Learning Generalizable Multimodal Representations for Software Vulnerability Detection

TL;DR

This paper introduces MultiVul, a multimodal contrastive learning framework that aligns code and comment representations to improve software vulnerability detection across large language models.

Contribution

It presents a novel multimodal contrastive approach that leverages code-comment pairs to enhance vulnerability detection and generalization.

Findings

Achieves up to 27.07% F1 improvement over prompting-based methods.

Outperforms code-only fine-tuning by 13.37% in F1 score.

Maintains comparable inference efficiency.

Abstract

Source code and its accompanying comments are complementary yet naturally aligned modalities-code encodes structural logic while comments capture developer intent. However, existing vulnerability detection methods mostly rely on single-modality code representations, overlooking the complementary semantic information embedded in comments and thus limiting their generalization across complex code structures and logical relationships. To address this, we propose MultiVul, a multimodal contrastive framework that aligns code and comment representations through dual similarity learning and consistency regularization, augmented with diverse code-text pairs to improve robustness. Experiments on widely adopted DiverseVul and Devign datasets across four large language models (LLMs) (i.e., DeepSeek-Coder-6.7B, Qwen2.5-Coder-7B, StarCoder2-7B, and CodeLlama-7B) show that MultiVul achieves up to 27.07% F1 improvement over prompting-based methods and 13.37% over code-only Fine-Tuning, while maintaining comparable inference efficiency.