CPVD: Cross Project Vulnerability Detection Based on Graph Attention Network and Domain Adaptation

Code vulnerability detection is critical for software security prevention. Vulnerability annotation in large-scale software code is quite tedious and challenging, which requires domain experts to spend a lot of time annotating. This work offers CPVD, a cross-domain vulnerability detection approach based on the challenge of "learning to predict the vulnerability labels of another item quickly using one item with rich vulnerability labels." CPVD uses the code property graph to represent the code and uses the Graph Attention Network and Convolution Pooling Network to extract the graph feature vector. It reduces the distribution between the source domain and target domain data in the Domain Adaptation Representation Learning stage for cross-domain vulnerability detection. In this paper, we test each other on different real-world project codes. Compared with methods without domain adaptation and domain adaptation methods based on natural language processing, CPVD is more general and performs better in cross-domain vulnerability detection tasks. Specifically, for the four datasets of chr_deb, qemu, libav, and sard, they achieved the best results of 70.2%, 81.1%, 59.7%, and 78.1% respectively on the F1-Score, and 88.4%,86.3%, 85.2%, and 88.6% on the AUC.