Vulnerability Detection aims to mitigate and detect software vulnerabilities in real-world software products.

The dataset we used is provided by Li et al. (SySeVR), which is collected from SARD and NVD and contains a total of 15,592 C/C++ programs.

The processed datasets including ASTs, PDGs, semantic graphs and labels can be downloaded from OneDrive. Please unpack the downloaded file into the resources dir.

1. resources/dataset/OJ-Data-*/programs.pkl is stored in pickle format. Each row in this file represents one function and its label. One row is illustrated below.

   • Testid: the id of CVE or SARD programs
   • tree-graph: the generated semantic graph of Testid
   • label: the class-label of the semantic graph.

Data statistics of the dataset are shown in the below table:

You can get data using the following command.

import os
import pandas as pd
data_path = '../resources/*_graph_data/All_data_input.pkl'
if os.path.exists(data_path):
    data = pd.read_pickle(data_path)

We also provide a pipeline that generates inputs for our model on this task.

• dgl==0.8.0.post1
• dgl_cu110==0.7.2
• gensim==3.8.3
• networkx==2.1
• nltk==3.3
• numpy==1.19.4
• pandas==1.1.4
• torch

Use joern to parse source code: the input is source code files, and the output is a file named .joernIndex.

We provide a script to train and evaluate our model for this task, and report FNR, FPR, Accuracy, Precision, Recall, F-measure score

python Entry/train_graph_lstm.py

[Epoch: 100/100] Train Loss: 0.0075, Val Loss: 0.0365, Train result: (FPR:0.1798859799634693, FNR:0.4122965641953016, accuracy: 99.75579975579976, prec: 99.53010915925685, recall:99.5877034358047, f_measure: 99.55889796803818), Test result: (FPR: 1.6569525395503746, FNR: 3.8983415894895472, accuracy: 97.71812886566985, prec: 95.73052992919975, recall: 96.10165841051045, f_measure: 95.91573516766982)