Attention-Based Code Summarization for Multi-label Vulnerability Detection

Download PDF
Open Webpage

Maksuda Bilkis Baby, Md. Atabuzzaman, Md Shajalal, Gunnar Stevens

Published: 2025, Last Modified: 07 Dec 2025CANS 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Vulnerabilities in source code can lead to a wide range of issues, such as privacy and security breaches, system crashes, data leaks, and unpredictable application behavior. These problems typically arise from improper handling of inputs, memory, or access control mechanisms. To address these challenges, we propose a novel Attention-based Code Summarization (ACS) approach for multi-label vulnerability detection in source code. Unlike traditional methods that are limited to binary or multi-class classification, our approach is designed to identify multiple types of vulnerabilities within a single code snippet—an essential capability, as real-world software often contains more than one vulnerability. Our method introduces a specialized, security-focused attention mechanism that utilizes vulnerability-specific queries to generate targeted representations for each vulnerability type. By extending pre-trained code models with a hierarchical summarization framework, we enable the creation of specialized representations tailored to different vulnerability categories. This design ensures a balance between general code understanding and precise vulnerability detection. Extensive evaluations on a multi-label vulnerability dataset show that our model outperforms existing baselines, especially for buffer-related vulnerabilities (e.g., CWE-119, CWE-120) and other complex security issues. Through comprehensive ablation studies, we validate the individual contributions of each architectural component, demonstrating the synergistic effects of our vulnerability-specific attention, security-focused summarization, and adaptive gating mechanisms. Furthermore, the attention visualization component of our model provides explainable outputs, helping security teams identify and understand the root causes of detected vulnerabilities. By enabling efficient and simultaneous detection of multiple vulnerability types, our approach significantly reduces the effort and time required to analyze and secure software systems.