Graph neural network based approach Che upo to automatically assigning common weakness enumeration identifiers for vulnerabilities

作     者：Peng Liu Wenzhe Ye Haiying Duan Xianxian Li Shuyi Zhang Chuanjian Yao Yongnan Li Peng Liu;Wenzhe Ye;Haiying Duan;Xianxian Li;Shuyi Zhang;Chuanjian Yao;Yongnan Li

作者机构：Key Lab of Education Blockchain and Intelligent TechnologyMinistry of EducationGuangxi Normal UniversityGuilin 541004China School of SoftwareBeihang UniversityBeijing 100000China School of National SecurityPeople's Public Security University of ChinaBeijing 1000000China Guangxi Key Lab of Multi-Source Information Mining and SecurityGuangxi Normal UniversityGuilin 541004China 

出 版 物：《Cybersecurity》 (网络空间安全科学与技术（英文）)

年 卷 期：2024年第7卷第3期

页      面：1-15页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：The research was supported in part by the National Natural Science Foundation of China(Nos.62166004,U21A20474) the Guangxi Science and Technology Major Project(No.AA22068070) the Guangxi Natural Science Foundation(No.2020GXNSFAA297075) the Center for Applied Mathematics of Guangxi,the Guangxi"Bagui Scholar"Teams for Innovation and Research Project,the Guangxi Talent Highland Project of Big Data Intelligence and Application,the Guangxi Collaborative Center of Multisource Information Integration and Intelligent Processing and Fundamental Research Funds for the Central Universities(No.2021JKF06) 

主　　题：Vulnerability categorization CWE Graph representation GNN 

摘      要：Vulnerability reports are essential for improving software security since they record key information on *** a report,CWE denotes the weakness of the vulnerability and thus helps quickly understand the cause of the ***,CWE assignment is useful for categorizing newly discovered *** this paper,we propose an automatic CwE assignment method with graph neural ***,we prepare a dataset that contains 3394 real world vulnerabilities from Linux,OpenSSL,Wireshark and many other software ***,we extract state-ments with vulnerability syntax features from these vulnerabilities and use program slicing to slice them according to the categories of syntax *** top of slices,we represent these slices with graphs that characterize the data dependency and control dependency between ***,we employ the graph neural networks to learn the hidden information from these graphs and leverage the Siamese network to compute the similarity between vulnerability functions,thereby assigning CWE IDs for these *** experimental results show that the proposed method is effective compared to existing methods.