{"id":"https://openalex.org/W4398138520","doi":"https://doi.org/10.1007/s00521-024-09819-3","title":"Multi-class vulnerability prediction using value flow and graph neural networks","display_name":"Multi-class vulnerability prediction using value flow and graph neural networks","publication_year":2024,"publication_date":"2024-05-20","ids":{"openalex":"https://openalex.org/W4398138520","doi":"https://doi.org/10.1007/s00521-024-09819-3"},"language":"en","primary_location":{"id":"doi:10.1007/s00521-024-09819-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00521-024-09819-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00521-024-09819-3.pdf","source":{"id":"https://openalex.org/S147897268","display_name":"Neural Computing and Applications","issn_l":"0941-0643","issn":["0941-0643","1433-3058"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Neural Computing and Applications","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s00521-024-09819-3.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5064733464","display_name":"Connor McLaughlin","orcid":"https://orcid.org/0009-0001-5483-8007"},"institutions":[{"id":"https://openalex.org/I160993911","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752","country_code":"AU","type":"education","lineage":["https://openalex.org/I160993911"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Connor McLaughlin","raw_affiliation_strings":["Cyber Security Cooperative Research Centre, Joondalup, Australia","Queensland University of Technology, Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"Cyber Security Cooperative Research Centre, Joondalup, Australia","institution_ids":[]},{"raw_affiliation_string":"Queensland University of Technology, Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I160993911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102902635","display_name":"Yi Lu","orcid":"https://orcid.org/0000-0001-6097-100X"},"institutions":[{"id":"https://openalex.org/I160993911","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752","country_code":"AU","type":"education","lineage":["https://openalex.org/I160993911"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yi Lu","raw_affiliation_strings":["Cyber Security Cooperative Research Centre, Joondalup, Australia","Queensland University of Technology, Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"Cyber Security Cooperative Research Centre, Joondalup, Australia","institution_ids":[]},{"raw_affiliation_string":"Queensland University of Technology, Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I160993911"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5064733464"],"corresponding_institution_ids":["https://openalex.org/I160993911"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":2.1915,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.87922284,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"36","issue":"25","first_page":"15869","last_page":"15891"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5499724745750427},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4538699984550476},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.44323253631591797},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4295422434806824},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3898482024669647},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.14230230450630188}],"concepts":[{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5499724745750427},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4538699984550476},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.44323253631591797},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4295422434806824},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3898482024669647},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.14230230450630188}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s00521-024-09819-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00521-024-09819-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00521-024-09819-3.pdf","source":{"id":"https://openalex.org/S147897268","display_name":"Neural Computing and Applications","issn_l":"0941-0643","issn":["0941-0643","1433-3058"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Neural Computing and Applications","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s00521-024-09819-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00521-024-09819-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00521-024-09819-3.pdf","source":{"id":"https://openalex.org/S147897268","display_name":"Neural Computing and Applications","issn_l":"0941-0643","issn":["0941-0643","1433-3058"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Neural Computing and Applications","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320983","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752"},{"id":"https://openalex.org/F4320321836","display_name":"Cooperative Research Centres, Australian Government Department of