Saved in:
Bibliographic Details
Main Authors: Haque, Radowanul, Ali, Aftab, McClean, Sally, Khan, Naveed
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.16540
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912497825480704
author Haque, Radowanul
Ali, Aftab
McClean, Sally
Khan, Naveed
author_facet Haque, Radowanul
Ali, Aftab
McClean, Sally
Khan, Naveed
contents Detecting security vulnerabilities in source code remains challenging, particularly due to class imbalance in real-world datasets where vulnerable functions are under-represented. Existing learning-based methods often optimise for recall, leading to high false positive rates and reduced usability in development workflows. Furthermore, many approaches lack explainability, limiting their integration into security workflows. This paper presents ExplainVulD, a graph-based framework for vulnerability detection in C/C++ code. The method constructs Code Property Graphs and represents nodes using dual-channel embeddings that capture both semantic and structural information. These are processed by an edge-aware attention mechanism that incorporates edge-type embeddings to distinguish among program relations. To address class imbalance, the model is trained using class-weighted cross-entropy loss. ExplainVulD achieves a mean accuracy of 88.25 percent and an F1 score of 48.23 percent across 30 independent runs on the ReVeal dataset. These results represent relative improvements of 4.6 percent in accuracy and 16.9 percent in F1 score compared to the ReVeal model, a prior learning-based method. The framework also outperforms static analysis tools, with relative gains of 14.0 to 14.1 percent in accuracy and 132.2 to 201.2 percent in F1 score. Beyond improved detection performance, ExplainVulD produces explainable outputs by identifying the most influential code regions within each function, supporting transparency and trust in security triage.
format Preprint
id arxiv_https___arxiv_org_abs_2507_16540
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Explainable Vulnerability Detection in C/C++ Using Edge-Aware Graph Attention Networks
Haque, Radowanul
Ali, Aftab
McClean, Sally
Khan, Naveed
Cryptography and Security
Artificial Intelligence
Software Engineering
Detecting security vulnerabilities in source code remains challenging, particularly due to class imbalance in real-world datasets where vulnerable functions are under-represented. Existing learning-based methods often optimise for recall, leading to high false positive rates and reduced usability in development workflows. Furthermore, many approaches lack explainability, limiting their integration into security workflows. This paper presents ExplainVulD, a graph-based framework for vulnerability detection in C/C++ code. The method constructs Code Property Graphs and represents nodes using dual-channel embeddings that capture both semantic and structural information. These are processed by an edge-aware attention mechanism that incorporates edge-type embeddings to distinguish among program relations. To address class imbalance, the model is trained using class-weighted cross-entropy loss. ExplainVulD achieves a mean accuracy of 88.25 percent and an F1 score of 48.23 percent across 30 independent runs on the ReVeal dataset. These results represent relative improvements of 4.6 percent in accuracy and 16.9 percent in F1 score compared to the ReVeal model, a prior learning-based method. The framework also outperforms static analysis tools, with relative gains of 14.0 to 14.1 percent in accuracy and 132.2 to 201.2 percent in F1 score. Beyond improved detection performance, ExplainVulD produces explainable outputs by identifying the most influential code regions within each function, supporting transparency and trust in security triage.
title Explainable Vulnerability Detection in C/C++ Using Edge-Aware Graph Attention Networks
topic Cryptography and Security
Artificial Intelligence
Software Engineering
url https://arxiv.org/abs/2507.16540