TFHSVul:A Fine-Grained Hybrid Semantic Vulnerability Detection Method Based on Self-Attention Mechanism in IOT

• Published in: IEEE internet of things journal p. 1
• Main Authors: Xu, Lijuan, An, Baolong, Li, Xin, Zhao, Dawei, Peng, Haipeng, Song, Weizhao, Tong, Fenghua, Han, Xiaohui
• Format: Journal Article
• Language: English
• Published: IEEE 12.09.2024
• Subjects: Accuracy; Codes; Deep learning; Feature extraction; Internet of Things; Network security; Security; Semantics; Software vulnerabilities; Source coding; Vulnerability detection
• ISSN: 2327-4662; 2327-4662
• DOI: 10.1109/JIOT.2024.3459921

Current vulnerability detection methods encounter challenges such as inadequate feature representation, constrained feature extraction capabilities, and coarse-grained detection. To address these issues, we propose a fine-grained hybrid semantic vulnerability detection framework based on Transformer, named TFHSVul. Initially, the source code is transformed into sequential and graph-based representations to capture multi-level features, thereby solving the problem of insufficient information caused by a single intermediate representation. To enhance feature extraction capabilities, TFHSVul integrates multi-scale fusion convolutional neural network, residual graph convolutional network, and pre-trained language model into the core architecture, significantly boosting performance. We design a fine-grained detection method based on a self-attention mechanism, achieving statement-level detection to address the issue of coarse detection granularity. In comparison to existing baseline methods on public datasets, TFHSVul achieves a 0.58 improvement in F1 score at the function level compared to the best performing model. Moreover, it demonstrates a 10% enhancement in Top-10 accuracy at the statement level detection compared to the best performing method.