Multimodal information fusion for software vulnerability detection based on both source and binary codes

•The study detects software vulnerability based on both source and binary codes.•A novel fusion strategy is designed to accommodate the characteristics of two modalities.•ChatGPT and two pre-trained models are used for the process of feature analysis process. Context: Many researchers have proposed...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Science of computer programming Ročník 250; s. 103411
Hlavní autori: Liu, Yuzhou, Wang, Qi, Jiang, Shuang, Wu, Runze, Tian, Hongxu, Zhang, Peng
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 01.05.2026
Predmet:
Binary codes feature
Multimodal fusion
Software vulnerability detection
Source codes feature
Source codes feature
Multimodal fusion
Software vulnerability detection
Binary codes feature
ISSN:0167-6423
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Abstract •The study detects software vulnerability based on both source and binary codes.•A novel fusion strategy is designed to accommodate the characteristics of two modalities.•ChatGPT and two pre-trained models are used for the process of feature analysis process. Context: Many researchers have proposed vulnerability detection methods to enhance software reliability by analyzing the program. However, some vulnerabilities are difficult to be identified only from the source codes, especially the ones related to the execution. Objectives: To solve this problem, this paper introduces extra binary codes and proposes a novel solution for software vulnerability detection based on the multimodal information fusion. Methods: The approach treats the source and binary codes as different modalities, and uses two pre-trained models as feature extractors to analyze them separately. Then, we design an attention-based information fusion strategy that taking the information from source codes as the main body while the one from binary codes as the supplement. It could not only capture the correlations among features across different modalities, but also filter the redundancy from the binary codes in the fusion process. In this way, a more comprehensive representation of software is gained and finally taken as the basis for the vulnerability detection. Results: Our method was comprehensively evaluated on three widely-used datasets in different languages, that is Reveal in C, Devign in C++, and Code_vulnerability_java in Java: (1) For vulnerability detection performance, the Accuracy reached 86.09 %, 84.58 %, and 80.43 % across the three datasets, with F1-scores of 82.87 %, 84.62 %, and 79.58 % respectively; (2) Compared with seven state-of-the-art baseline methods, our approach achieved Accuracy improvements of 2.38 %-3.01 % and F1-score enhancements of 2.32 %-8.47 % across the datasets; (3) Moreover, the ablation experiment shows when combining binary codes with source codes (versus using source codes alone), the Accuracy improved by 6.83 %-13.76 % and F1-score increased by 5.36 %-9.86 %, demonstrating the significant performance gains from multimodal data integration. Conclusion: The results show that our approach can achieve good performance for the task of software vulnerability detection. Meanwhile, ablation experiments confirm the contributions of binary codes to the detection and indicate the effectiveness of our fusion strategy. We have released the codes and datasets (https://github.com/Wangqxn/Vul-detection) to facilitate follow-up research.
AbstractList •The study detects software vulnerability based on both source and binary codes.•A novel fusion strategy is designed to accommodate the characteristics of two modalities.•ChatGPT and two pre-trained models are used for the process of feature analysis process. Context: Many researchers have proposed vulnerability detection methods to enhance software reliability by analyzing the program. However, some vulnerabilities are difficult to be identified only from the source codes, especially the ones related to the execution. Objectives: To solve this problem, this paper introduces extra binary codes and proposes a novel solution for software vulnerability detection based on the multimodal information fusion. Methods: The approach treats the source and binary codes as different modalities, and uses two pre-trained models as feature extractors to analyze them separately. Then, we design an attention-based information fusion strategy that taking the information from source codes as the main body while the one from binary codes as the supplement. It could not only capture the correlations among features across different modalities, but also filter the redundancy from the binary codes in the fusion process. In this way, a more comprehensive representation of software is gained and finally taken as the basis for the vulnerability detection. Results: Our method was comprehensively evaluated on three widely-used datasets in different languages, that is Reveal in C, Devign in C++, and Code_vulnerability_java in Java: (1) For vulnerability detection performance, the Accuracy reached 86.09 %, 84.58 %, and 80.43 % across the three datasets, with F1-scores of 82.87 %, 84.62 %, and 79.58 % respectively; (2) Compared with seven state-of-the-art baseline methods, our approach achieved Accuracy improvements of 2.38 %-3.01 % and F1-score enhancements of 2.32 %-8.47 % across the datasets; (3) Moreover, the ablation experiment shows when combining binary codes with source codes (versus using source codes alone), the Accuracy improved by 6.83 %-13.76 % and F1-score increased by 5.36 %-9.86 %, demonstrating the significant performance gains from multimodal data integration. Conclusion: The results show that our approach can achieve good performance for the task of software vulnerability detection. Meanwhile, ablation experiments confirm the contributions of binary codes to the detection and indicate the effectiveness of our fusion strategy. We have released the codes and datasets (https://github.com/Wangqxn/Vul-detection) to facilitate follow-up research.
