{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T10:49:52Z","timestamp":1774349392741,"version":"3.50.1"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T00:00:00Z","timestamp":1774310400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T00:00:00Z","timestamp":1774310400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"the Key Research and Development Program of Gansu Province","award":["25YFFA089"],"award-info":[{"award-number":["25YFFA089"]}]},{"name":"the Industry Support Fund of Education Department of Gansu Province","award":["2022CYZC-38"],"award-info":[{"award-number":["2022CYZC-38"]}]},{"DOI":"10.13039\/501100001809","name":"the National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["61762058"],"award-info":[{"award-number":["61762058"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1007\/s11219-026-09748-5","type":"journal-article","created":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T08:19:10Z","timestamp":1774340350000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Exploring extended Abstract Syntax Tree encoding for enhancing code vulnerability detection"],"prefix":"10.1007","volume":"34","author":[{"given":"Xuejun","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Yifan","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Meifeng","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Zhuo","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,3,24]]},"reference":[{"key":"9748_CR1","doi-asserted-by":"publisher","first-page":"103469","DOI":"10.1016\/j.cose.2023.103469","volume":"134","author":"W Bolun","year":"2023","unstructured":"Bolun, W., Zou, F., Yi, P., Yue, W., & Zhang, L. (2023). SlicedLocator: code vulnerability locator based on sliced dependence graph. Computers and Security, 134, 103469.","journal-title":"Computers and Security"},{"key":"9748_CR2","doi-asserted-by":"publisher","first-page":"3280","DOI":"10.1109\/TSE.2021.3087402","volume":"48","author":"S Chakraborty","year":"2020","unstructured":"Chakraborty, S., Krishna, R., Ding, Y., & Ray, B. (2020). Deep learning based vulnerability detection: are we there yet? IEEE Transactions on Software Engineering, 48, 3280\u20133296.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9748_CR3","unstructured":"CN-SEC. (2025). https:\/\/cn-sec.com\/archives\/3721884.html."},{"key":"9748_CR4","doi-asserted-by":"publisher","first-page":"102817","DOI":"10.1016\/j.cose.2022.102817","volume":"120","author":"L Cui","year":"2022","unstructured":"Cui, L., Cui, J., Hao, Z., Li, L., Ding, Z., & Liu, Y. (2022). An empirical study of vulnerability discovery methods over the past ten years. Computers and Security, 120, 102817.","journal-title":"Computers and Security"},{"key":"9748_CR5","doi-asserted-by":"crossref","unstructured":"Cummins, C., Petoumenos, P., Wang, Z., & Leather, H. (2017). End-to-end deep learning of optimization heuristics. In 2017 26th International Conference on Parallel Architectures and Compilation Techniques (PACT), (pp. 219\u2013232).","DOI":"10.1109\/PACT.2017.24"},{"key":"9748_CR6","doi-asserted-by":"crossref","unstructured":"Du, X., Wen, M., Zhu, J., Xie, Z., Ji, B., Liu, H., Shi, X., & Jin, H. (2024). Generalization-enhanced code vulnerability detection via multi-task instruction fine-tuning. ArXiv. abs\/2406.03718.","DOI":"10.18653\/v1\/2024.findings-acl.625"},{"key":"9748_CR7","doi-asserted-by":"crossref","unstructured":"Duan, X., Wu, J., Ji, S., Rui, Z., Luo, T., Yang, M.,& Wu, Y. (2019). VulSniper: focus your attention to shoot fine-grained vulnerabilities. International Joint Conference on Artificial Intelligence.","DOI":"10.24963\/ijcai.2019\/648"},{"key":"9748_CR8","unstructured":"Dwheeler. (2025). https:\/\/dwheeler.com\/flawfinder\/"},{"key":"9748_CR9","doi-asserted-by":"publisher","first-page":"103247","DOI":"10.1016\/j.cose.2023.103247","volume":"130","author":"Y Fan","year":"2023","unstructured":"Fan, Y., Wan, C., Cai, F., Han, L., & Hao, X. (2023). VDoTR: vulnerability detection based on tensor representation of comprehensive code graphs. Computers and Security, 130, 103247\u2013103261.","journal-title":"Computers and Security"},{"key":"9748_CR10","doi-asserted-by":"crossref","unstructured":"Fu, M., & Tantithamthavorn, C. (2022). LineVul: a transformer-based line-level vulnerability prediction. In 2022 IEEE\/ACM 19th International Conference on Mining Software Repositories (MSR), (pp. 608\u2013620).","DOI":"10.1145\/3524842.3528452"},{"key":"9748_CR11","doi-asserted-by":"crossref","unstructured":"Li, Y., Wang, S., & Nguyen, T. N. (2021). Vulnerability detection with fine-grained interpretations. