Abstract: With the widespread application of software across various fields, software vulnerabilities have shown a continuous growth trend, posing a serious threat to system security. As a result, software vulnerability detection has become one of the research hotspots in the field of software engineering. In recent years, deep learning-based methods for software vulnerability detection have been widely adopted. Among these, graph representation learning-based methods have garnered significant attention from researchers, and their effectiveness has been proven. However, existing graph representation learning methods still have certain limitations, particularly in accurately determining the importance of unweighted edges in graphs, which hinders the model's ability to learn the potential relationships among vulnerability statements. To address this issue, this paper proposes a software vulnerability detection method based on edge weights (Edge Weight for Vulnerability Detection, EWVD). This method effectively identifies the information transmission capability of nodes by combining three metrics: connection structure, the importance of neighboring nodes, and Jaccard similarity, thereby improving vulnerability detection performance. Compared to the best-performing baseline among seven vulnerability detection baseline methods, the proposed EWVD method achieves an average improvement of 1.06% in Accuracy and an average reduction of 1.11% in FPR.

Key words: vulnerability detection, edge weight, graph representation learning

摘要： 随着软件在各个领域的广泛应用，软件漏洞呈现出不断增长趋势，对系统安全构成了严重威胁。因此，软件漏洞检测成为软件工程领域的研究热点之一。近年来，基于深度学习的软件漏洞检测方法得到广泛应用。其中，基于图表示学习的方法受到了研究者的广泛关注，并且其有效性已经得到证明。然而，现有的图表示学习的方法仍然存在一定的局限性，即无法准确地判断图中的无加权边的重要性，从而使得模型无法对漏洞语句的潜在关系进行学习。针对该问题，提出了一种基于边权重的软件漏洞检测方法（Edge Weight for Vulnerability Detection, EWVD），该方法利用连接结构、邻居节点的重要性和Jaccard相似性三种度量结合计算，有效地识别节点的传递信息能力，从而提高漏洞检测性能。与七种漏洞检测基线方法中的最优基线相比，本文提出的EWVD方法的Accuracy平均提高1.06%，FPR平均降低1.11%。

关键词: 漏洞检测, 边权重, 图表示学习