ArticleNumber 103411
Author Jiang, Shuang
Wang, Qi
Tian, Hongxu
Zhang, Peng
Liu, Yuzhou
Wu, Runze
Author_xml – sequence: 1
  givenname: Yuzhou
  orcidid: 0000-0003-2765-4074
  surname: Liu
  fullname: Liu, Yuzhou
  email: liuyuzhou@jlu.edu.cn
  organization: College of Computer Science and Technology, Jilin University, Changchun Jilin, 130012, China
– sequence: 2
  givenname: Qi
  surname: Wang
  fullname: Wang, Qi
  organization: College of Computer Science and Technology, Jilin University, Changchun Jilin, 130012, China
– sequence: 3
  givenname: Shuang
  surname: Jiang
  fullname: Jiang, Shuang
  organization: College of Software, Jilin University, Changchun Jilin, 130012, China
– sequence: 4
  givenname: Runze
  surname: Wu
  fullname: Wu, Runze
  organization: College of Computer Science and Technology, Jilin University, Changchun Jilin, 130012, China
– sequence: 5
  givenname: Hongxu
  surname: Tian
  fullname: Tian, Hongxu
  organization: College of Software, Jilin University, Changchun Jilin, 130012, China
– sequence: 6
  givenname: Peng
  surname: Zhang
  fullname: Zhang, Peng
  organization: College of Computer Science and Technology, Jilin University, Changchun Jilin, 130012, China
BookMark eNp9kLtuwzAMRTWkQJO0X9BFP-DU8lMaOhRBX0CKLtkFSqIQGY5USHaK_H3tpHMnEuS9xOVZkYUPHgl5YPmG5ax57DZJOx02RV7U06SsGFuQ5bRps6YqyluySqnL87ypWrYkh8-xH9wxGOip8zbEIwwueGrHdCkh0hTs8AMR6WnsPUZQrnfDmRocUF-0ChIaOjdhOEzyMWqk4A1VzkM8Ux0MpjtyY6FPeP9X12T_-rLfvme7r7eP7fMu04KzjCsGhoMSqAtRtMJwYYUx1qoaVMPRAohCMMuR16htpaAQNaJpObASOZZrUl7P6hhSimjld3THKYVkuZz5yE5e-MiZj7zymVxPVxdOyU4O46xBr9G4OD0pTXD_-n8BO0V3hQ
Cites_doi 10.1016/j.inffus.2024.102748
10.1016/j.cose.2023.103341
10.18653/v1/2022.acl-long.499
10.1145/3289393
10.1016/j.knosys.2025.113341
10.1109/TSE.2024.3421591
10.1145/3654443
10.1016/j.cose.2021.102247
10.1145/3674729
10.1016/j.knosys.2022.110139
10.1109/TSE.2021.3087402
10.1016/j.inffus.2024.102662
10.1016/j.cose.2022.103023
10.1109/TR.2022.3165115
10.1016/j.cose.2024.104059
10.1016/j.ins.2023.03.132
ContentType Journal Article
Copyright 2025 Elsevier B.V.
Copyright_xml – notice: 2025 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.scico.2025.103411
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
ExternalDocumentID 10_1016_j_scico_2025_103411
S0167642325001509
GroupedDBID --K
--M
.DC
.~1
0R~
123
1B1
1RT
1~.
1~5
4.4
457
4G.
5VS
7-5
71M
8P~
9DU
9JN
AAEDT
AAEDW
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AATTM
AAXKI
AAXUO
AAYFN
AAYWO
ABBOA
ABFNM
ABJNI
ABMAC
ABWVN
ABXDB
ACDAQ
ACGFS
ACLOT
ACNNM
ACRLP
ACRPL
ACVFH
ACZNC
ADBBV
ADCNI
ADEZE
ADHUB
ADMUD
ADNMO
ADVLN
AEBSH
AEIPS
AEKER
AENEX
AEUPX
AEXQZ
AFFNX
AFJKZ
AFPUW
AFTJW
AGHFR
AGQPQ
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIGII
AIIUN
AIKHN
AITUG
AKBMS
AKRWK
AKYEP
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ANKPU
AOUOD
APXCP
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFKBS
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-2
G-Q
GBLVA
GBOLZ
HVGLF
HZ~
IHE
IXB
J1W
KOM
LG9
M26
M41
MO0
N9A
O-L
O9-
OAUVE
OK1
OZT
P-8
P-9
P2P
PC.
