{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T22:12:07Z","timestamp":1780351927309,"version":"3.54.1"},"reference-count":57,"publisher":"Wiley","issue":"8","license":[{"start":{"date-parts":[[2023,4,10]],"date-time":"2023-04-10T00:00:00Z","timestamp":1681084800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/501100004731","name":"Natural Science Foundation of Zhejiang Province","doi-asserted-by":"publisher","award":["LY23F020016"],"award-info":[{"award-number":["LY23F020016"]}],"id":[{"id":"10.13039\/501100004731","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004731","name":"Natural Science Foundation of Zhejiang Province","doi-asserted-by":"publisher","award":["LY21F020020"],"award-info":[{"award-number":["LY21F020020"]}],"id":[{"id":"10.13039\/501100004731","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61902096"],"award-info":[{"award-number":["61902096"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Softw Pract Exp"],"published-print":{"date-parts":[[2023,8]]},"abstract":"Abstract<\/jats:title>Code vulnerabilities can have serious consequences such as system attacks and data leakage, making it crucial to perform code vulnerability detection during the software development phase. Deep learning is an emerging approach for vulnerability detection tasks. Existing deep learning\u2010based code vulnerability detection methods are usually based on word2vec embedding of linear sequences of source code, followed by code vulnerability detection through RNNs network. However, such methods can only capture the superficial structural or syntactic information of the source code text, which is not suitable for modeling the complex control flow and data flow and miss edge information in the graph structure constructed by the source code, with limited effect of neural network model. To solve the above problems, this article proposes a code vulnerability detection method, named VulGraB, which is based on graph embedding and bidirectional gated graph neural networks. VulGraB uses node2vec to convert the program\u2010dependent graphs into graph embeddings of the code, which contain rich structure information of the source code, improving the ability of features to express nonlinear information to a certain extent. Then the BiGGNN is used for training, and finally the accuracy of the detection results is evaluated using target program. The bi\u2010directional gated neural network utilizes a bi\u2010directional recurrent structure, which is beneficial to global information aggregation. The experimental results show that the accuracy of VulGraB is significantly improved over the baseline models on two datasets, with F1 scores of 85.89% and 97.24% being the highest, demonstrating that VulGraB consistently outperforms other effective vulnerability detection models.<\/jats:p>","DOI":"10.1002\/spe.3205","type":"journal-article","created":{"date-parts":[[2023,4,11]],"date-time":"2023-04-11T06:55:18Z","timestamp":1681196118000},"page":"1631-1658","update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["VulGraB<\/scp>: Graph<\/scp>\u2010embedding\u2010based code vulnerability detection with bi\u2010directional gated graph neural network"],"prefix":"10.1002","volume":"53","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1389-2488","authenticated-orcid":false,"given":"Sixuan","family":"Wang","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology Hangzhou Dianzi University Hangzhou 310018 China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chen","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology Hangzhou Dianzi University Hangzhou 310018 China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dongjin","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology Hangzhou Dianzi University Hangzhou 310018 China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xin","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology Hangzhou Dianzi University Hangzhou 310018 China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"311","published-online":{"date-parts":[[2023,4,10]]},"reference":[{"key":"e_1_2_12_2_1","unstructured":"GitHub.https:\/\/octoverse.github.com\/."},{"key":"e_1_2_12_3_1","unstructured":"OpenSSL.https:\/\/www.openssl.org\/."},{"key":"e_1_2_12_4_1","unstructured":"Heartbleed.https:\/\/github.com\/."},{"key":"e_1_2_12_5_1","doi-asserted-by":"crossref","unstructured":"KimS WooS LeeH OhH.VUDDY: a scalable approach for vulnerable code clone discovery. Proceedings of the 2017 IEEE Symposium on Security and Privacy; 2017:595\u2010614.","DOI":"10.1109\/SP.2017.62"},{"key":"e_1_2_12_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2895963"},{"key":"e_1_2_12_7_1","unstructured":"Wannacry.https:\/\/en.wikipedia.org\/wiki\/WannaCry_ransomware_attack."},{"key":"e_1_2_12_8_1","unstructured":"Standards N.National vulnerability database; 2011."},{"key":"e_1_2_12_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"e_1_2_12_10_1","doi-asserted-by":"crossref","unstructured":"BowmanB HuangHH.VGRAPH: a robust vulnerable code clone detection system using code property triplets. Proceedings of the 2020 IEEE European Symposium on Security and Privacy; 2020:53\u201069.","DOI":"10.1109\/EuroSP48549.2020.00012"},{"key":"e_1_2_12_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.11.053"},{"key":"e_1_2_12_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087402"},{"key":"e_1_2_12_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106289"},{"key":"e_1_2_12_14_1","doi-asserted-by":"crossref","unstructured":"GroverA LeskovecJ.node2vec: scalable feature learning for networks. