An approach for vulnerability detection in web applications using graph neural networks and transformers
The increasing complexity of software systems and rising security concerns due to open-source package vulnerabilities have made software vulnerability detection a critical priority. Traditional vulnerability detection methods, including static, dynamic, and hybrid approaches, often struggle with hig...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Little Lion Scientific
2024
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/119426/ http://psasir.upm.edu.my/id/eprint/119426/1/119426.pdf |
| _version_ | 1848867962260291584 |
|---|---|
| author | Md Sultan, Abu Bakar Zulzalil, Hazura Osman, Mohd Hafeez Tanko, Mohammed Yahaya |
| author_facet | Md Sultan, Abu Bakar Zulzalil, Hazura Osman, Mohd Hafeez Tanko, Mohammed Yahaya |
| author_sort | Md Sultan, Abu Bakar |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | The increasing complexity of software systems and rising security concerns due to open-source package vulnerabilities have made software vulnerability detection a critical priority. Traditional vulnerability detection methods, including static, dynamic, and hybrid approaches, often struggle with high false-positive rates and limited efficiency. Recently, graph-based neural networks (GNNs) have shown potential in improving vulnerability detection accuracy by representing code as graphs that capture syntax and semantics. This paper introduces a Gated Graph Neural Network (GGNN) framework that leverages multiple graph representations: Abstract Syntax Tree (AST), Data Flow Graph (DFG), Control Flow Graph (CFG), and Code Property Graph (CPG). The model uses these graph structures to detect vulnerabilities in function-level code snippets. Evaluation of our framework on the OWASP WebGoat dataset demonstrates the effectiveness of different graph representations across five major vulnerability types: command injection, weak cryptography, path traversal, SQL injection, and cross-site scripting. Experimental results show that the GGNN+CPG configuration consistently yields high recall for cryptographic weaknesses, while GGNN+CFG excels in detecting control-based vulnerabilities, such as command injections. The framework demonstrates notable enhancements in accuracy, precision, recall, and F1-score across all vulnerability types, with each graph representation contributing unique insights into code structures and vulnerability patterns. These findings highlight the potential of multi-graph GNNs in enhancing code vulnerability detection for cybersecurity applications. |
| first_indexed | 2025-11-15T14:44:49Z |
| format | Article |
| id | upm-119426 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T14:44:49Z |
| publishDate | 2024 |
| publisher | Little Lion Scientific |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-1194262025-09-11T03:50:41Z http://psasir.upm.edu.my/id/eprint/119426/ An approach for vulnerability detection in web applications using graph neural networks and transformers Md Sultan, Abu Bakar Zulzalil, Hazura Osman, Mohd Hafeez Tanko, Mohammed Yahaya The increasing complexity of software systems and rising security concerns due to open-source package vulnerabilities have made software vulnerability detection a critical priority. Traditional vulnerability detection methods, including static, dynamic, and hybrid approaches, often struggle with high false-positive rates and limited efficiency. Recently, graph-based neural networks (GNNs) have shown potential in improving vulnerability detection accuracy by representing code as graphs that capture syntax and semantics. This paper introduces a Gated Graph Neural Network (GGNN) framework that leverages multiple graph representations: Abstract Syntax Tree (AST), Data Flow Graph (DFG), Control Flow Graph (CFG), and Code Property Graph (CPG). The model uses these graph structures to detect vulnerabilities in function-level code snippets. Evaluation of our framework on the OWASP WebGoat dataset demonstrates the effectiveness of different graph representations across five major vulnerability types: command injection, weak cryptography, path traversal, SQL injection, and cross-site scripting. Experimental results show that the GGNN+CPG configuration consistently yields high recall for cryptographic weaknesses, while GGNN+CFG excels in detecting control-based vulnerabilities, such as command injections. The framework demonstrates notable enhancements in accuracy, precision, recall, and F1-score across all vulnerability types, with each graph representation contributing unique insights into code structures and vulnerability patterns. These findings highlight the potential of multi-graph GNNs in enhancing code vulnerability detection for cybersecurity applications. Little Lion Scientific 2024 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/119426/1/119426.pdf Md Sultan, Abu Bakar and Zulzalil, Hazura and Osman, Mohd Hafeez and Tanko, Mohammed Yahaya (2024) An approach for vulnerability detection in web applications using graph neural networks and transformers. Journal of Theoretical and Applied Information Technology, 103 (1). pp. 257-265. ISSN 1992-8645; eISSN: 1817-3195 https://www.jatit.org/volumes/Vol103No1/22Vol103No1.pdf |
| spellingShingle | Md Sultan, Abu Bakar Zulzalil, Hazura Osman, Mohd Hafeez Tanko, Mohammed Yahaya An approach for vulnerability detection in web applications using graph neural networks and transformers |
| title | An approach for vulnerability detection in web applications using graph neural networks and transformers |
| title_full | An approach for vulnerability detection in web applications using graph neural networks and transformers |
| title_fullStr | An approach for vulnerability detection in web applications using graph neural networks and transformers |
| title_full_unstemmed | An approach for vulnerability detection in web applications using graph neural networks and transformers |
| title_short | An approach for vulnerability detection in web applications using graph neural networks and transformers |
| title_sort | approach for vulnerability detection in web applications using graph neural networks and transformers |
| url | http://psasir.upm.edu.my/id/eprint/119426/ http://psasir.upm.edu.my/id/eprint/119426/ http://psasir.upm.edu.my/id/eprint/119426/1/119426.pdf |