{"id":"https://openalex.org/W4400579932","doi":"https://doi.org/10.1109/tse.2024.3427815","title":"Vulnerability Detection via Multiple-Graph-Based Code Representation","display_name":"Vulnerability Detection via Multiple-Graph-Based Code Representation","publication_year":2024,"publication_date":"2024-07-12","ids":{"openalex":"https://openalex.org/W4400579932","doi":"https://doi.org/10.1109/tse.2024.3427815"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2024.3427815","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2024.3427815","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001119004","display_name":"Fangcheng Qiu","orcid":"https://orcid.org/0000-0001-8652-382X"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Fangcheng Qiu","raw_affiliation_strings":["State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0001-8652-382X","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102825823","display_name":"Zhongxin Liu","orcid":"https://orcid.org/0000-0002-1981-1626"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhongxin Liu","raw_affiliation_strings":["State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-1981-1626","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047688641","display_name":"Xing Hu","orcid":"https://orcid.org/0000-0003-0093-3292"},"institutions":[{"id":"https://openalex.org/I109935558","display_name":"Ningbo University","ror":"https://ror.org/03et85d35","country_code":"CN","type":"education","lineage":["https://openalex.org/I109935558"]},{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xing Hu","raw_affiliation_strings":["School of Software Technology, Zhejiang University, Ningbo, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0003-0093-3292","affiliations":[{"raw_affiliation_string":"School of Software Technology, Zhejiang University, Ningbo, Zhejiang, China","institution_ids":["https://openalex.org/I109935558","https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006669765","display_name":"Xin Xia","orcid":"https://orcid.org/0000-0002-6302-3256"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Xia","raw_affiliation_strings":["Software Engineering Application Technology Lab, Huawei, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-6302-3256","affiliations":[{"raw_affiliation_string":"Software Engineering Application Technology Lab, Huawei, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100389286","display_name":"Gang Chen","orcid":"https://orcid.org/0000-0002-7483-0045"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Gang Chen","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-7483-0045","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100352800","display_name":"Xinyu Wang","orcid":"https://orcid.org/0000-0002-5507-6569"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinyu Wang","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"],"raw_orcid":"https://orcid.org/0000-0002-5507-6569","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I168879160"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5001119004"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":19.9194,"has_fulltext":false,"cited_by_count":45,"citation_normalized_percentile":{"value":0.9944111,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"50","issue":"8","first_page":"2178","last_page":"2199"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9908000230789185,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8394598960876465},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.49274447560310364},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.45726901292800903},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.4443683922290802},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4438129961490631},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4348721206188202},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2307746410369873}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8394598960876465},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.49274447560310364},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.45726901292800903},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4443683922290802},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4438129961490631},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4348721206188202},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2307746410369873},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2024.3427815","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2024.3427815","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.5299999713897705,"display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":72,"referenced_works":["https://openalex.org/W179367048","https://openalex.org/W1832693441","https://openalex.org/W1964962870","https://openalex.org/W1966741850","https://openalex.org/W1992114977","https://openalex.org/W1994616650","https://openalex.org/W2003529494","https://openalex.org/W2027887391","https://openalex.org/W2028820179","https://openalex.org/W2062227835","https://openalex.org/W2079753286","https://openalex.org/W2112796928","https://openalex.org/W2116341502","https://openalex.org/W2166336492","https://openalex.org/W2194775991","https://openalex.org/W2250539671","https://openalex.org/W2360967250","https://openalex.org/W2547625248","https://openalex.org/W2563351168","https://openalex.org/W2605035112","https://openalex.org/W2618635610","https://openalex.org/W2752782242","https://openalex.org/W2781491433","https://openalex.org/W2885030880","https://openalex.org/W2907492528","https://openalex.org/W2945827377","https://openalex.org/W2962784628","https://openalex.org/W2962946486","https://openalex.org/W2962960733","https://openalex.org/W2963653811","https://openalex.org/W2965861627","https://openalex.org/W2997451752","https://openalex.org/W3014339000","https://openalex.org/W3021503072","https://openalex.org/W3033777149","https://openalex.org/W3086449553","https://openalex.org/W3091588759","https://openalex.org/W3098605233","https://openalex