Q38
R2-
ROL
RPZ
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TN5
WUQ
XPP
ZMT
ZY4
~G-
~HD
AAYXX
CITATION
ID FETCH-LOGICAL-c981-8b1ad8ab9ec29279d89f9ddffb5ab68efaa9291f8e85ecf4ba295eed78a13e8e3
ISSN 0167-6423
IngestDate Thu Nov 27 00:54:52 EST 2025
Wed Dec 10 14:42:30 EST 2025
IsPeerReviewed true
IsScholarly true
Keywords Source codes feature
Multimodal fusion
Software vulnerability detection
Binary codes feature
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c981-8b1ad8ab9ec29279d89f9ddffb5ab68efaa9291f8e85ecf4ba295eed78a13e8e3
ORCID 0000-0003-2765-4074
ParticipantIDs crossref_primary_10_1016_j_scico_2025_103411
elsevier_sciencedirect_doi_10_1016_j_scico_2025_103411
PublicationCentury 2000
PublicationDate May 2026
2026-05-00
PublicationDateYYYYMMDD 2026-05-01
PublicationDate_xml – month: 05
  year: 2026
  text: May 2026
PublicationDecade 2020
PublicationTitle Science of computer programming
PublicationYear 2026
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Ni, Guo, Zhu, Xu, Yang (bib0008) 2024
Bhutamapuram (bib0007) 2023
Tao, Su, Ke, Han, Zheng, Wei (bib0035) 2025; 316
Checkmax
T.N. Kipf, M. Welling, Semi-supervised classification with graph convolutional networks, (2016). arXiv preprint
Rahman, Ceka, Mao, Chakraborty, Ray, Le (bib0050) 2024
Luo, Wang, Wang, Tang, Xie, Zhou, Liu, Lu (bib0033) 2023
Wang, Jia, Peng, Huang, Liu (bib0053) 2023; 125
Tsunoda, Monden, Toda, Tahir, Bennin, Nakasai, Nagura, Matsumoto (bib0018) 2022
Nataraj, Karthikeyan, Jacob, Manjunath (bib0023) 2011
Ali, Ur Rehman, Nawaz, Ali, Abbas (bib0043) 2022
Zhang, Wang, Li, Wang, Li, Liu (bib0002) 2024
Jie, Chen, Wang, Voundi Koe, Li, Huang, Wu, Wang (bib0056) 2023; 636
Jagtap, Katragadda, Satelkar (bib0005) 2022
Zhang, Xu, Zhang, Liu, Chen, Yin, Zheng (bib0052) 2024; 33
Yang, Yang, Wong (bib0047) 2024; 50
Mamede, Pinconschi, Abreu (bib0026) 2023
Chakraborty, Krishna, Ding, Ray (bib0027) 2022; 48
W. Zaremba, Recurrent neural network regularization, (2014). arXiv preprint
Ni, Yin, Yang, Zhao, Xing, Xia (bib0051) 2023
.
Stradowski, Madeyski (bib0006) 2024
Cao, Sun, Wu, Lo, Bo, Li, Liu, Lin, Liu (bib0012) 2024
Wu, Ling, Duan, Luo, Yang (bib0021) 2024
Chen, Hu, Yu, Chen, Xuan, Liu, Filkov (bib0030) 2020
Öztürk (bib0032) 2024; 146
Iannone, Sellitto, Iaccarino, Ferrucci, De Lucia, Palomba (bib0004) 2024; 33
Zhao, Srivastava, Peng, Chen (bib0037) 2019; 15
Tran, Tran, Le (bib0014) 2025; 163
Zhou, Liu, Siow, Du, Liu (bib0028) 2019
Wen, Chen, Gao, Zhang, Zhang, Liao (bib0031) 2023
Yuan, Lu, Fang, Wu, Zou, Li, Li, Jin (bib0011) 2023
Hussain, Ibrahim (bib0019) 2022
Khanna, Agarwal, Rahul (bib0046) 2022
Li, Liu, Liu, Liu (bib0013) 2025; 114
ChatGPT
Yu, Rao, Liu, Lin, Hu, Keung, Zhou, Xiang (bib0045) 2024; 165
Wang, Tang, Tan, Wang, Liu, Fang, Xia, Wang (bib0055) 2024
Li, Wang, Nguyen (bib0009) 2021
Liu, Wang, Xu, Sun, Zhang, Li, Guo (bib0010) 2025; 115
FlawFinder
Wen, Wang, Gao, Wang, Liu, Gu (bib0020) 2024
D. Guo, S. Lu, N. Duan, Y. Wang, M. Zhou, J. Yin, Unixcoder: unified cross-modal pre-training for code representation, (2022). arXiv preprint
Zhao, Huang, Dai (bib0054) 2023; 260
Pinhero, M L, Vinod, Visaggio, Aneesh, Abhijith, AnanthaKrishnan (bib0022) 2021; 105
Pradhan, Muduli (bib0044) 2023
Dataset
Tao, Su, Wan, Wei, Zheng (bib0034) 2023; 132
Weng, Qin, Lin, Liu, Chen (bib0049) 2024
Chen, Sun, Gong, Hao (bib0025) 2024
Song, Minku, Teng, Yao (bib0003) 2023
Fortify
A. Dosovitskiy, An image is worth 16x16 words: transformers for image recognition at scale, (2020). arXiv preprint
Cho, van Merriënboer, Gulcehre, Bahdanau, Bougares, Schwenk, Bengio (bib0038) 2014
Wu, Liu, Xiao, Li, Sun, Lin (bib0024) 2023
Fang, Liu, Liu (bib0048) 2022; 71
Stradowski, Madeyski (bib0001) 2024
