Focus on What Matters: Fisher-Guided Adaptive Multimodal Fusion for Vulnerability Detection

TL;DR

This paper introduces a Fisher-guided adaptive multimodal fusion method for vulnerability detection that selectively combines code representations based on task relevance, improving accuracy and efficiency.

Contribution

It proposes a novel Fisher information-based fusion strategy and the TaCCS-DFA framework, addressing limitations of naive multimodal fusion in vulnerability detection.

Findings

Achieved up to 6.3-point F1 score improvement on benchmarks.

Reduced inference latency by 3.4% compared to baseline methods.

Maintained low calibration error with the proposed approach.

Abstract

Software vulnerability detection can be formulated as a binary classification problem that determines whether a given code snippet contains security defects. Existing multimodal methods typically fuse Natural Code Sequence (NCS) representations extracted by pretrained models with Code Property Graph (CPG) representations extracted by graph neural networks, under the implicit assumption that introducing an additional modality necessarily yields information gain. Through empirical analysis, we demonstrate the limitations of this assumption: pretrained models already encode substantial structural information implicitly, leading to strong overlap between the two modalities; moreover, graph encoders are generally less effective than pretrained language models in feature extraction. As a result, naive fusion not only struggles to obtain complementary signals but can also dilute effective discriminative cues due to noise propagation. To address these challenges, we propose a task-conditioned complementary fusion strategy that uses Fisher information to quantify task relevance, transforming cross-modal interaction from full-spectrum matching into selective fusion within a task-sensitive subspace. Our theoretical analysis shows that, under an isotropic perturbation assumption, this strategy significantly tightens the upper bound on the output error. Based on this insight, we design the TaCCS-DFA framework, which combines online low-rank Fisher subspace estimation with an adaptive gating mechanism to enable efficient task-oriented fusion. Experiments on the BigVul, Devign, and ReVeal benchmarks demonstrate that TaCCS-DFA delivers up to a 6.3-point gain in F1 score with only a 3.4% increase in inference latency, while maintaining low calibration error.