As one of the most destructive threats in the field of software security, buffer overflow vulnerability has become the primary target of attackers because of its strong concealment and low threshold for exploitation. Vulnerability detection performance can be significantly improved by utilizing deep learning-based techniques. However, the existing methods generally have the problem of information loss in the code feature representation stage. Existing methods cannot learn features related to vulnerabilities, resulting in high False Negative Rate (FNR) and low accuracy. Therefore, this paper proposes a buffer vulnerability detection framework based on cross-graph semantic alignment. An anchor driven cross-graph alignment mechanism was designed, and AST syntax, CFG control flow and PDG dependencies were integrated to construct a code representation that retained complete topology. Construct a buffer-sensitive multi-head graph attention network was proposed to accurately focus on vulnerability characteristics through decoupled attention and high-risk operation gating enhancement. On the NVD dataset, the F1 value of MH-GAT reaches 92.6%, which significantly improves the detection ability.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

MH-GAT: A Buffer Overflow Vulnerability Detection Method via Cross-Graph Semantic Alignment

  • Qunlong Wang,
  • Bing Gao,
  • Peixuan Feng,
  • Wenrui Cao,
  • Yuxin Zhong,
  • Siqi Lu,
  • Yongjuan Wang

摘要

As one of the most destructive threats in the field of software security, buffer overflow vulnerability has become the primary target of attackers because of its strong concealment and low threshold for exploitation. Vulnerability detection performance can be significantly improved by utilizing deep learning-based techniques. However, the existing methods generally have the problem of information loss in the code feature representation stage. Existing methods cannot learn features related to vulnerabilities, resulting in high False Negative Rate (FNR) and low accuracy. Therefore, this paper proposes a buffer vulnerability detection framework based on cross-graph semantic alignment. An anchor driven cross-graph alignment mechanism was designed, and AST syntax, CFG control flow and PDG dependencies were integrated to construct a code representation that retained complete topology. Construct a buffer-sensitive multi-head graph attention network was proposed to accurately focus on vulnerability characteristics through decoupled attention and high-risk operation gating enhancement. On the NVD dataset, the F1 value of MH-GAT reaches 92.6%, which significantly improves the detection ability.