Zhou (10.1016/j.scico.2025.103411_bib0028) 2019
Fang (10.1016/j.scico.2025.103411_bib0048) 2022; 71
Li (10.1016/j.scico.2025.103411_bib0009) 2021
Weng (10.1016/j.scico.2025.103411_bib0049) 2024
Mamede (10.1016/j.scico.2025.103411_bib0026) 2023
Chen (10.1016/j.scico.2025.103411_bib0030) 2020
10.1016/j.scico.2025.103411_bib0016
10.1016/j.scico.2025.103411_bib0015
10.1016/j.scico.2025.103411_bib0017
Zhao (10.1016/j.scico.2025.103411_bib0037) 2019; 15
Cho (10.1016/j.scico.2025.103411_bib0038) 2014
Bhutamapuram (10.1016/j.scico.2025.103411_bib0007) 2023
Yuan (10.1016/j.scico.2025.103411_bib0011) 2023
Pradhan (10.1016/j.scico.2025.103411_bib0044) 2023
Liu (10.1016/j.scico.2025.103411_bib0010) 2025; 115
Wang (10.1016/j.scico.2025.103411_bib0055) 2024
Stradowski (10.1016/j.scico.2025.103411_bib0001) 2024
Stradowski (10.1016/j.scico.2025.103411_bib0006) 2024
Rahman (10.1016/j.scico.2025.103411_bib0050) 2024
Ni (10.1016/j.scico.2025.103411_bib0051) 2023
Chakraborty (10.1016/j.scico.2025.103411_bib0027) 2022; 48
10.1016/j.scico.2025.103411_bib0029
Tsunoda (10.1016/j.scico.2025.103411_bib0018) 2022
Tran (10.1016/j.scico.2025.103411_bib0014) 2025; 163
Zhao (10.1016/j.scico.2025.103411_bib0054) 2023; 260
Pinhero (10.1016/j.scico.2025.103411_bib0022) 2021; 105
Wu (10.1016/j.scico.2025.103411_bib0021) 2024
Chen (10.1016/j.scico.2025.103411_bib0025) 2024
Khanna (10.1016/j.scico.2025.103411_bib0046) 2022
Li (10.1016/j.scico.2025.103411_bib0013) 2025; 114
Luo (10.1016/j.scico.2025.103411_sbref0029) 2023
Öztürk (10.1016/j.scico.2025.103411_bib0032) 2024; 146
Wu (10.1016/j.scico.2025.103411_bib0024) 2023
10.1016/j.scico.2025.103411_bib0039
Wang (10.1016/j.scico.2025.103411_bib0053) 2023; 125
Nataraj (10.1016/j.scico.2025.103411_bib0023) 2011
10.1016/j.scico.2025.103411_bib0036
10.1016/j.scico.2025.103411_bib0041
Wen (10.1016/j.scico.2025.103411_bib0031) 2023
10.1016/j.scico.2025.103411_bib0040
10.1016/j.scico.2025.103411_bib0042
Tao (10.1016/j.scico.2025.103411_bib0035) 2025; 316
Yang (10.1016/j.scico.2025.103411_bib0047) 2024; 50
Song (10.1016/j.scico.2025.103411_bib0003) 2023
Yu (10.1016/j.scico.2025.103411_bib0045) 2024; 165
Ali (10.1016/j.scico.2025.103411_bib0043) 2022
Tao (10.1016/j.scico.2025.103411_bib0034) 2023; 132
Hussain (10.1016/j.scico.2025.103411_bib0019) 2022
Ni (10.1016/j.scico.2025.103411_bib0008) 2024
Zhang (10.1016/j.scico.2025.103411_bib0052) 2024; 33
Jie (10.1016/j.scico.2025.103411_bib0056) 2023; 636
Cao (10.1016/j.scico.2025.103411_bib0012) 2024
Zhang (10.1016/j.scico.2025.103411_bib0002) 2024
Wen (10.1016/j.scico.2025.103411_bib0020) 2024
Jagtap (10.1016/j.scico.2025.103411_bib0005) 2022
Iannone (10.1016/j.scico.2025.103411_bib0004) 2024; 33
References_xml – year: 2024
  ident: bib0025
  article-title: Improving smart contract security with contrastive learning-based vulnerability detection
  publication-title: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering
– reference: ChatGPT, (
– start-page: 1911
  year: 2024
  end-page: 1918
  ident: bib0008
  article-title: Function-level vulnerability detection through fusing multi-Modal knowledge
  publication-title: Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering
– volume: 50
  start-page: 2054
  year: 2024
  end-page: 2076
  ident: bib0047
  article-title: Multi-objective software defect prediction via multi-source uncertain information fusion and multi-task multi-view learning
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 115
  year: 2024
  end-page: 124
  ident: bib0049
  article-title: MatsVD: boosting statement-level vulnerability detection via dependency-based attention
  publication-title: Proceedings of the 15th Asia-Pacific Symposium on Internetware
– reference: ).