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining; 2016:855\u2010864.","DOI":"10.1145\/2939672.2939754"},{"key":"e_1_2_12_15_1","unstructured":"ChenY WuL ZakiMJ.Reinforcement learning based graph\u2010to\u2010sequence model for natural question generation. Proceedings of the 8th International Conference on Learning Representations; 2020."},{"key":"e_1_2_12_16_1","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/8858010"},{"key":"e_1_2_12_17_1","doi-asserted-by":"crossref","unstructured":"LetychevskyiO HryniukY.Machine learning methods for improving vulnerability detection in low\u2010level code. Proceedings of the 2020 IEEE International Conference on Big Data; 2020:5750\u20105752.","DOI":"10.1109\/BigData50022.2020.9377753"},{"key":"e_1_2_12_18_1","doi-asserted-by":"crossref","unstructured":"LiY WangS NguyenTN.Vulnerability detection with fine\u2010grained interpretations. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering; 2021:292\u2010303.","DOI":"10.1145\/3468264.3468597"},{"key":"e_1_2_12_19_1","doi-asserted-by":"crossref","unstructured":"WangZ ZhengQ SunY.GVD\u2010net: graph embedding\u2010based machine learning model for smart contract vulnerability detection. Proceedings of the 2022 International Conference on Algorithms Data Mining and Information Technology; 2022:99\u2010103.","DOI":"10.1109\/ADMIT57209.2022.00024"},{"key":"e_1_2_12_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3436877"},{"key":"e_1_2_12_21_1","doi-asserted-by":"crossref","unstructured":"RussellR KimL HamiltonL et al.Automated vulnerability detection in source code using deep representation learning. Proceedings of the 2018 17th IEEE International Conference on Machine Learning and Applications; 2018:757\u2010762.","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"e_1_2_12_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2018.2875879"},{"key":"e_1_2_12_23_1","unstructured":"Common Weakness Enumeration 2020 https:\/\/cwe.mitre.org\/data\/index.html."},{"key":"e_1_2_12_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2984505"},{"key":"e_1_2_12_25_1","doi-asserted-by":"crossref","unstructured":"LiZ ZouD XuS et al.Vuldeepecker: a deep learning\u2010based system for vulnerability detection. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium 2018; 2018.","DOI":"10.14722\/ndss.2018.23158"},{"key":"e_1_2_12_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3044773"},{"key":"e_1_2_12_27_1","unstructured":"CVE https:\/\/cve.mitre.org\/."},{"key":"e_1_2_12_28_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TDSC.2022.3192419","article-title":"How about bug\u2010triggering paths? Understanding and characterizing learning\u2010based vulnerability detectors","author":"Cheng X","year":"2022","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"e_1_2_12_29_1","unstructured":"GaoH WuL HuP WeiZ XuF LongB.Graph\u2010augmented learning to rank for querying large\u2010scale knowledge graph. Proceedings of the 2nd Conference of the Asia\u2010Pacific Chapter of the Association for Computational Linguistics and the 12th International Joint Conference on Natural Language Processing; 2022:82\u201092."},{"key":"e_1_2_12_30_1","doi-asserted-by":"crossref","unstructured":"WuF WangJ LiuJ WangW.Vulnerability detection with deep learning. Proceedings of the 3rd IEEE International Conference on Computer and Communications; 2017:1298\u20101302.","DOI":"10.1109\/CompComm.2017.8322752"},{"key":"e_1_2_12_31_1","unstructured":"ZhuangY SunejaS ThostV DomeniconiG MorariA LaredoJ.Software vulnerability detection via deep learning over disaggregated code graph representation.CoRRabs\/2109.03341; 2021."},{"key":"e_1_2_12_32_1","doi-asserted-by":"crossref","unstructured":"GriecoG GrinblatGL UzalL RawatS FeistJ MounierL.Toward large\u2010scale vulnerability discovery using machine learning. Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy; 2016:85\u201096.","DOI":"10.1145\/2857705.2857720"},{"key":"e_1_2_12_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2954088"},{"key":"e_1_2_12_34_1","doi-asserted-by":"crossref","unstructured":"GongX XingZ LiX FengZ HanZ.Joint prediction of multiple vulnerability characteristics through multi\u2010task learning. Proceedings of the 2019 24th International Conference on Engineering of Complex Computer Systems; 2019:31\u201040.","DOI":"10.1109\/ICECCS.2019.00011"},{"key":"e_1_2_12_35_1","doi-asserted-by":"crossref","unstructured":"BuchL AndrzejakA.Learning\u2010based recursive aggregation of abstract syntax trees for code clone detection. Proceedings of the 2019 IEEE 26th International Conference on Software Analysis Evolution and Reengineering; 2019:95\u2010104.","DOI":"10.1109\/SANER.2019.8668039"},{"key":"e_1_2_12_36_1","doi-asserted-by":"crossref","unstructured":"ChengX WangH HuaJ et al.Static detection of control\u2010flow\u2010related vulnerabilities using graph embedding. Proceedings of the 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS); November 2019:41\u201350.","DOI":"10.1109\/ICECCS.2019.00012"},{"key":"e_1_2_12_37_1","doi-asserted-by":"crossref","unstructured":"ChengX ZhangG WangH SuiY.Path\u2010sensitive code embedding via contrastive learning for software vulnerability detection. Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis; 2023.","DOI":"10.1145\/3533767.3534371"},{"key":"e_1_2_12_38_1","unstructured":"MikolovT ChenK CorradoG DeanJ.Efficient estimation of word representations in vector space. ICLR Workshop Track Proceedings; 2013."},{"key":"e_1_2_12_39_1","unstructured":"MikolovT SutskeverI ChenK CorradoGS DeanJ.Distributed representations of words and phrases and their compositionality. Proceedings of the 26th International Conference on Neural Information Processing Systems vol. 26; 2013."},{"key":"e_1_2_12_40_1","doi-asserted-by":"crossref","unstructured":"YangW LiL ZhangZ RenX SunX HeB.Be careful about poisoned word embeddings: exploring the vulnerability of the embedding layers in NLP models.CoRRabs\/2103.15543; 2021.","DOI":"10.18653\/v1\/2021.naacl-main.165"},{"key":"e_1_2_12_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2869336"},{"key":"e_1_2_12_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428301"},{"key":"e_1_2_12_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-021-05994-w"},{"key":"e_1_2_12_44_1","unstructured":"LeeYJ ChoiSH KimC LimS ParkK.Learning binary code with deep learning to detect software weakness. Proceedings of the 9th International Conference on Internet (ICONI) 2017 Symposium; 2017."},{"key":"e_1_2_12_45_1","doi-asserted-by":"crossref","unstructured":"FengQ FengC HongW.Graph neural network\u2010based vulnerability predication. Proceedings of the 2020 IEEE International Conference on Software Maintenance and Evolution; 2020:800\u2010801.","DOI":"10.1109\/ICSME46990.2020.00096"},{"key":"e_1_2_12_46_1","unstructured":"WuJ.Literature review on vulnerability detection using NLP technology.CoRRabs\/2104.11230 2021."},{"key":"e_1_2_12_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3016774"},{"key":"e_1_2_12_48_1","doi-asserted-by":"crossref","unstructured":"DuanX WuJ JiS et al.VulSniper: focus your attention to shoot fine\u2010grained vulnerabilities. Proceedings of the 28th International Joint Conference on Artificial Intelligence; 2019:4665\u20104671.","DOI":"10.24963\/ijcai.2019\/648"},{"key":"e_1_2_12_49_1","unstructured":"ZhouY LiuS SiowJ DuX LiuY.Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Proceedings of the 33rd International Conference on Neural Information Processing Systems vol. 32; 2019."},{"key":"e_1_2_12_50_1","doi-asserted-by":"crossref","unstructured":"SharLK TanHBK.Predicting common web application vulnerabilities from input validation and sanitization code patterns. Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering; 2012:310\u2010313.","DOI":"10.1145\/2351676.2351733"},{"key":"e_1_2_12_51_1","doi-asserted-by":"crossref","unstructured":"ChoiM JeongS OhH ChooJ.End\u2010to\u2010end prediction of buffer overruns from raw source code via neural memory networks. Proceedings of the Twenty\u2010Sixth International Joint Conference on Artificial Intelligence (IJCAI\u201017); 2017:1546\u20101553.","DOI":"10.24963\/ijcai.2017\/214"},{"key":"e_1_2_12_52_1","unstructured":"LiuS XieX MaL SiowJ LiuY.GraphSearchNet: Enhancing GNNs via capturing global dependency for semantic code search.CoRRabs\/2111.02671 2021."},{"key":"e_1_2_12_53_1","unstructured":"AlexanderL.Neural Models of Automated Documentation Generation for Source Code. Dissertation. University of Notre Dame; 2022."},{"key":"e_1_2_12_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3192631"},{"key":"e_1_2_12_55_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.3057"},{"key":"e_1_2_12_56_1","unstructured":"XiaoY ChenB YuC et al.MVP: detecting vulnerabilities using patch\u2010enhanced vulnerability signatures. Proceedings of the 29th USENIX Security Symposium; August 12\u201314 2020."},{"key":"e_1_2_12_57_1","unstructured":"WooS HongH ChoiE LeeH.MOVERY: a precise approach for modified vulnerable code clone discovery from modified open\u2010source software components. Proceedings of the 31st USENIX Security Symposium; August 10\u201312 2022."},{"key":"e_1_2_12_58_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2905"}],"container-title":["Software: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.3205","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,17]],"date-time":"2023-08-17T18:27:09Z","timestamp":1692296829000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spe.3205"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,10]]},"references-count":57,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2023,8]]}},"alternative-id":["10.1002\/spe.3205"],"URL":"https:\/\/doi.org\/10.1002\/spe.3205","archive":["Portico"],"relation":{},"ISSN":["0038-0644","1097-024X"],"issn-type":[{"value":"0038-0644","type":"print"},{"value":"1097-024X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,10]]},"assertion":[{"value":"2023-01-10","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-03-17","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-04-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}