Search papers, labs, and topics across Lattice.
This paper introduces VulGNN, a graph neural network for software vulnerability detection that leverages the graph structure of code. VulGNN achieves performance comparable to LLMs while being 100 times smaller and faster to retrain. Ablation studies validate the architecture and generalizability across different code datasets, demonstrating its potential for edge deployment.
LLMs aren't the only path to vulnerability detection: a GNN-based model achieves near-parity with 100x less overhead.
Large Language Models (LLMs) have emerged as a popular choice in vulnerability detection studies given their foundational capabilities, open source availability, and variety of models, but have limited scalability due to extensive compute requirements. Using the natural graph relational structure of code, we show that our proposed graph neural network (GNN) based deep learning model VulGNN for vulnerability detection can achieve performance almost on par with LLMs, but is 100 times smaller in size and fast to retrain and customize. We describe the VulGNN architecture, ablation studies on components, learning rates, and generalizability to different code datasets. As a lightweight model for vulnerability analysis, VulGNN is efficient and deployable at the edge as part of real-world software development pipelines.
