||Comparison of Program Representations on Vulnerability Detection with Graph Neural Networks
||(Yoola Choi) ; (Young-Woo Kwon)
|| Vulnerability detection; Graph neural networks; Static program analysis
||As software vulnerabilities have surged, efforts to discover them have increased. The syntactic and semantic information of a program is required to detect vulnerabilities. Each information can be represented as a graph, such as Abstract Syntax Tree and Program Dependency Graph. In this paper, the program representations were extracted using various static analysis tools, including Clang Static Analyzer, Joern, and SVF, and compared using Graph Neural Networks to select the appropriate representations for vulnerability detection in C/C++. From the comparison, PDG shows the best performance among the multiple representations. This result indicates a suitable program representation and a tool for vulnerability detection that can be utilized in research utilizing graph neural networks.