{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T08:57:33Z","timestamp":1774688253893,"version":"3.50.1"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T00:00:00Z","timestamp":1774656000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T00:00:00Z","timestamp":1774656000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62376240"],"award-info":[{"award-number":["62376240"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"S&T Program of Hebei","award":["236Z0702G"],"award-info":[{"award-number":["236Z0702G"]}]},{"DOI":"10.13039\/501100003787","name":"Natural Science Foundation of Hebei Province","doi-asserted-by":"publisher","award":["F2022203026"],"award-info":[{"award-number":["F2022203026"]}],"id":[{"id":"10.13039\/501100003787","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1007\/s11219-026-09750-x","type":"journal-article","created":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T08:11:29Z","timestamp":1774685489000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["VulDFF: a dual features fusion vulnerability detection model based on CFG"],"prefix":"10.1007","volume":"34","author":[{"given":"Jiazheng","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiadong","family":"Ren","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shuailin","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xingcan","family":"Bao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ke","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,3,28]]},"reference":[{"issue":"10","key":"9750_CR1","first-page":"1","volume":"33","author":"Y Wei","year":"2021","unstructured":"Wei, Y., Sun, X., Bo, L., Cao, S., Xia, X., & Li, B. (2021). A comprehensive study on security bug characteristics. Journal of Software: Evolution and Process, 33(10), 1\u201322.","journal-title":"Journal of Software: Evolution and Process"},{"key":"9750_CR2","doi-asserted-by":"publisher","first-page":"104350","DOI":"10.1016\/j.cose.2025.104350","volume":"151","author":"M Shao","year":"2025","unstructured":"Shao, M., Ding, Y., Cao, J., & Li, Y. (2025). Property graph-based fine-grained vulnerability detection. Computers & Security, 151, 104350.","journal-title":"Computers & Security"},{"key":"9750_CR3","unstructured":"CWE - Common weakness enumeration (2024). https:\/\/cwe.mitre.org\/"},{"issue":"10","key":"9750_CR4","doi-asserted-by":"publisher","first-page":"1825","DOI":"10.1109\/JPROC.2020.2993293","volume":"108","author":"G Lin","year":"2020","unstructured":"Lin, G., Wen, S., Han, Q., Zhang, J., & Xiang, Y. (2020). Software Vulnerability Detection Using Deep Neural Networks: A Survey. Proceedings of the IEEE, 108(10), 1825\u20131848.","journal-title":"Proceedings of the IEEE"},{"issue":"3","key":"9750_CR5","first-page":"55","volume":"57","author":"N Harzevili","year":"2025","unstructured":"Harzevili, N., Belle, A., Wang, J., Wang, S., Jiang, Z., & Nagappan, N. (2025). A Systematic Literature Review on Automated Software Vulnerability Detection Using Machine Learning. ACM Computing Surveys, 57(3), 55.","journal-title":"ACM Computing Surveys"},{"key":"9750_CR6","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., & Zhong, Y. (2018). Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681.","DOI":"10.14722\/ndss.2018.23158"},{"issue":"4","key":"9750_CR7","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., & Chen, Z. (2021). Sysevr: A framework for using deep learning to detect software vulnerabilities. Ieee Transactions On Dependable And Secure Computing, 19(4), 2244\u20132258.","journal-title":"Ieee Transactions On Dependable And Secure Computing"},{"key":"9750_CR8","doi-asserted-by":"publisher","first-page":"185207","DOI":"10.1007\/s11704-023-2771-z","volume":"18","author":"Z Li","year":"2024","unstructured":"Li, Z., Pan, M., Pei, Y., Zhang, T., Wang, L., & Li, X. (2024). Empirically revisiting and enhancing automatic classification of bug and non-bug issues. Front Comput Sci, 18, 185207.","journal-title":"Front Comput Sci"},{"key":"9750_CR9","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., & Liu, Y. (2019). Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Advance Neural Information Process System, 32."