Combining AST Segmentation and Deep Semantic Extraction for Function Level Vulnerability Detection

The explosive growth of software vulnerabilities poses a serious threat to computer system security and has become one of the urgent problems of the day. Yet, most existing vulnerability detection methods generally fail to capture the deep semantic features of code fragments, leading to the problem of high false negative rate easily. To this end, this paper proposes TrFVD (abstract syntax Tree based Function Vulnerability Detector), which mines deep semantics implied in source code fragments for accurate function level vulnerability detection. To ease the capture of fine-grained subtle semantic features, TrFVD converts the AST of a function into sequentially ordered sub-trees by splitting it in accordance with statements. The semantics of each sub-tree is then extracted with the Tree-LSTM, and a Text-RNN based model is utilized to summarize them up into a dense numerical vector to get the function represented. The experimental evaluations conducted on two C program vulnerability datasets show the effectiveness of TrFVD, which achieves 98.44% and 98.32% accuracy respectively. The averagely 12% more performance promotion against other vulnerability detection methods also indicates the superiority of TrFVD in capturing deeper subtle yet significant code semantics.