– reference: Fortify, (
– start-page: 1
  year: 2022
  end-page: 7
  ident: bib0005
  article-title: Software reliability: development of software defect prediction models using advanced techniques
  publication-title: 2022 Annual Reliability and Maintainability Symposium (RAMS)
– start-page: 1098
  year: 2024
  end-page: 1110
  ident: bib0006
  article-title: Bridging the gap between academia and industry in machine learning software defect prediction: thirteen considerations
  publication-title: Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering
– start-page: 259
  year: 2023
  end-page: 263
  ident: bib0007
  article-title: Some investigations of machine learning models for software defects
  publication-title: Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings
– start-page: 1369
  year: 2022
  end-page: 1373
  ident: bib0046
  article-title: Software change prediction using ensemble learning on object oriented metrics
  publication-title: 2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS)
– start-page: 1611
  year: 2023
  end-page: 1622
  ident: bib0051
  article-title: Distinguishing look-alike innocent and vulnerable code by subtle semantic representation learning and explanation
  publication-title: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
– volume: 33
  year: 2024
  ident: bib0052
  article-title: DSHGT: dual-supervisors heterogeneous graph transformer–a pioneer study of using heterogeneous graph learning for detecting software vulnerabilities
  publication-title: ACM Trans. Softw. Eng. Methodol.
– volume: 636
  year: 2023
  ident: bib0056
  article-title: A novel extended multimodal AI framework towards vulnerability detection in smart contracts
  publication-title: Inf. Sci.
– year: 2011
  ident: bib0023
  article-title: Malware images: visualization and automatic classification
  publication-title: Proceedings of the 8th International Symposium on Visualization for Cyber Security
– reference: D. Guo, S. Lu, N. Duan, Y. Wang, M. Zhou, J. Yin, Unixcoder: unified cross-modal pre-training for code representation, (2022). arXiv preprint
– volume: 15
  start-page: 1
  year: 2019
  end-page: 27
  ident: bib0037
  article-title: Long short-term memory network design for analog computing
  publication-title: ACM J. Emerg. Technol. Comput. Syst.
– year: 2024
  ident: bib0050
  article-title: Towards causal deep learning for vulnerability detection
  publication-title: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering
– start-page: 670
  year: 2022
  end-page: 681
  ident: bib0018
  article-title: Using bandit algorithms for selecting feature reduction techniques in software defect prediction
  publication-title: Proceedings of the 19th International Conference on Mining Software Repositories
– reference: FlawFinder, (
– start-page: 1
  year: 2022
  end-page: 5
  ident: bib0043
  article-title: An ensemble model for software defect prediction
  publication-title: 2022 2nd International Conference on Digital Futures and Transformative Technologies (ICoDT2)
– start-page: 1
  year: 2023
  end-page: 6
  ident: bib0044
  article-title: Software defect prediction model using adaboost based random forest technique
  publication-title: 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)
– volume: 114
  year: 2025
  ident: bib0013
  article-title: Detecting android malware: a multimodal fusion method with fine-grained feature
  publication-title: Inf. Fus.
– volume: 125
  year: 2023
  ident: bib0053
  article-title: Binvuldet: detecting vulnerability in binary program via decompiled pseudo code and biLSTM-attention
  publication-title: Comput. Secur.
– volume: 115
  year: 2025
  ident: bib0010
  article-title: Vul-LMGNNs: fusing language models and online-distilled graph neural networks for code vulnerability detection
  publication-title: Inf. Fus.
– start-page: 2262
  year: 2023
  end-page: 2274
  ident: bib0011
  article-title: Enhancing deep learning-based vulnerability detection by building behavior graph model
  publication-title: Proceedings of the 45th International Conference on Software Engineering
– start-page: 345
  year: 2024
  end-page: 357
  ident: bib0020
  article-title: When less is enough: positive and unlabeled learning model for vulnerability detection
  publication-title: Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering
– start-page: 292
  year: 2021
  end-page: 303
  ident: bib0009
  article-title: Vulnerability detection with fine-grained interpretations
  publication-title: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
– reference: T.N. Kipf, M. Welling, Semi-supervised classification with graph convolutional networks, (2016). arXiv preprint
– year: 2023
  ident: bib0033
  article-title: Vulhawk: cross-architecture vulnerability detection with entropy-based binary code search
– reference: W. Zaremba, Recurrent neural network regularization, (2014). arXiv preprint
– volume: 105
  year: 2021
  ident: bib0022
  article-title: Malware detection employed by visualization and deep neural network
  publication-title: Comput. Secur.
