Treffer: HVDet: Heap Vulnerability Detection Method Based on P-PDG Representation and Bi-GRU Algorithm.

Heap vulnerabilities pose a significant risk to software, leading to stability issues such as slowdown and resource depletion. These vulnerabilities can potentially disrupt critical operations and compromise the overall system performance, especially in the case of automated control systems implemented in C/C++ language. While various artificial intelligence-based detection methods have been studied, there has been limited analysis of the detection process and the structural and semantic features, resulting in lower detection efficiency. This paper proposes a novel heap vulnerability detection (HVDet) method based on the <italic>Pointer Program Dependency Graph</italic> (<italic>P-PDG</italic>) representation and <italic>Bidirectional Gated Recurrent Unit</italic> (<italic>Bi-GRU</italic>) algorithm for software. Through inter-procedural analysis, the <italic>P-PDG</italic> serves as an innovative code representation model that places emphasis on pointer operations, which are closely associated with heap vulnerabilities. It leads to a reduction in code size while simultaneously capturing a broader range of structural and semantic features of the source code. Subsequently, a mixed feature matrix incorporating these features from code slices is generated as input for the <italic>Bi-GRU</italic> algorithm. When compared with 7 <italic>state-of-the-art</italic> (<italic>SOTA</italic>) vulnerability detection tools, HVDet demonstrates superior performance. It successfully identified three heap vulnerabilities in real-world software such as <italic>Linux Kernel</italic>, <italic>Espruino</italic> and <italic>LibreDWG</italic>. [ABSTRACT FROM AUTHOR]

Copyright of International Journal of Software Engineering & Knowledge Engineering is the property of World Scientific Publishing Company and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)