Industry","ror":"https://ror.org/04k59bg10"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4398138520.pdf"},"referenced_works_count":41,"referenced_works":["https://openalex.org/W1614298861","https://openalex.org/W1761184020","https://openalex.org/W1981276685","https://openalex.org/W1990762361","https://openalex.org/W2003529494","https://openalex.org/W2072385532","https://openalex.org/W2116341502","https://openalex.org/W2124991517","https://openalex.org/W2157331557","https://openalex.org/W2297774820","https://openalex.org/W2634106992","https://openalex.org/W2781491433","https://openalex.org/W2788919350","https://openalex.org/W2793157084","https://openalex.org/W2885030880","https://openalex.org/W2887364112","https://openalex.org/W2907778768","https://openalex.org/W2950898568","https://openalex.org/W2962960733","https://openalex.org/W2963447020","https://openalex.org/W2964150020","https://openalex.org/W2964241064","https://openalex.org/W2978569165","https://openalex.org/W3014832129","https://openalex.org/W3018599005","https://openalex.org/W3086481683","https://openalex.org/W3094568574","https://openalex.org/W3101228802","https://openalex.org/W3107793421","https://openalex.org/W3116350821","https://openalex.org/W3127782461","https://openalex.org/W3161071537","https://openalex.org/W3198212763","https://openalex.org/W4238083723","https://openalex.org/W4246166885","https://openalex.org/W4285490489","https://openalex.org/W4288419263","https://openalex.org/W4292363372","https://openalex.org/W4297782361","https://openalex.org/W4311165836","https://openalex.org/W4379654063"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Abstract":[0],"In":[1],"recent":[2,249],"years,":[3],"machine":[4,250],"learning":[5,251],"models":[6,38],"have":[7],"been":[8,53],"increasingly":[9],"used":[10,161],"to":[11,18,21,31,43,62,117,125,222,248,282],"detect":[12],"security":[13,138],"vulnerabilities":[14,77,179],"in":[15,78,273],"software,":[16],"due":[17],"their":[19,285],"ability":[20],"achieve":[22,254],"high":[23],"performance":[24,256],"and":[25,109,173,187,192,200,214],"lower":[26],"false":[27,235],"positive":[28],"rates":[29],"compared":[30],"traditional":[32],"program":[33,51,91],"analysis":[34,225],"tools.":[35],"However,":[36],"these":[37,123],"often":[39],"lack":[40],"the":[41,74,83,89,113,126,137,174,181,201,217,232,242,259],"capability":[42],"provide":[44,132],"a":[45,50,67,79,119,133,151,176,210,270],"clear":[46,134],"explanation":[47],"for":[48],"why":[49],"has":[52],"flagged":[54],"as":[55],"vulnerable,":[56],"leaving":[57],"developers":[58,142,278],"with":[59,279],"little":[60],"reasoning":[61],"work":[63],"with.":[64],"We":[65],"present":[66],"new":[68],"method":[69,228],"which":[70,145],"not":[71],"only":[72],"identifies":[73],"presence":[75],"of":[76,86,136,169,178,212,234,244,262],"program,":[80],"but":[81],"also":[82],"specific":[84],"type":[85],"error,":[87],"considering":[88],"whole":[90],"rather":[92],"than":[93],"just":[94],"individual":[95],"functions.":[96],"Our":[97,195],"approach":[98,268],"utilizes":[99],"graph":[100],"neural":[101],"networks":[102],"that":[103],"employ":[104],"inter-procedural":[105],"value":[106],"flow":[107],"graphs,":[108],"instruction":[110],"embedding":[111],"from":[112,180,207],"LLVM":[114],"Intermediate":[115],"Representation,":[116],"predict":[118],"class.":[120],"By":[121],"mapping":[122],"classes":[124],"Common":[127],"Weakness":[128],"Enumeration":[129],"list,":[130],"we":[131,160,253],"indication":[135],"issue":[139],"found,":[140],"saving":[141],"valuable":[143,280],"time":[144],"would":[146],"otherwise":[147],"be":[148],"spent":[149],"analyzing":[150],"binary":[152],"vulnerable/non-vulnerable":[153],"label.":[154],"To":[155],"evaluate":[156],"our":[157,227,267],"method\u2019s":[158],"effectiveness,":[159],"two":[162,218],"datasets:":[163],"one":[164],"containing":[165],"memory-related":[166],"errors":[167],"(out":[168],"bound":[170],"array":[171],"accesses),":[172],"other":[175],"range":[177],"Juliet":[182],"Test":[183],"Suite,":[184],"including":[185],"buffer":[186],"integer":[188],"overflows,":[189],"format":[190],"strings,":[191],"invalid":[193],"frees.":[194],"model,":[196],"implemented":[197],"using":[198],"PyTorch":[199],"Gated":[202],"Graph":[203],"Sequence":[204],"Neural":[205],"Network":[206],"Torch-Geometric,":[208],"achieved":[209],"precision":[211],"96.35":[213],"91.59%":[215],"on":[216],"datasets,":[219],"respectively.":[220],"Compared":[221,247],"common":[223],"static":[224],"tools,":[226],"produced":[229],"roughly":[230],"half":[231],"number":[233,243],"positives,":[236],"while":[237,257],"identifying":[238],"approximately":[239],"three":[240],"times":[241],"vulnerable":[245],"samples.":[246],"systems,":[252],"similar":[255],"offering":[258],"added":[260],"benefit":[261],"differentiating":[263],"between":[264],"classes.":[265],"Overall,":[266],"represents":[269],"meaningful":[271],"improvement":[272],"software":[274],"vulnerability":[275],"detection,":[276],"providing":[277],"insights":[281],"better":[283],"secure":[284],"code.":[286]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}