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.","DOI":"10.1145\/3468264.3468597"},{"key":"9748_CR12","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Shouhuai, X., Jin, H., Zhu, Y., Chen, Z., Wang, S., & Wang, J. (2022). SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 19(4), 2244\u20132258.","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"9748_CR13","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., & Zhong, Y. (2018). VulDeePecker: a deep learning-based system for vulnerability detection. ArXiv. abs\/1801.01681.","DOI":"10.14722\/ndss.2018.23158"},{"key":"9748_CR14","doi-asserted-by":"crossref","unstructured":"Nguyen, V.-A., Nguyen, D. Q., Nguyen, V., Le, T., Tran, Q. H., & Phung, D. Q. (2022). ReGVD: revisiting graph neural networks for vulnerability detection. In 2022 IEEE\/ACM 44th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), (pp. 178\u2013182).","DOI":"10.1109\/ICSE-Companion55297.2022.9793807"},{"key":"9748_CR15","doi-asserted-by":"crossref","unstructured":"Nong, Y., Ou, Y., Pradel, M., Chen, F., & Cai, H. (2022). Generating realistic vulnerabilities via neural code editing: an empirical study. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering.","DOI":"10.1145\/3540250.3549128"},{"key":"9748_CR16","doi-asserted-by":"crossref","unstructured":"Pang, Y., Xue, X., & Namin, A. S. (2015). Predicting vulnerable software components through n-gram analysis and statistical feature Selection. In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), (pp. 543\u2013548).","DOI":"10.1109\/ICMLA.2015.99"},{"key":"9748_CR17","doi-asserted-by":"crossref","unstructured":"Russell, R. L., Kim, L. Y., Hamilton, L. H., Lazovich, T., Harer, J. A., Ozdemir, O., Ellingwood, P. M., & McConley, M. W. (2018). Automated vulnerability detection in source code using deep representation learning. In 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA), (pp. 757\u2013762).","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"9748_CR18","doi-asserted-by":"publisher","first-page":"993","DOI":"10.1109\/TSE.2014.2340398","volume":"40","author":"R Scandariato","year":"2014","unstructured":"Scandariato, R., Walden, J., Hovsepyan, A., & Joosen, W. (2014). Predicting vulnerable software components via text mining. IEEE Transactions on Software Engineering, 40, 993\u20131006.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9748_CR19","unstructured":"Shi, M., Tang, Y., Zhu, X., & Liu, J. (2019). Feature-attention graph convolutional networks for noise resilient learning. ArXiv. abs\/1912.11755."},{"key":"9748_CR20","doi-asserted-by":"crossref","unstructured":"Tang, Z., Shen, X., Li, C., Ge, J., Huang, L., Zhu, Z., & Luo, B. (2022). AST-Trans: code summarization with efficient tree-structured attention. In 2022 IEEE\/ACM 44th International Conference on Software Engineering (ICSE), (pp. 150\u2013162).","DOI":"10.1145\/3510003.3510224"},{"key":"9748_CR21","doi-asserted-by":"publisher","first-page":"122216","DOI":"10.1016\/j.eswa.2023.122216","volume":"238","author":"M Tang","year":"2023","unstructured":"Tang, M., Tang, W., Gui, Q., Jie, H., & Zhao, M. (2023). A vulnerability detection algorithm based on residual graph attention networks for source code imbalance (RGAN). Expert Systems With Applicationsl, 238, 122216.","journal-title":"Expert Systems With Applicationsl"},{"key":"9748_CR22","doi-asserted-by":"publisher","first-page":"121865","DOI":"10.1016\/j.eswa.2023.121865","volume":"238","author":"Z Tian","year":"2023","unstructured":"Tian, Z., Tian, B., Lv, J., Chen, Y., & Chen, L. (2023). Enhancing vulnerability detection via AST decomposition and neural sub-tree encoding. Expert Systems With Applicationsl, 238, 121865.","journal-title":"Expert Systems With Applicationsl"},{"key":"9748_CR23","doi-asserted-by":"publisher","first-page":"3986","DOI":"10.1109\/TIFS.2024.3374219","volume":"19","author":"W Tongshuai","year":"2024","unstructured":"Tongshuai, W., Chen, L., Gewangzi, D., Meng, D., & Shi, G. (2024). UltraVCS: ultra-fine-grained variable-based code slicing for automated vulnerability detection. IEEE Transactions on Information Forensics and Security, 19, 3986\u20134000.