GraphFVD: Property graph-based fine-grained vulnerability detection

Deep learning technology can automatically extract features from software source code, making it widely used for detecting software vulnerabilities. Most existing deep learning-based approaches rely on whole functions or sequence-level program slices to identify vulnerabilities. However, these approaches often struggle to capture comprehensive vulnerability semantics, leading to high false positive rates and false negative rates. In this paper, we propose GraphFVD, a novel property graph-based fine-grained vulnerability detection approach. Our approach extracts property graph-based slices from the Code Property Graph and introduces a Hierarchical Attention Graph Convolutional Network to learn graph embeddings. GraphFVD provides a fine-grained code representation that captures syntax, control flow, data flow, and the natural sequential order of source code relevant to vulnerabilities. We evaluate the effectiveness of our approach on two real-world vulnerability datasets. Experimental results demonstrate that our approach outperforms existing state-of-the-art vulnerability detection methods on both datasets.