– start-page: 1371
  year: 2023
  end-page: 1383
  ident: bib0024
  article-title: Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing
  publication-title: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
– reference: Checkmax, (
– start-page: 413
  year: 2022
  end-page: 420
  ident: bib0019
  article-title: Empirical investigation of role of meta-learning approaches for the improvement of software development process via software fault prediction
  publication-title: Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering
– reference: A. Dosovitskiy, An image is worth 16x16 words: transformers for image recognition at scale, (2020). arXiv preprint
– start-page: 1724
  year: 2014
  end-page: 1734
  ident: bib0038
  article-title: Learning phrase representations using RNN encoder–decoder for statistical machine translation
  publication-title: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP)
– volume: 71
  start-page: 512
  year: 2022
  end-page: 526
  ident: bib0048
  article-title: Gated homogeneous fusion networks with jointed feature extraction for defect prediction
  publication-title: IEEE Trans. Reliab.
– volume: 48
  start-page: 3280
  year: 2022
  end-page: 3296
  ident: bib0027
  article-title: Deep learning based vulnerability detection: are we there yet?
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 605
  year: 2023
  end-page: 617
  ident: bib0003
  article-title: A practical human labeling method for online just-in-time software defect prediction
  publication-title: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
– start-page: 92
  year: 2024
  end-page: 103
  ident: bib0001
  article-title: Costs and benefits of machine learning software defect prediction: industrial case study
  publication-title: In Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering, FSE 2024
– start-page: 1932
  year: 2024
  end-page: 1944
  ident: bib0002
  article-title: Vuladvisor: natural language suggestion generation for software vulnerability repair
  publication-title: In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, ASE ’24
– year: 2024
  ident: bib0055
  article-title: Combining structured static code information and dynamic symbolic traces for software vulnerability prediction
  publication-title: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering
– reference: .
– reference: Dataset, (
– volume: 163
  year: 2025
  ident: bib0014
  article-title: DetectVul: a statement-level code vulnerability detection for python
  publication-title: Fut. Gen. Comput. Syst.
– volume: 132
  year: 2023
  ident: bib0034
  article-title: Vulnerability detection through cross-modal feature enhancement and fusion
  publication-title: Comput. Secur.
– volume: 316
  year: 2025
  ident: bib0035
  article-title: Transformer-based statement level vulnerability detection by cross-modal fine-grained features capture
  publication-title: Knowl. Based Syst.
– volume: 260
  year: 2023
  ident: bib0054
  article-title: VULDEFF: vulnerability detection method based on function fingerprints and code differences
  publication-title: Knowl. Based Syst.
– start-page: 2275
  year: 2023
  end-page: 2286
  ident: bib0031
  article-title: Vulnerability detection with graph simplification and enhanced graph representation learning
  publication-title: 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)
– volume: 165
  year: 2024
  ident: bib0045
  article-title: Improving effort-aware defect prediction by directly learning to rank software modules
  publication-title: Inf. Softw. Technol.
– volume: 33
  year: 2024
  ident: bib0004
  article-title: Early and realistic exploitability prediction of just-disclosed software vulnerabilities: how reliable can it be?
  publication-title: ACM Trans. Softw. Eng. Methodol.
– start-page: 606
  year: 2024
  end-page: 618
  ident: bib0012
  article-title: Snopy: bridging sample denoising with causal graph learning for effective vulnerability detection
  publication-title: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering
– start-page: 578
  year: 2020
  end-page: 589
  ident: bib0030
  article-title: Software visualization and deep transfer learning for effective software defect prediction
  publication-title: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering
– start-page: 323
  year: 2024
  end-page: 332
  ident: bib0021
  article-title: VulDL: tree-based and graph-based neural networks for vulnerability detection and localization
  publication-title: Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering
– year: 2019
  ident: bib0028
  article-title: Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks
– year: 2023
  ident: bib0026
  article-title: A transformer-based IDE plugin for vulnerability detection
  publication-title: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering
– volume: 146
  year: 2024
  ident: bib0032
  article-title: A cosine similarity-based labeling technique for vulnerability type detection using source codes
  publication-title: Comput. Secur.
– volume: 115
  year: 2025
  ident: 10.1016/j.scico.2025.103411_bib0010
  article-title: Vul-LMGNNs: fusing language models and online-distilled graph neural networks for code vulnerability detection
  publication-title: Inf. Fus.
  doi: 10.1016/j.inffus.2024.102748
– year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0050
  article-title: Towards causal deep learning for vulnerability detection
– start-page: 413
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0019
  article-title: Empirical investigation of role of meta-learning approaches for the improvement of software development process via software fault prediction
– year: 2023
  ident: 10.1016/j.scico.2025.103411_sbref0029
– volume: 163
  year: 2025
  ident: 10.1016/j.scico.2025.103411_bib0014
  article-title: DetectVul: a statement-level code vulnerability detection for python
  publication-title: Fut. Gen. Comput. Syst.
