VULNERABILITY DETECTION WITH AN ENSEMBLE OF ANALYSIS ALGORITHMS FOR CODE GRAPH REPRESENTATION
G. S. Kubrin, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University
Annotation: The paper presents an analysis of existing methods for software vulnerabilities detection. A problem of faulty paths in interprocedural code graph representation is presented. This problem hinders application of graph deep learning models to code analysis tasks. A method based on an ensemble of algorithms for code graph analysis is presented to overcome the problem of faulty paths. The method performs gradual reduction of analyzed code fragments size for effective application of algorithms with high time complexity. A prototype of vulnerability detection system for .NET software based on the proposed method is presented. The prototype is evaluated using NIST SARD database and software with considerable codebase size.
Keywords: software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, deep learning.