Vulnerability detection is crucial for ensuring the security and reliability of software systems. Although Graph Neural Networks (GNNs) can extract the underlying semantics and logic of code, their complexity often leads to confusion between semantics and logic, posing significant challenges in terms of interpretability. To achieve precise vulnerability detection and traceability, two key tasks must be accomplished: (1) disentangling complex semantic-logical relationships, and (2) constructing causal explanations. To address these challenges, this paper introduces a Hierarchical Masked Autoencoder Counterfactual Reasoning (HMACR) strategy for vulnerability detection. The proposed method disentangles intricate semantic-logical relationships through node and edge modeling and generates multi-level causal relationships using an attention-guided masked autoencoder. Finally, it imposes increasingly fine-grained constraints on causal queries based on counterfactual perturbations. Experiments demonstrate that HMACR significantly outperforms strong baselines on mainstream vulnerability detection datasets.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hierarchical Attention-Guided MAE for Counterfactual Reasoning in Vulnerability Detection

  • Di Gao,
  • Weiqing Huang,
  • Chonghui Zheng,
  • Ou Wu

摘要

Vulnerability detection is crucial for ensuring the security and reliability of software systems. Although Graph Neural Networks (GNNs) can extract the underlying semantics and logic of code, their complexity often leads to confusion between semantics and logic, posing significant challenges in terms of interpretability. To achieve precise vulnerability detection and traceability, two key tasks must be accomplished: (1) disentangling complex semantic-logical relationships, and (2) constructing causal explanations. To address these challenges, this paper introduces a Hierarchical Masked Autoencoder Counterfactual Reasoning (HMACR) strategy for vulnerability detection. The proposed method disentangles intricate semantic-logical relationships through node and edge modeling and generates multi-level causal relationships using an attention-guided masked autoencoder. Finally, it imposes increasingly fine-grained constraints on causal queries based on counterfactual perturbations. Experiments demonstrate that HMACR significantly outperforms strong baselines on mainstream vulnerability detection datasets.