– start-page: 1371
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0024
  article-title: Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing
– volume: 132
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0034
  article-title: Vulnerability detection through cross-modal feature enhancement and fusion
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2023.103341
– start-page: 2275
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0031
  article-title: Vulnerability detection with graph simplification and enhanced graph representation learning
– ident: 10.1016/j.scico.2025.103411_bib0040
– ident: 10.1016/j.scico.2025.103411_bib0029
– start-page: 345
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0020
  article-title: When less is enough: positive and unlabeled learning model for vulnerability detection
– ident: 10.1016/j.scico.2025.103411_bib0016
  doi: 10.18653/v1/2022.acl-long.499
– start-page: 92
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0001
  article-title: Costs and benefits of machine learning software defect prediction: industrial case study
– ident: 10.1016/j.scico.2025.103411_bib0015
– year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0026
  article-title: A transformer-based IDE plugin for vulnerability detection
– volume: 15
  start-page: 1
  issue: 1
  year: 2019
  ident: 10.1016/j.scico.2025.103411_bib0037
  article-title: Long short-term memory network design for analog computing
  publication-title: ACM J. Emerg. Technol. Comput. Syst.
  doi: 10.1145/3289393
– start-page: 1724
  year: 2014
  ident: 10.1016/j.scico.2025.103411_bib0038
  article-title: Learning phrase representations using RNN encoder–decoder for statistical machine translation
– start-page: 1369
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0046
  article-title: Software change prediction using ensemble learning on object oriented metrics
– start-page: 115
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0049
  article-title: MatsVD: boosting statement-level vulnerability detection via dependency-based attention
– start-page: 1611
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0051
  article-title: Distinguishing look-alike innocent and vulnerable code by subtle semantic representation learning and explanation
– year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0055
  article-title: Combining structured static code information and dynamic symbolic traces for software vulnerability prediction
– volume: 316
  year: 2025
  ident: 10.1016/j.scico.2025.103411_bib0035
  article-title: Transformer-based statement level vulnerability detection by cross-modal fine-grained features capture
  publication-title: Knowl. Based Syst.
  doi: 10.1016/j.knosys.2025.113341
– year: 2011
  ident: 10.1016/j.scico.2025.103411_bib0023
  article-title: Malware images: visualization and automatic classification
– start-page: 1
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0005
  article-title: Software reliability: development of software defect prediction models using advanced techniques
– ident: 10.1016/j.scico.2025.103411_bib0017
– ident: 10.1016/j.scico.2025.103411_bib0042
– volume: 50
  start-page: 2054
  issue: 8
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0047
  article-title: Multi-objective software defect prediction via multi-source uncertain information fusion and multi-task multi-view learning
  publication-title: IEEE Trans. Softw. Eng.
  doi: 10.1109/TSE.2024.3421591
– year: 2019
  ident: 10.1016/j.scico.2025.103411_bib0028
– volume: 33
  issue: 6
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0004
  article-title: Early and realistic exploitability prediction of just-disclosed software vulnerabilities: how reliable can it be?
  publication-title: ACM Trans. Softw. Eng. Methodol.
  doi: 10.1145/3654443
– start-page: 323
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0021
  article-title: VulDL: tree-based and graph-based neural networks for vulnerability detection and localization
– volume: 105
  year: 2021
  ident: 10.1016/j.scico.2025.103411_bib0022
  article-title: Malware detection employed by visualization and deep neural network
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2021.102247
– ident: 10.1016/j.scico.2025.103411_bib0036
– start-page: 670
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0018
  article-title: Using bandit algorithms for selecting feature reduction techniques in software defect prediction
– start-page: 605
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0003
  article-title: A practical human labeling method for online just-in-time software defect prediction
– volume: 33
  issue: 8
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0052
  article-title: DSHGT: dual-supervisors heterogeneous graph transformer–a pioneer study of using heterogeneous graph learning for detecting software vulnerabilities
  publication-title: ACM Trans. Softw. Eng. Methodol.
  doi: 10.1145/3674729
– ident: 10.1016/j.scico.2025.103411_bib0039
– start-page: 1
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0043
  article-title: An ensemble model for software defect prediction
– start-page: 292
  year: 2021
  ident: 10.1016/j.scico.2025.103411_bib0009
  article-title: Vulnerability detection with fine-grained interpretations
– volume: 165
  issue: C
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0045
  article-title: Improving effort-aware defect prediction by directly learning to rank software modules
  publication-title: Inf. Softw. Technol.
– volume: 260
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0054
  article-title: VULDEFF: vulnerability detection method based on function fingerprints and code differences
  publication-title: Knowl. Based Syst.
  doi: 10.1016/j.knosys.2022.110139
– start-page: 2262
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0011
  article-title: Enhancing deep learning-based vulnerability detection by building behavior graph model
– volume: 48
  start-page: 3280
  issue: 9
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0027
  article-title: Deep learning based vulnerability detection: are we there yet?
  publication-title: IEEE Trans. Softw. Eng.
  doi: 10.1109/TSE.2021.3087402
– start-page: 606
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0012
  article-title: Snopy: bridging sample denoising with causal graph learning for effective vulnerability detection
– volume: 114
  year: 2025
  ident: 10.1016/j.scico.2025.103411_bib0013
  article-title: Detecting android malware: a multimodal fusion method with fine-grained feature
  publication-title: Inf. Fus.
