IRTUM – Institutional Repository of the Technical University of Moldova
Applying GNN for Source Code Analysis: vulnerability detection
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.advisor | CATRUC, Mariana | |
| dc.contributor.author | WU, Xenia-Qin Li | |
| dc.date.accessioned | 2026-02-26T13:28:58Z | |
| dc.date.available | 2026-02-26T13:28:58Z | |
| dc.date.issued | 2026 | |
| dc.identifier.citation | WU, Xenia-Qin Li. Applying GNN for Source Code Analysis: vulnerability detection. Teză de master. Programul de studiu Ingineria software. Conducător ştiinţific CATRUC Mariana, lect. univ. Universitatea Tehnică a Moldovei. Chișinău, 2026. | en_US |
| dc.identifier.uri | https://repository.utm.md/handle/5014/35493 | |
| dc.description | Fişierul ataşat conţine: Abstract, Contents, Introduction, Bibliography. | en_US |
| dc.description.abstract | The growing size and complexity of current software systems have made security holes more com- mon and more serious, especially in programming languages like C and C++ that are used at the system level. Static Application Security Testing tools and other traditional ways of automatically finding vulnerabilities depend a lot on rules and heuristics that people make by looking at known vulnerability patterns. These methods work well for finding some well-known bugs, but they have some major problems, including as high false-positive rates, limited ability to generalize to new bugs, and not enough understanding of how programs behave. Recent deep learning techniques that analyze source code as a linear sequence of tokens have shown potential; however, they naturally overlook essential structural information pertaining to syntax, control flow, and data dependencies. This thesis tackles these shortcomings by exploring a graph-based framework for source code analysis that accurately reflects the inherent structure of programs and facilitates learning-based reasoning regarding intricate, non-local interactions. The fundamental assertion of this study is that software vulnerabilities arise from the interplay among syntactic expressions, execution pathways, and data flows, rather than from discrete code segments. So, for automatic detection to work well, there needs to be a representation that can clearly model these interactions. For this purpose, the thesis uses the Code Property Graph as a single representation that com- bines the Abstract Syntax Tree, Control-Flow Graph, and Data-Flow Graph into one graph structure that is not uniform. This approach keeps grammatical hierarchy, execution semantics, and variable lifecycle information in a clear analytical framework. By incorporating these intricate structural linkages directly into the input space, the analysis transcends superficial pattern matching, advancing towards a more semantically nuanced comprehension of program behavior. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Universitatea Tehnică a Moldovei | en_US |
| dc.rights | Attribution-NonCommercial-NoDerivs 3.0 United States | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/us/ | * |
| dc.subject | Static Application Security Testing (SAST) | en_US |
| dc.subject | software vulnerabilities | en_US |
| dc.subject | Graph Neural Networks | en_US |
| dc.title | Applying GNN for Source Code Analysis: vulnerability detection | en_US |
| dc.type | Thesis | en_US |
Files in this item
The following license files are associated with this item:
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 United States