TFHSVul:A Fine-Grained Hybrid Semantic Vulnerability Detection Method Based on Self-Attention Mechanism in IOT

Current vulnerability detection methods encounter challenges such as inadequate feature representation, constrained feature extraction capabilities, and coarse-grained detection. To address these issues, we propose a fine-grained hybrid semantic vulnerability detection framework based on Transformer, named TFHSVul. Initially, the source code is transformed into sequential and graph-based representations to capture multi-level features, thereby solving the problem of insufficient information caused by a single intermediate representation. To enhance feature extraction capabilities, TFHSVul integrates multi-scale fusion convolutional neural network, residual graph convolutional network, and pre-trained language model into the core architecture, significantly boosting performance. We design a fine-grained detection method based on a self-attention mechanism, achieving statement-level detection to address the issue of coarse detection granularity. In comparison to existing baseline methods on public datasets, TFHSVul achieves a 0.58 improvement in F1 score at the function level compared to the best performing model. Moreover, it demonstrates a 10% enhancement in Top-10 accuracy at the statement level detection compared to the best performing method.