  doi: 10.1016/j.inffus.2024.102662
– ident: 10.1016/j.scico.2025.103411_bib0041
– volume: 125
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0053
  article-title: Binvuldet: detecting vulnerability in binary program via decompiled pseudo code and biLSTM-attention
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2022.103023
– start-page: 1932
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0002
  article-title: Vuladvisor: natural language suggestion generation for software vulnerability repair
– year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0025
  article-title: Improving smart contract security with contrastive learning-based vulnerability detection
– start-page: 1098
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0006
  article-title: Bridging the gap between academia and industry in machine learning software defect prediction: thirteen considerations
– start-page: 1911
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0008
  article-title: Function-level vulnerability detection through fusing multi-Modal knowledge
– start-page: 578
  year: 2020
  ident: 10.1016/j.scico.2025.103411_bib0030
  article-title: Software visualization and deep transfer learning for effective software defect prediction
– volume: 71
  start-page: 512
  issue: 2
  year: 2022
  ident: 10.1016/j.scico.2025.103411_bib0048
  article-title: Gated homogeneous fusion networks with jointed feature extraction for defect prediction
  publication-title: IEEE Trans. Reliab.
  doi: 10.1109/TR.2022.3165115
– volume: 146
  year: 2024
  ident: 10.1016/j.scico.2025.103411_bib0032
  article-title: A cosine similarity-based labeling technique for vulnerability type detection using source codes
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2024.104059
– start-page: 259
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0007
  article-title: Some investigations of machine learning models for software defects
– start-page: 1
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0044
  article-title: Software defect prediction model using adaboost based random forest technique
– volume: 636
  year: 2023
  ident: 10.1016/j.scico.2025.103411_bib0056
  article-title: A novel extended multimodal AI framework towards vulnerability detection in smart contracts
  publication-title: Inf. Sci.
  doi: 10.1016/j.ins.2023.03.132
SSID ssj0006471
Score 2.4292567
Snippet •The study detects software vulnerability based on both source and binary codes.•A novel fusion strategy is designed to accommodate the characteristics of two...
SourceID crossref
elsevier
SourceType Index Database
Publisher
StartPage 103411
SubjectTerms Binary codes feature
Multimodal fusion
Software vulnerability detection
Source codes feature
Title Multimodal information fusion for software vulnerability detection based on both source and binary codes
URI https://dx.doi.org/10.1016/j.scico.2025.103411
Volume 250
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  issn: 0167-6423
  databaseCode: AIEXJ
  dateStart: 20211211
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: false
  ssIdentifier: ssj0006471
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV07b9swECZcu0OXNn0hSZOAQzdXhfWgRY5BkKLJELSFgXoTSJGCbTiSYVtukrG_vEdSlOTWMJKhiyAQJi3oPh3vjt_dIfSRkDQII8nhS-PCi7gKPZrqI3YemWonEZHSNJuIb27oeMy-dTq_XS7MZh7nOb27Y4v_KmoYA2Hr1NkniLteFAbgHoQOVxA7XB8leJNSe1tIU02jzk3sZ-XKsQpXoHp_acbXppzrotOGH3vfl2qtbONwvbVJfYwgCk1gN_F9c8ogbPauzoNftc1apyEqjrpuE-GYX7dub9Ssn2lpVH75MCnKJpRv1c33ac3mmbog9qTkzeyfZvKPMn9Q7VhFMGyYgS58CWoZPJ6wrX8DW3m20qD-APZVf6dyt3GGGbj98JGAax-Qz82vt0tp_7XF1cRDx2mbJWaRRC-S2EWeoV4QE0a7qHd-dTm-rvfzoXXb62d3tasMS_CfZ9lt37RsltEBelk5G_jcguQ16qj8DXrlGnngSmpv0aTBDG5hBlvMYBjADjN4CzO4xgw2mMH6BjCDLWYwYAZbzGCDmXdo9OVydPHVq1pweCmjvkeFzyXlgqk0YEHMJGUZkzLLBOFiSFXGOZjXfkYVJSrNIsEDRsDqiin3Q0VV-B518yJXhwiDmZgp7nPFIhERFTIxEHEkRAoefwx-wxH65N5bsrCFVpI90jpCQ_duk8pWtDZgAmjZN_H4af_zAb1ogHyCuutlqU7R83Sznq6WZxVU_gCVsJGL
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Multimodal+information+fusion+for+software+vulnerability+detection+based+on+both+source+and+binary+codes&rft.jtitle=Science+of+computer+programming&rft.au=Liu%2C+Yuzhou&rft.au=Wang%2C+Qi&rft.au=Jiang%2C+Shuang&rft.au=Wu%2C+Runze&rft.date=2026-05-01&rft.issn=0167-6423&rft.volume=250&rft.spage=103411&rft_id=info:doi/10.1016%2Fj.scico.2025.103411&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_scico_2025_103411
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-6423&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-6423&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-6423&client=summon