},{"key":"9750_CR10","doi-asserted-by":"publisher","first-page":"1943","DOI":"10.1109\/TIFS.2020.3044773","volume":"16","author":"H Wang","year":"2020","unstructured":"Wang, H., Ye, G., Tang, Z., Tan, S., Huang, S., Fang, D., Feng, Y., Bian, L., & Wang, Z. (2020). Combining graph-based learning with automated data collection for code vulnerability detection. Ieee Transactions On Information Forensics And Security, 16, 1943\u20131958.","journal-title":"Ieee Transactions On Information Forensics And Security"},{"issue":"9","key":"9750_CR11","doi-asserted-by":"publisher","first-page":"3280","DOI":"10.1109\/TSE.2021.3087402","volume":"48","author":"S Chakraborty","year":"2022","unstructured":"Chakraborty, S., Krishna, R., Ding, Y., & Ray, B. (2022). Deep learning based vulnerability detection: Are we there yet? IEEE Transactions on Software Engineering, 48(9), 3280\u20133296.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9750_CR12","doi-asserted-by":"publisher","first-page":"107168","DOI":"10.1016\/j.infsof.2023.107168","volume":"158","author":"Y Dong","year":"2023","unstructured":"Dong, Y., Tang, Y., Cheng, X., Yang, Y., & Wang, S. (2023). Statement-level software vulnerability detection based on relational graph convolutional network with subgraph embedding. Information and Software Technology, 158, 107168.","journal-title":"Information and Software Technology"},{"key":"9750_CR13","doi-asserted-by":"crossref","unstructured":"Wu, B., & Zou, F. (2022). Code vulnerability detection based on deep sequence and graph models: A survey. Security & Communication Networks.","DOI":"10.1155\/2022\/1176898"},{"issue":"1","key":"9750_CR14","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/TSE.2018.2881961","volume":"47","author":"HK Dam","year":"2021","unstructured":"Dam, H. K., Tran, T., Pham, T., Ng, S. W., Grundy, J., & Ghose, A. (2021). Automatic Feature Learning for Predicting Vulnerable Software Components. IEEE Transactions on Software Engineering, 47(1), 67\u201385.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9750_CR15","doi-asserted-by":"publisher","first-page":"102823","DOI":"10.1016\/j.cose.2022.102823","volume":"121","author":"W Guo","year":"2022","unstructured":"Guo, W., Fang, Y., Huang, C., Ou, H., Lin, C., & Guo, Y. (2022). HyVulDect: A hybrid semantic vulnerability mining system based on graph neural network. Computers & Security, 121, 102823.","journal-title":"Computers & Security"},{"key":"9750_CR16","doi-asserted-by":"crossref","unstructured":"Mao, Y., Li, Y., Sun, J., & Chen, Y. (2020). Explainable Software vulnerability detection based on attention-based bidirectional recurrent neural networks. In IEEE International Conference on Big Data (pp. 4651\u20134656). IEEE BigData, IEEE.","DOI":"10.1109\/BigData50022.2020.9377803"},{"issue":"3","key":"9750_CR17","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1109\/TSE.2023.3340267","volume":"50","author":"X Wen","year":"2024","unstructured":"Wen, X., Gao, C., Ye, J., Li, Y., Tian, Z., Jia, Y., & Wang, X. (2024). Meta-Path Based Attentional Graph Learning Model for Vulnerability Detection. Ieee Transactions On Software Engineering, 50(3), 360\u2013375.","journal-title":"Ieee Transactions On Software Engineering"},{"key":"9750_CR18","first-page":"103973","volume":"89","author":"G Zhang","year":"2025","unstructured":"Zhang, G., Yao, T., Qin, J., Li, Y., Ma, Q., & Sun, D. (2025). CodeSAGE: A multi-feature fusion vulnerability detection approach using code attribute graphs and attention mechanisms. J Inf Secur Appl, 89, 103973.","journal-title":"J Inf Secur Appl"},{"key":"9750_CR19","doi-asserted-by":"publisher","first-page":"106576","DOI":"10.1016\/j.infsof.2021.106576","volume":"136","author":"S Cao","year":"2021","unstructured":"Cao, S., Sun, X., Bo, L., Wei, Y., & Li, B. (2021). BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection. Inf Softw Technol, 136, 106576.","journal-title":"Inf Softw Technol"},{"key":"9750_CR20","doi-asserted-by":"crossref","unstructured":"Fan, J., Li, Y., Wang, S., & Nguyen, T. (2020). A C\/C\u2009+\u2009+\u2009code vulnerability dataset with code changes and cve summaries, MSR \u201820. In Proceedings of the 17th International Conference on Mining Software Repositories (pp. 508\u2013512).","DOI":"10.1145\/3379597.3387501"},{"key":"9750_CR21","doi-asserted-by":"crossref","unstructured":"Liu, S., Lin, G., Han, Q., Wen, S., Zhang, J., & Xiang, Y. (2019). DeepBalance: Deeplearning and fuzzy oversampling for vulnerability detection. IEEE Transactions on Fuzzy Systems, 28(7), 1329\u20131343.","DOI":"10.1109\/TFUZZ.2019.2958558"},{"key":"9750_CR22","doi-asserted-by":"publisher","first-page":"103469","DOI":"10.1016\/j.cose.2023.103469","volume":"134","author":"B Wu","year":"2023","unstructured":"Wu, B., Zou, F., Yi, P., Wu, Y., & Zhang, L. (2023). SlicedLocator: Code vulnerability locator based on