Description
Graph neural networks (GNNs) are widely used for automated vulnerability detection
on graph-structured program representations. A central challenge in designing GNNbased
architectures is determining the optimal context depth, defined by the number of
message-passing layers. While an insufficient context depth fails to capture long-range
code dependencies, deeper models may suffer from degradation, such as oversmoothing.
Despite its practical significance, previous research on graph-based vulnerability
detection often treats context depth as a standard hyperparameter. Consequently, its
impact and interaction with code graph topology remain insufficiently understood.
This thesis addresses this gap through a systematic study of context depth in GNNbased
vulnerability detection under varying code graph topologies. We develop a
modular preprocessing framework that supports deterministic and composable graph
modifications. These include schema-level node type generalization as well as topologyaltering
modifications, such as node filtering, edge filtering, and program slicing. To
enable reproducible context depth studies, we design a fixed experimental protocol
that systematically varies depth while holding all other hyperparameters constant. The
resulting depth-performance trends are evaluated using the Juliet test suite (C/C++),
with a focus on CWE-457 (Use of Uninitialized Variable) and node-level supervision.
Overall, the experiments reveal a consistent three-phase depth-performance pattern,
with limited performance at shallow context depths, a high-performing plateau once
sufficient context is available, and reduced stability at deeper context depths. Schemalevel
generalization primarily enhances efficiency and stability. Global type-based
filtering reduces graph complexity but does not consistently decrease the context depth
required for robust detection performance. In contrast, target-centered program slicing
can reduce the necessary message-passing depth under suitable configurations by
restricting the graph to vulnerability-relevant context. Finally, we introduce a targetcentered
distance metric as an interpretable structural proxy for analyzing context
depth requirements, although further refinement is needed.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching