The increasing complexity of modern software systems has led to a rise in vulnerabilities that malicious actors can exploit. Traditional methods of vulnerability detection, such as static and dynamic analysis, have limitations in scalability and automation. This paper proposes a novel approach to detecting software vulnerabilities using a combination of code property graphs and machine learning techniques. By leveraging code property graphs, which integrate abstract syntax trees, control flow graphs, and program dependency graphs, we achieve a detailed representation of software code that enhances the accuracy and granularity of vulnerability detection. We introduce various neural network models, including convolutional neural networks adapted for graph data, to process these representations. Our approach provides a scalable and automated solution for vulnerability detection, addressing the shortcomings of existing methods. We also present a newly generated dataset labeled with function-level vulnerability types sourced from open-source repositories. Our contributions include a methodology for transforming software code into code property graphs, the implementation of a convolutional neural network model for graph data, and the creation of a comprehensive dataset for training and evaluation. This work lays the foundation for more effective and efficient vulnerability detection in complex software systems.

翻译：随着现代软件系统复杂性的日益增加，恶意攻击者可利用的漏洞也随之增多。传统的漏洞检测方法，如静态分析和动态分析，在可扩展性和自动化方面存在局限。本文提出一种结合代码属性图与机器学习技术的新型软件漏洞检测方法。通过利用融合了抽象语法树、控制流图与程序依赖图的代码属性图，我们实现了对软件代码的精细表征，从而提升了漏洞检测的准确性与粒度。我们引入了多种神经网络模型，包括适用于图数据的卷积神经网络，以处理这些表征。本方法为漏洞检测提供了可扩展且自动化的解决方案，弥补了现有方法的不足。我们还提出了一个基于开源仓库构建、标注了函数级漏洞类型的新数据集。我们的贡献包括：将软件代码转换为代码属性图的方法论、适用于图数据的卷积神经网络模型的实现，以及用于训练与评估的综合性数据集的构建。此项工作为在复杂软件系统中实现更高效、更有效的漏洞检测奠定了基础。