SAVED: Sensitive Operation-Aware Vulnerability Detection model Enhanced with Distance-Weighted Sparse Attention

Read the full article See related articles

Listed in

This article is not in any list yet, why not save it to one of your lists.
Log in to save this article

Abstract

Software security has received increasing attention due to the rapid growth in software vulnerabilities and the significant damage they cause. Although var- ious deep learning-based vulnerability detection models have been developed, these models typically operate at the function or code slice level, introducing numerous irrelevant statements into predictions. Moreover, current techniques lack reliable mechanisms to explain the detected vulnerabilities. To address these limitations, we propose SAVED (Sensitive operation-Aware Vulnerability detec- tion model Enhanced with Distance-weighted sparse attention) inspired by a common cognition: vulnerabilities always arise from insuffcient validation before or after sensitive operations. SAVED is an end-to-end Graph Neural Network (GNN) model that detects vulnerabilities in source code and provides inter- pretable explanations. Specially, SAVED automatically constructs a subgraph for each sensitive operation using our noval Distance-Weighted Sparse Atten- tion (DWSA) mechanism, which mitigates the noise from irrelevant statements. It then computes a vulnerability score for each node by integrating semantic features, operation-specific information, and the generated sensitive subgraphs, thereby providing direct insight into the model’s decision-making process and facilitating the localization of vulnerability-related statements. Extensive exper- iments demonstrate that SAVED outperforms current state-of-the-art methods and provides reliable explanations that enable accurate root-cause localization.

Article activity feed