{"id":"https://openalex.org/W4414692560","doi":"https://doi.org/10.1109/tr.2025.3605871","title":"DeepVulMatch: Learning and Matching Latent Vulnerability Representations for Dual-Granularity Vulnerability Detection","display_name":"DeepVulMatch: Learning and Matching Latent Vulnerability Representations for Dual-Granularity Vulnerability Detection","publication_year":2025,"publication_date":"2025-10-01","ids":{"openalex":"https://openalex.org/W4414692560","doi":"https://doi.org/10.1109/tr.2025.3605871"},"language":"en","primary_location":{"id":"doi:10.1109/tr.2025.3605871","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tr.2025.3605871","pdf_url":null,"source":{"id":"https://openalex.org/S87725633","display_name":"IEEE Transactions on Reliability","issn_l":"0018-9529","issn":["0018-9529","1558-1721"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Reliability","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102710465","display_name":"Michael C. Fu","orcid":"https://orcid.org/0000-0001-7211-3491"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Michael Fu","raw_affiliation_strings":["School of Computing and Information Systems, The University of Melbourne, Melbourne, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computing and Information Systems, The University of Melbourne, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102780660","display_name":"Trung Le","orcid":"https://orcid.org/0000-0003-0414-9067"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Trung Le","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Clayton, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Clayton, VIC, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100769134","display_name":"Van Nguyen","orcid":"https://orcid.org/0000-0002-5838-3409"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Van Nguyen","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Clayton, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Clayton, VIC, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081449581","display_name":"Chakkrit Tantithamthavorn","orcid":"https://orcid.org/0000-0002-5516-9984"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Chakkrit Tantithamthavorn","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Clayton, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Clayton, VIC, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036447132","display_name":"Dinh Phung","orcid":"https://orcid.org/0000-0002-9977-8247"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Dinh Phung","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Clayton, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Clayton, VIC, Australia","institution_ids":["https://openalex.org/I56590836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5102710465"],"corresponding_institution_ids":["https://openalex.org/I165779595"],"apc_list":null,"apc_paid":null,"fwci":3.2168,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.93781712,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"74","issue":"4","first_page":"4930","last_page":"4943"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9376999735832214,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9376999735832214,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/codebook","display_name":"Codebook","score":0.864300012588501},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5968000292778015},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5785999894142151},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.5699999928474426},{"id":"https://openalex.org/keywords/vector-quantization","display_name":"Vector quantization","score":0.529699981212616},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.4659000039100647},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.4571000039577484},{"id":"https://openalex.org/keywords/feature-learning","display_name":"Feature learning","score":0.39419999718666077},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.3734999895095825},{"id":"https://openalex.org/keywords/coding","display_name":"Coding (social sciences)","score":0.3686999976634979}],"concepts":[{"id":"https://openalex.org/C127759330","wikidata":"https://www.wikidata.org/wiki/Q637416","display_name":"Codebook","level":2,"score":0.864300012588501},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7081000208854675},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5985000133514404},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5968000292778015},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5785999894142151},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.5699999928474426},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5317999720573425},{"id":"https://openalex.org/C199833920","wikidata":"https://www.wikidata.org/wiki/Q612536","display_name":"Vector quantization","level":2,"score":0.529699981212616},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.4659000039100647},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.4571000039577484},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42809998989105225},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.39419999718666077},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.3734999895095825},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.3686999976634979},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.3668999969959259},{"id":"https://openalex.org/C28855332","wikidata":"https://www.wikidata.org/wiki/Q198099","display_name":"Quantization (signal