.org/W3101228802","https://openalex.org/W3101553402","https://openalex.org/W3109966548","https://openalex.org/W3111602563","https://openalex.org/W3119507053","https://openalex.org/W3126675481","https://openalex.org/W3161071537","https://openalex.org/W3161597531","https://openalex.org/W3161746459","https://openalex.org/W3166095789","https://openalex.org/W3175925542","https://openalex.org/W3177116043","https://openalex.org/W3194346579","https://openalex.org/W3195442242","https://openalex.org/W4210772589","https://openalex.org/W4221033043","https://openalex.org/W4221166942","https://openalex.org/W4284667406","https://openalex.org/W4284708426","https://openalex.org/W4287848613","https://openalex.org/W4294170691","https://openalex.org/W4312436517","https://openalex.org/W4312969325","https://openalex.org/W4390144492","https://openalex.org/W6675416627","https://openalex.org/W6690815549","https://openalex.org/W6725533135","https://openalex.org/W6726873649","https://openalex.org/W6731031554","https://openalex.org/W6738964360","https://openalex.org/W6745537798","https://openalex.org/W6767260250","https://openalex.org/W6783227185","https://openalex.org/W6790588633"],"related_works":["https://openalex.org/W2095999892","https://openalex.org/W2018764758","https://openalex.org/W2383689843","https://openalex.org/W1550668881","https://openalex.org/W617913288","https://openalex.org/W2319323865","https://openalex.org/W2951745010","https://openalex.org/W2347958299","https://openalex.org/W2963125730","https://openalex.org/W2753096400"],"abstract_inverted_index":{"During":[0],"software":[1,12],"development":[2],"and":[3,19,40,81,105,175,199,221,241,278,285,322],"maintenance,":[4],"vulnerability":[5,112,136,313],"detection":[6,137],"is":[7,301],"an":[8,52],"essential":[9],"part":[10],"of":[11,55,202,225,256,265,318,342],"quality":[13],"assurance.":[14],"Even":[15],"though":[16],"many":[17],"program-analysis-based":[18],"machine-learning-based":[20],"approaches":[21,70,116],"have":[22],"been":[23],"proposed":[24],"to":[25,66,74,85,118,166,188,209,235,296],"automatically":[26],"detect":[27,67,86,167],"vulnerabilities,":[28],"they":[29,89],"rely":[30],"on":[31,272,304,311],"explicit":[32],"rules":[33],"or":[34,47],"patterns":[35],"defined":[36],"by":[37,336],"security":[38],"experts":[39],"suffer":[41,90],"from":[42,91,108,178],"either":[43],"high":[44,48],"false":[45,49],"positives":[46],"negatives.":[50],"Recently,":[51],"increasing":[53],"number":[54],"studies":[56],"leverage":[57,71],"deep":[58],"learning":[59],"techniques,":[60],"especially":[61],"Graph":[62],"Neural":[63],"Network":[64],"(GNN),":[65],"vulnerabilities.":[68,87],"These":[69,115],"program":[72,77],"analysis":[73,84],"represent":[75,189],"the":[76,103,173,218,222,226,237,246,257,276,282,334],"semantics":[78],"as":[79],"graphs":[80,198,263],"perform":[82],"graph":[83,254,270],"However,":[88],"two":[92,196],"main":[93],"problems:":[94],"(i)":[95],"Existing":[96],"GNN-based":[97],"techniques":[98],"do":[99],"not":[100],"effectively":[101,171],"learn":[102,172],"structural":[104,174,219,240],"semantic":[106,176,223,242],"features":[107,177],"source":[109,123,179],"code":[110,288],"for":[111],"detection.":[113],"(ii)":[114],"tend":[117],"ignore":[119],"fine-grained":[120,287],"information":[121],"in":[122,129,275,340],"code.":[124],"To":[125,170,244],"tackle":[126],"these":[127],"problems,":[128],"this":[130,299],"paper,":[131],"we":[132,205,229],"propose":[133],"a":[134,200,210,231,266,316],"novel":[135],"approach,":[138],"named":[139],"<sc":[140,146,151,157,163,181,249,291],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[141,144,147,149,152,155,158,161,164,182,250,292],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">MGVD</small>":[142,183,251,293],"(<bold":[143],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">M</b>":[145],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">ultiple</small>-<bold":[148],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">G</b>":[150],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">raph-Based</small>":[153],"<bold":[154,160],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">V</b>":[156],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">ulnerability</small>":[159],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">D</b>":[162],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">etection)</small>,":[165],"vulnerable":[168,302,320],"functions.":[169,325],"code,":[180],"uses":[184],"three":[185],"different":[186,262],"ways":[187],"each":[190,253],"function":[191,259,277,300],"into":[192],"multiple":[193,261],"forms,":[194],"i.e.,":[195],"statement":[197,274],"sequence":[201],"tokens.":[203],"Then":[204],"encode":[206],"such":[207,305],"representations":[208],"three-channel":[211],"feature":[212,215,220,224,306],"matrix.":[213,307],"The":[214,326],"matrix":[216],"contains":[217],"function.":[227],"And":[228],"add":[230],"weight":[232],"allocation":[233],"layer":[234],"distribute":[236],"weights":[238],"between":[239],"features.":[243],"overcome":[245],"second":[247],"problem,":[248],"constructs":[252],"representation":[255],"input":[258],"using":[260],"instead":[264],"single":[267],"graph.":[268],"Each":[269],"focuses":[271],"one":[273],"its":[279],"nodes":[280],"denote":[281],"related":[283],"statements":[284],"their":[286],"elements.":[289],"Finally,":[290],"leverages":[294],"CNN":[295],"identify":[297],"whether":[298],"based":[303],"We":[308],"conduct":[309],"experiments":[310],"3":[312],"datasets":[314],"with":[315],"total":[317],"30,341":[319],"functions":[321],"127,931":[323],"non-vulnerable":[324],"experimental":[327],"results":[328],"show":[329],"that":[330],"our":[331],"method":[332],"outperforms":[333],"state-of-the-art":[335],"9.68%":[337],"\u2013":[338],"10.28%":[339],"terms":[341],"F1-score.":[343]},"counts_by_year":[{"year":2026,"cited_by_count":14},{"year":2025,"cited_by_count":29},{"year":2024,"cited_by_count":2}],"updated_date":"2026-05-24T08:33:08.758527","created_date":"2025-10-10T00:00:00"}