sliced dependence graph. Computers & Security, 134, 103469.","journal-title":"Computers & Security"},{"key":"9750_CR23","doi-asserted-by":"publisher","first-page":"103023","DOI":"10.1016\/j.cose.2022.103023","volume":"125","author":"Y Wang","year":"2023","unstructured":"Wang, Y., Jia, P., Peng, X., Huang, C., & Liu, J. (2023). BinVulDet: Detecting vulnerability in binary program via decompiled pseudo code and BiLSTM-attention. Computers & Security, 125, 103023.","journal-title":"Computers & Security"},{"key":"9750_CR24","doi-asserted-by":"publisher","first-page":"112039","DOI":"10.1016\/j.jss.2024.112039","volume":"213","author":"X Du","year":"2024","unstructured":"Du, X., Zhang, S., Zhou, Y., & Du, H. (2024). A vulnerability severity prediction method based on bimodal data and multi-task learning. Journal of Systems and Software, 213, 112039.","journal-title":"Journal of Systems and Software"},{"key":"9750_CR25","doi-asserted-by":"crossref","unstructured":"Russell, R., Kim, L., Hamilton, L., Lazovich, T., Harer, J., Ozdemir, O., Ellingwood, P., & McConley, M. (2018). Automated vulnerability detection in source code using deep representation learning. In 2018 17th IEEE International Conference on Machine Learning and Applications (pp. 757\u2013762). ICMLA, IEEE.","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"9750_CR26","doi-asserted-by":"crossref","unstructured":"Duan, X., Wu, J., Ji, S., Rui, Z., Luo, T., Yang, M., & Wu, Y. (2019). VulSniper: Focus your attention to shoot fine-grained vulnerabilities. In IJCAI (pp. 4665\u20134671).","DOI":"10.24963\/ijcai.2019\/648"},{"key":"9750_CR27","doi-asserted-by":"crossref","unstructured":"Feng, H., Fu, X., Sun, H., Wang, H., & Zhang, Y. (2020). Efficient vulnerability detection based on abstract syntax tree and deep learning. In IEEE Conference on Computer Communications Workshops (pp. 722\u2013727). INFOCOM, IEEE.","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9163061"},{"key":"9750_CR28","doi-asserted-by":"crossref","unstructured":"Wu, Y., Zou, D., Dou, S., Yang, W., Xu, D., & Jin, H. (2022). VulCNN: An image-inspired scalable vulnerability detection system. In Proceedings of the 44th International Conference on Software Engineering (pp. 23635\u2009\u2013\u20092376). ICSE, ACM.","DOI":"10.1145\/3510003.3510229"},{"key":"9750_CR29","doi-asserted-by":"publisher","first-page":"107219","DOI":"10.1016\/j.infsof.2023.107219","volume":"160","author":"Z Song","year":"2023","unstructured":"Song, Z., Wang, J., Yang, K., & Wang, J. (2023). HGIVul: Detecting inter-procedural vulnerabilities based on hypergraph convolution. Information and Software Technology, 160, 107219.","journal-title":"Information and Software Technology"},{"key":"9750_CR30","doi-asserted-by":"publisher","first-page":"103017","DOI":"10.1016\/j.cose.2022.103017","volume":"125","author":"X Li","year":"2023","unstructured":"Li, X., Xin, Y., Zhu, H., Yang, Y., & Chen, Y. (2023). Cross-domain vulnerability detection using graph embedding and domain adaptation. Computers & Security, 125, 103017.","journal-title":"Computers & Security"},{"key":"9750_CR31","doi-asserted-by":"publisher","first-page":"111705","DOI":"10.1016\/j.jss.2023.111705","volume":"202","author":"D Chen","year":"2023","unstructured":"Chen, D., Feng, L., Fan, Y., Shang, S., & Wei, Z. (2023). Smart contract vulnerability detection based on semantic graph and residual graph convolutional networks with edge attention. Journal of Systems and Software, 202, 111705.","journal-title":"Journal of Systems and Software"},{"key":"9750_CR32","doi-asserted-by":"publisher","first-page":"111775","DOI":"10.1016\/j.jss.2023.111775","volume":"204","author":"H Liu","year":"2023","unstructured":"Liu, H., Fan, Y., Feng, L., & Wei, Z. (2023). Vulnerable smart contract function locating based on multi-relational nested graph convolutional network. Journal of Systems and Software, 204, 111775.","journal-title":"Journal of Systems and Software"},{"key":"9750_CR33","doi-asserted-by":"crossref","unstructured":"Steenhoek, B., Gao, H., & Le, W. (2024). Dataflow analysis-inspired deep learning for efficient vulnerability detection. In Proceedings of the 46th International Conference on Software Engineering (pp. 1\u201313). ICSE, ACM.","DOI":"10.1145\/3597503.3623345"},{"issue":"3","key":"9750_CR34","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/3436877","volume":"30","author":"X Cheng","year":"2021","unstructured":"Cheng, X., Wang, H., Hua, J., Xu, G., & Sui, Y. (2021). DeepWukong: Statically detecting software vulnerabilities using deep graph neural network. ACM Transactions on Software Engineering and Methodology, 30(3), 38.","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"9750_CR35","doi-asserted-by":"crossref","unstructured":"Li, Y., Wang, S., & Nguyen, T. N. (2021). Vulnerability detection with fine-grained interpretations. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 292\u2013303). ESEC\/FSE, ACM.","DOI":"10.1145\/3468264.3468597"},{"key":"9750_CR36","doi-asserted-by":"crossref","unstructured":"Nguyen, V. A., Nguyen, D. Q., Nguyen, V., Le, T., Tran, Q. H., & Phung, D. (2022). Regvd: Revisiting graph neural networks for vulnerability detection. In Proceedings of the ACM\/IEEE 44th International Conference on Software Engineering (pp. 178\u2013182). Companion Proceedings.","DOI":"10.1145\/3510454.3516865"},{"key":"9750_CR37","doi-asserted-by":"publisher","first-page":"107581","DOI":"10.1016\/j.infsof.2024.107581","volume":"177","author":"M Ling","year":"2025","unstructured":"Ling, M., Tang, M., Bian, D., Lv, S., & Tang, Q. (2025). A dual graph neural networks model using sequence embedding as graph nodes for vulnerability detection. Inf Softw Technol, 177, 107581.","journal-title":"Inf Softw Technol"},{"key":"9750_CR38","doi-asserted-by":"publisher","first-page":"102748","DOI":"10.1016\/j.inffus.2024.102748","volume":"115","author":"R Liu","year":"2025","unstructured":"Liu, R., Wang, Y., Xu, H., Sun, J., Zhang, F., Li, P., & Guo, Z. (2025). Vul-LMGNNs: Fusing language models and online-distilled graph neural networks for code vulnerability detection. Inf Fusion, 115, 102748.","journal-title":"Inf Fusion"},{"key":"9750_CR39","unstructured":"Joern. (2021). Open-source code analysis platform for C\/C\u2009+\u2009+\u2009based on code property graphs. https:\/\/joern.io\/"},{"key":"9750_CR40","doi-asserted-by":"crossref","unstructured":"Feng, Z., Guo, D., Tang, D., Duan, N., Feng, X., Gong, M., Shou, L., Qin, B., Liu, T., Jiang, D. (2020). Codebert: A pre-trained model for programming and natural languages. arXiv preprint arXiv:2002.08155.","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"9750_CR41","unstructured":"Kipf, T. N., & Welling, M. (2016). Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv: 1609.02907."},{"key":"9750_CR42","doi-asserted-by":"publisher","first-page":"111623","DOI":"10.1016\/j.jss.2023.111623","volume":"199","author":"W Tang","year":"2023","unstructured":"Tang, W., Tang, M., Ban, M., Zhao, Z., & Feng, M. (2023). A deep learning approach combining sequence and graph embedding for source code vulnerability detection. Journal of Systems and Software, 199, 111623.","journal-title":"Journal of Systems and Software"},{"key":"9750_CR43","doi-asserted-by":"publisher","first-page":"104139","DOI":"10.1016\/j.cose.2024.104139","volume":"148","author":"H He","year":"2025","unstructured":"He, H., Wang, S., Wang, Y., Liu, K., & Yu, L. (2025). VulTR: Software vulnerability detection model based on multi-layer key feature enhancement. Comput Secur, 148, 104139.","journal-title":"Comput Secur"},{"key":"9750_CR44","unstructured":"Roziere, B., Gehring, J., Gloeckle, F. (2023). Code llama: Open foundation models for code, 2023. arXiv preprint arXiv:2308.12950."},{"key":"9750_CR45","unstructured":"Li, R., Allal, L. B., Zi, Y. Starcoder: May the source be with you!2023. arXiv preprint arXiv:2305.06161."},{"key":"9750_CR46","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1038\/s41586-025-09422-z","volume":"645","author":"D Guo","year":"2025","unstructured":"Guo, D., Yang, D., Zhang, H., et al. (2025). DeepSeek-R1 incentivizes reasoning in LLMs through reinforcement learning. Nature, 645, 633\u2013638.","journal-title":"Nature"}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-026-09750-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11219-026-09750-x","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-026-09750-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T08:11:35Z","timestamp":1774685495000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11219-026-09750-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,28]]},"references-count":46,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,6]]}},"alternative-id":["9750"],"URL":"https:\/\/doi.org\/10.1007\/s11219-026-09750-x","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,28]]},"assertion":[{"value":"17 November 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 March 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"18"}}