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"9748_CR24","unstructured":"Vashishth, S., Sanyal, S., Nitin, V., & Talukdar, P. P. (2019). Composition-based multi-relational graph convolutional networks. ArXiv. abs\/1911.03082."},{"key":"9748_CR25","unstructured":"Velickovic, P., Cucurull, G., Casanova, A., Romero, A., Lio\u2019, P., & Bengio, Y. (2017). Graph attention networks. ArXiv. abs\/1710.10903."},{"key":"9748_CR26","doi-asserted-by":"crossref","unstructured":"Viega, J., Bloch, J. T., Kohno, T., & McGraw, G. (2000). ITS4: a static vulnerability scanner for C and C++ code. In Proceedings 16th Annual Computer Security Applications Conference (ACSAC\u201900), (pp. 257\u2013267).","DOI":"10.1109\/ACSAC.2000.898880"},{"key":"9748_CR27","doi-asserted-by":"crossref","unstructured":"Wang, H., Ye, G., Tang, Z., Tan, S. H., Huang, S., Fang, D., Feng, Y., Bian, L., & Wang, Z. (2021). Combining graph-based learning with automated data collection for code vulnerability detection. IEEE Transactions on Information Forensics and Security, 16, 1943\u20131958.","DOI":"10.1109\/TIFS.2020.3044773"},{"key":"9748_CR28","doi-asserted-by":"crossref","unstructured":"Wen, X.-C., Chen, Y., Gao, C., Zhang, H., Zhang, J., & Liao, Q. (2023). Vulnerability detection with graph simplification and enhanced graph representation learning. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), (pp. 2275\u20132286).","DOI":"10.1109\/ICSE48619.2023.00191"},{"key":"9748_CR29","doi-asserted-by":"crossref","unstructured":"Younis, A. A., Malaiya, Y. K., Anderson, C., & Ray, I. (2016). To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy.","DOI":"10.1145\/2857705.2857750"},{"key":"9748_CR30","doi-asserted-by":"crossref","unstructured":"Zhang, J., Wang, X., Zhang, H., Sun, H., Wang, K., & Liu, X. (2019). A novel neural source code representation based on abstract syntax tree. In 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE), (pp. 783\u2013794).","DOI":"10.1109\/ICSE.2019.00086"},{"key":"9748_CR31","doi-asserted-by":"crossref","unstructured":"Zhang, X., Zhang, F., Zhao, B., Zhou, B., & Xiao, B. (2023). VulD-transformer: source code vulnerability detection via transformer. In Proceedings of the 14th Asia-Pacific Symposium on Internetware.","DOI":"10.1145\/3609437.3609451"},{"issue":"8","key":"9748_CR32","doi-asserted-by":"publisher","first-page":"4152","DOI":"10.1109\/TSE.2023.3285910","volume":"49","author":"C Zhang","year":"2023","unstructured":"Zhang, C., Liu, B., Xin, Y., & Yao, L. (2023). CPVD: cross project vulnerability detection based on graph attention network and domain adaptation. IEEE Transactions on Software Engineering, 49(8), 4152\u20134168.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9748_CR33","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., & Liu, Y. (2019). Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. ArXiv. abs\/1909.03496."},{"key":"9748_CR34","unstructured":"Zhuang, Y., Suneja, S., Thost, V., Domeniconi, G., Morari, A., & Laredo, J. (2021). Software vulnerability detection via deep learning over disaggregated code graph representation. ArXiv. abs\/2109.03341."},{"issue":"5","key":"9748_CR35","first-page":"2224","volume":"18","author":"D Zou","year":"2021","unstructured":"Zou, D., Wang, S., Shouhuai, X., Li, Z., & Jin, H. (2021). $$\\mu $$VulDeePecker: a deep learning-based system for multiclass vulnerability detection. IEEE Transactions on Dependable and Secure Computing, 18(5), 2224\u20132236.","journal-title":"IEEE Transactions on Dependable and Secure Computing"}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-026-09748-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11219-026-09748-5","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-026-09748-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T08:19:43Z","timestamp":1774340383000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11219-026-09748-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,24]]},"references-count":35,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,6]]}},"alternative-id":["9748"],"URL":"https:\/\/doi.org\/10.1007\/s11219-026-09748-5","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,24]]},"assertion":[{"value":"22 October 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}},{"value":"All datasets used in this work are publicly available and do not require informed consent or ethical approval.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval and Informed Consent"}}],"article-number":"15"}}