Bridging Semantics & Structure for Software Vulnerability Detection using Hybrid Network Models
This addresses the problem of scalable and explainable vulnerability detection for software developers, offering an incremental improvement over existing methods.
The paper tackled software vulnerability detection by combining heterogeneous graph representations of program structure with lightweight local LLMs, achieving 93.57% accuracy, an 8.36% gain over Graph Attention Networks and 17.81% over pretrained LLM baselines.
Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework combines these graph representations with light-weight (<4B) local LLMs, uniting topological features with semantic reasoning while avoiding the cost and privacy concerns of large cloud models. Evaluated on Java vulnerability detection (binary classification), our method achieves 93.57% accuracy-an 8.36% gain over Graph Attention Network-based embeddings and 17.81% over pretrained LLM baselines such as Qwen2.5 Coder 3B. Beyond accuracy, the approach extracts salient subgraphs and generates natural language explanations, improving interpretability for developers. These results pave the way for scalable, explainable, and locally deployable tools that can shift vulnerability analysis from purely syntactic checks to deeper structural and semantic insights, facilitating broader adoption in real-world secure software development.