TL;DR
DCVD is a novel framework that jointly detects software vulnerabilities at the function level and localizes the specific lines responsible by leveraging dual-channel cross-modal features and explicit supervision.
Contribution
It introduces a unified dual-channel approach with cross-modal alignment and explicit supervision for improved vulnerability detection and localization.
Findings
Outperforms state-of-the-art methods on real-world benchmarks.
Effectively bridges cross-modal representation gaps.
Achieves high accuracy in both detection and localization tasks.
Abstract
Software vulnerability detection plays a critical role in ensuring system security, where real-world auditing requires not only determining whether a function is vulnerable but also pinpointing the specific lines responsible. However, existing approaches either rely on a single information source -- sequential, structural, or semantic -- failing to jointly exploit the complementary strengths across modalities, or treat statement-level localization merely as a byproduct of function-level detection without explicit line-level supervision. To address these limitations, we propose DCVD (Dual-Channel Cross-Modal Vulnerability Detection), a unified framework that performs joint function-level detection and statement-level localization. DCVD extracts control-dependency and semantic features through two parallel branches and integrates them via contrastive alignment coupled with bidirectional…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
