TFHSVul: A Fine-Grained Hybrid Semantic Vulnerability Detection Method Based on Self-Attention Mechanism in IoT

Download PDF
Open Webpage

Lijuan Xu, Baolong An, Xin Li, Dawei Zhao, Haipeng Peng, Weizhao Song, Fenghua Tong, Xiaohui Han

Published: 01 Jan 2025, Last Modified: 04 Nov 2025IEEE Internet Things J. 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Current vulnerability detection methods encounter challenges, such as inadequate feature representation, constrained feature extraction capabilities, and coarse-grained detection. To address these issues, we propose a fine-grained hybrid semantic vulnerability detection framework based on Transformer, named TFHSVul. Initially, the source code is transformed into sequential and graph-based representations to capture multilevel features, thereby solving the problem of insufficient information caused by a single intermediate representation. To enhance feature extraction capabilities, TFHSVul integrates multiscale fusion convolutional neural network, residual graph convolutional network, and pretrained language model into the core architecture, significantly boosting performance. We design a fine-grained detection method based on a self-attention mechanism, achieving statement-level detection to address the issue of coarse detection granularity. In comparison to existing baseline methods on public data sets, TFHSVul achieves a 0.58 improvement in F1 score at the function level compared to the best performing model. Moreover, it demonstrates a 10% enhancement in Top-10 accuracy at the statement-level detection compared to the best performing method.