English

Bridging Semantics & Structure for Software Vulnerability Detection using Hybrid Network Models

Software Engineering 2025-10-14 v1 Artificial Intelligence Cryptography and Security

Abstract

Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework combines these graph representations with light-weight (<4B) local LLMs, uniting topological features with semantic reasoning while avoiding the cost and privacy concerns of large cloud models. Evaluated on Java vulnerability detection (binary classification), our method achieves 93.57% accuracy-an 8.36% gain over Graph Attention Network-based embeddings and 17.81% over pretrained LLM baselines such as Qwen2.5 Coder 3B. Beyond accuracy, the approach extracts salient subgraphs and generates natural language explanations, improving interpretability for developers. These results pave the way for scalable, explainable, and locally deployable tools that can shift vulnerability analysis from purely syntactic checks to deeper structural and semantic insights, facilitating broader adoption in real-world secure software development.

Keywords

Cite

@article{arxiv.2510.10321,
  title  = {Bridging Semantics & Structure for Software Vulnerability Detection using Hybrid Network Models},
  author = {Jugal Gajjar and Kaustik Ranaware and Kamalasankari Subramaniakuppusamy},
  journal= {arXiv preprint arXiv:2510.10321},
  year   = {2025}
}

Comments

13 pages, 3 figures, 5 tables, 14 equations, accepted at the 14th International Conference on Complex Networks and Their Applications (COMPLEX NETWORKS 2025) and the conference proceedings will be published by Springer in the Studies in Computational Intelligence series

R2 v1 2026-07-01T06:31:40.741Z