processing)","level":2,"score":0.366100013256073},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.35989999771118164},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.3431999981403351},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.33739998936653137},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.3215999901294708},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.2939000129699707},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.29170000553131104},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.28940001130104065},{"id":"https://openalex.org/C198352243","wikidata":"https://www.wikidata.org/wiki/Q37105","display_name":"Line (geometry)","level":2,"score":0.2879999876022339},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.28679999709129333},{"id":"https://openalex.org/C97931131","wikidata":"https://www.wikidata.org/wiki/Q5282087","display_name":"Discriminative model","level":2,"score":0.28610000014305115},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.28380000591278076},{"id":"https://openalex.org/C40567965","wikidata":"https://www.wikidata.org/wiki/Q1820283","display_name":"Learning vector quantization","level":3,"score":0.2793000042438507},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2743000090122223},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.2651999890804291},{"id":"https://openalex.org/C2983787585","wikidata":"https://www.wikidata.org/wiki/Q93586","display_name":"Feature matching","level":3,"score":0.2621999979019165},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2590000033378601},{"id":"https://openalex.org/C2781181686","wikidata":"https://www.wikidata.org/wiki/Q4226068","display_name":"Coherence (philosophical gambling strategy)","level":2,"score":0.2531999945640564}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tr.2025.3605871","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tr.2025.3605871","pdf_url":null,"source":{"id":"https://openalex.org/S87725633","display_name":"IEEE Transactions on Reliability","issn_l":"0018-9529","issn":["0018-9529","1558-1721"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Reliability","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W1992114977","https://openalex.org/W2160642098","https://openalex.org/W2550548986","https://openalex.org/W2781491433","https://openalex.org/W2885030880","https://openalex.org/W2962784628","https://openalex.org/W2962960733","https://openalex.org/W2968236154","https://openalex.org/W2970641574","https://openalex.org/W2979183801","https://openalex.org/W2986396948","https://openalex.org/W3091588759","https://openalex.org/W3098605233","https://openalex.org/W3163206498","https://openalex.org/W3166095789","https://openalex.org/W3177116043","https://openalex.org/W3190742226","https://openalex.org/W3198685994","https://openalex.org/W3199263538","https://openalex.org/W3202871865","https://openalex.org/W4205733352","https://openalex.org/W4221166942","https://openalex.org/W4225673889","https://openalex.org/W4233762729","https://openalex.org/W4312436517","https://openalex.org/W4312757223","https://openalex.org/W4312969325","https://openalex.org/W4384345694","https://openalex.org/W4386066477","https://openalex.org/W4387298393","https://openalex.org/W4389519352","https://openalex.org/W4391558363","https://openalex.org/W4392021591","https://openalex.org/W4393160374","https://openalex.org/W4393406994","https://openalex.org/W4403863706","https://openalex.org/W4406138195","https://openalex.org/W4409761762"],"related_works":[],"abstract_inverted_index":{"Deep":[0],"learning":[1],"(DL)":[2],"models":[3,50],"are":[4],"widely":[5],"used":[6],"to":[7,21,40,73,96,128],"detect":[8],"software":[9],"vulnerabilities,":[10],"but":[11],"identifying":[12,152],"vulnerabilities":[13,29],"at":[14,181],"the":[15,26,44,75,93,153,177,183],"line":[16,37,80,90,186],"level":[17],"remains":[18],"challenging":[19],"due":[20],"varied":[22],"coding":[23],"styles":[24],"and":[25,69,82,111,185],"spread":[27],"of":[28,78,170],"across":[30],"multiple":[31],"lines.":[32],"We":[33,159],"observe":[34],"that":[35,64,118],"vulnerable":[36,79,89,143,155],"embeddings":[38,81,91],"tend":[39],"form":[41,97],"clusters":[42],"in":[43],"feature":[45],"space,":[46],"which":[47,101],"can":[48],"help":[49],"capture":[51],"hidden":[52],"patterns":[53],"more":[54],"effectively.":[55],"In":[56],"this":[57,126],"article,":[58],"we":[59,87,102],"propose":[60],"a":[61,98,105,147],"novel":[62],"approach":[63,136,162],"leverages":[65],"vector":[66],"quantization":[67],"(VQ)":[68],"optimal":[70],"transport":[71],"(OT)":[72],"exploit":[74],"clustering":[76],"characteristics":[77],"enhance":[83],"detection":[84],"performance.":[85],"Specifically,":[86],"extract":[88],"from":[92],"training":[94],"data":[95],"vulnerability":[99,107,131],"collection,":[100],"condense":[103],"into":[104],"compact":[106],"codebook":[108,127],"using":[109],"VQ":[110],"OT.":[112],"Inspired":[113],"by":[114],"static":[115],"analysis":[116],"tools":[117],"rely":[119],"on":[120,166],"pattern":[121],"matching,":[122],"our":[123,161],"model":[124],"uses":[125],"match":[129],"latent":[130],"representations":[132],"during":[133],"inference.":[134],"Our":[135,174],"also":[137],"introduces":[138],"dual-granularity":[139],"detection,":[140],"predicting":[141],"both":[142,182],"functions":[144],"and,":[145],"when":[146],"function":[148,184],"is":[149],"predicted":[150],"vulnerable,":[151],"specific":[154],"lines":[156],"within":[157],"it.":[158],"evaluate":[160],"against":[163],"12":[164],"baselines":[165],"two":[167],"large-scale":[168],"datasets":[169],"real-world":[171],"open-source":[172],"vulnerabilities.":[173],"method":[175],"achieves":[176],"highest":[178],"F1":[179],"scores":[180],"levels.":[187]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-01T17:29:45.350535","created_date":"2025-10-10T00:00:00"}