An Enhanced Vulnerability Detection in Software Using a Heterogeneous Encoding Ensemble.

Detecting vulnerabilities in source code is essential to prevent cybersecurity attacks. Deep learning-based vulnerability detection is an active research topic in software security. However, existing deep learning-based vulnerability detectors (VD) are limited to using either serialization-based or graph-based methods, which do not combine serialized global and structured local information at the same time. As a result, a single method cannot perform well for semantic information that exists in complex source code, leading to low detection accuracy. In this paper, we present EL-VDetect, a stacked ensemble learning approach for vulnerability detection that eliminates these issues. EL-VDetect enhances feature selection techniques to represent the best relevant vulnerability features with the slice code and subgraphs, reducing redundant information of vulnerabilities. Our model combines serialization-based and graph-based neural networks to successfully capture the global and local context information of source code, effectively understands code semantics, and focuses on vulnerable nodes based on the attention mechanism to accurately detect vulnerabilities. To evaluate EL-VDetect's effectiveness, we crawl a real-world dataset from CVEDetails, consisting of functions for eight applications. A comprehensive performance analysis of the real-world dataset shows that EL-VDetect achieves 90.72% accuracy, outperforming baseline deep learning models by 1.75-26.21 %. Our proposed model can better identify vulnerabilities in software than other existing vulnerability detection models.