SARD, Reveal, and FFmpeg+Qemu, demonstrate that VULDA outperforms existing methods across various metrics, notably achieving a 23.09% improvement in F1 score on the Reveal dataset compared to the best baseline. Ablation studies further validate the effectiveness and complementarity of the VCMG and LDCA modules in boosting detection performance.