{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T16:45:11Z","timestamp":1772642711051,"version":"3.50.1"},"reference-count":89,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Expert Systems with Applications"],"published-print":{"date-parts":[[2024,3]]},"DOI":"10.1016\/j.eswa.2023.121865","type":"journal-article","created":{"date-parts":[[2023,9,29]],"date-time":"2023-09-29T20:59:22Z","timestamp":1696021162000},"page":"121865","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":30,"special_numbering":"PB","title":["Enhancing vulnerability detection via AST decomposition and neural sub-tree encoding"],"prefix":"10.1016","volume":"238","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7608-8908","authenticated-orcid":false,"given":"Zhenzhou","family":"Tian","sequence":"first","affiliation":[]},{"given":"Binhui","family":"Tian","sequence":"additional","affiliation":[]},{"given":"Jiajun","family":"Lv","sequence":"additional","affiliation":[]},{"given":"Yanping","family":"Chen","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1550-6170","authenticated-orcid":false,"given":"Lingwei","family":"Chen","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.eswa.2023.121865_b1","series-title":"A static analysis tool for finding vulnerabilities in c\/c++ source code","author":"A. Wheeler","year":"2014"},{"key":"10.1016\/j.eswa.2023.121865_b2","unstructured":"Alon, U., Levy, O., & Yahav, E. (2019). code2seq: Generating Sequences from Structured Representations of Code. In International conference on learning representations."},{"issue":"POPL","key":"10.1016\/j.eswa.2023.121865_b3","doi-asserted-by":"crossref","DOI":"10.1145\/3290353","article-title":"Code2vec: Learning distributed representations of code","volume":"3","author":"Alon","year":"2019","journal-title":"Proceedings of the ACM on Programming Languages"},{"key":"10.1016\/j.eswa.2023.121865_b4","series-title":"Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering","first-page":"257","article-title":"Identifying the characteristics of vulnerable code changes: An empirical study","author":"Bosu","year":"2014"},{"key":"10.1016\/j.eswa.2023.121865_b5","series-title":"2021 IEEE\/ACM 43rd international conference on software engineering","first-page":"1186","article-title":"InferCode: Self-supervised learning of code representations by predicting subtrees","author":"Bui","year":"2021"},{"key":"10.1016\/j.eswa.2023.121865_b6","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2021.106576","article-title":"BGNN4vd: Constructing bidirectional graph neural-network for vulnerability detection","volume":"136","author":"Cao","year":"2021","journal-title":"Information and Software Technology"},{"key":"10.1016\/j.eswa.2023.121865_b7","first-page":"1","article-title":"Deep learning based vulnerability detection: Are we there yet","author":"Chakraborty","year":"2021","journal-title":"IEEE Transactions on Software Engineering"},{"key":"10.1016\/j.eswa.2023.121865_b8","series-title":"Checkmarx","author":"Checkmarx","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b9","first-page":"1","article-title":"How about bug-triggering paths? - understanding and characterizing learning-based vulnerability detectors","author":"Cheng","year":"2022","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"3","key":"10.1016\/j.eswa.2023.121865_b10","doi-asserted-by":"crossref","DOI":"10.1145\/3436877","article-title":"DeepWukong: Statically detecting software vulnerabilities using deep graph neural network","volume":"30","author":"Cheng","year":"2021","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"10.1016\/j.eswa.2023.121865_b11","doi-asserted-by":"crossref","unstructured":"Cheng, X., Wang, H., Hua, J., Zhang, M., Xu, G., Yi, L., et al. (2019). Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding. In 2019 24th International conference on engineering of complex computer systems (pp. 41\u201350).","DOI":"10.1109\/ICECCS.2019.00012"},{"key":"10.1016\/j.eswa.2023.121865_b12","series-title":"Proceedings of the 31st ACM SIGSOFT international symposium on software testing and analysis","first-page":"519","article-title":"Path-sensitive code embedding via contrastive learning for software vulnerability detection","author":"Cheng","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b13","series-title":"CodeChecker: A static analysis infrastructure built on the LLVM\/Clang static analyzer","author":"CodeChecker","year":"2013"},{"key":"10.1016\/j.eswa.2023.121865_b14","doi-asserted-by":"crossref","unstructured":"Croft, R., Babar, M. A., & Kholoosi, M. (2023). Data Quality for Software Vulnerability Datasets. In Proceedings of the 2023 IEEE\/ACM international conference on software engineering (p. 1).","DOI":"10.1109\/ICSE48619.2023.00022"},{"issue":"03","key":"10.1016\/j.eswa.2023.121865_b15","doi-asserted-by":"crossref","first-page":"1044","DOI":"10.1109\/TSE.2022.3171202","article-title":"Data preparation for software vulnerability prediction: A systematic literature review","volume":"49","author":"Croft","year":"2023","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"C","key":"10.1016\/j.eswa.2023.121865_b16","article-title":"An empirical study of vulnerability discovery methods over the past ten years","volume":"120","author":"Cui","year":"2022","journal-title":"Computers & Security"},{"key":"10.1016\/j.eswa.2023.121865_b17","doi-asserted-by":"crossref","first-page":"2004","DOI":"10.1109\/TIFS.2020.3047756","article-title":"VulDetector: Detecting vulnerabilities using weighted feature graph comparison","volume":"16","author":"Cui","year":"2021","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"10.1016\/j.eswa.2023.121865_b18","series-title":"CVE","author":"CVE","year":"2023"},{"key":"10.1016\/j.eswa.2023.121865_b19","series-title":"Common weakness enumeration","author":"CWE","year":"2023"},{"key":"10.1016\/j.eswa.2023.121865_b20","series-title":"2022 IEEE international conference on software analysis, evolution and reengineering","first-page":"959","article-title":"VELVET: A novel ensemble learning approach to automatically locate VulnErable statements","author":"Ding","year":"2022"},{"issue":"4","key":"10.1016\/j.eswa.2023.121865_b21","doi-asserted-by":"crossref","DOI":"10.1145\/3092566","article-title":"Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey","volume":"50","author":"Ghaffarian","year":"2017","journal-title":"ACM Computing Surveys"},{"key":"10.1016\/j.eswa.2023.121865_b22","series-title":"Rough audit tool for security","author":"Google","year":"2013"},{"key":"10.1016\/j.eswa.2023.121865_b23","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.infsof.2015.08.002","article-title":"On the capability of static code analysis to detect security vulnerabilities","volume":"68","author":"Goseva-Popstojanova","year":"2015","journal-title":"Information and Software Technology"},{"key":"10.1016\/j.eswa.2023.121865_b24","series-title":"Proceedings of the sixth ACM conference on data and application security and privacy","first-page":"85","article-title":"Toward large-scale vulnerability discovery using machine learning","author":"Grieco","year":"2016"},{"key":"10.1016\/j.eswa.2023.121865_b25","series-title":"2022 International joint conference on neural networks","first-page":"1","article-title":"Vulberta: Simplified source code pre-training for vulnerability detection","author":"Hanif","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b26","series-title":"Proceedings of the 1993 ACM SIGSOFT international symposium on software testing and analysis","first-page":"160","article-title":"Efficient construction of program dependence graphs","author":"Harrold","year":"1993"},{"key":"10.1016\/j.eswa.2023.121865_b27","series-title":"2022 International joint conference on neural networks","first-page":"1","article-title":"Summarizing source code from structure and context","author":"Hou","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b28","doi-asserted-by":"crossref","unstructured":"Hu, X., Li, G., Xia, X., Lo, D., & Jin, Z. (2018). Deep Code Comment Generation. In 2018 IEEE\/ACM 26th international conference on program comprehension (pp. 200\u201320010).","DOI":"10.1145\/3196321.3196334"},{"key":"10.1016\/j.eswa.2023.121865_b29","series-title":"Infer: A tool to detect bugs in java and c\/c++\/objective-c code before it ships","author":"Infer","year":"2013"},{"key":"10.1016\/j.eswa.2023.121865_b30","series-title":"IEEE symposium on security and privacy, SP 2012, 21-23 May 2012, San Francisco, California, USA","first-page":"48","article-title":"ReDeBug: Finding unpatched code clones in entire OS distributions","author":"Jang","year":"2012"},{"key":"10.1016\/j.eswa.2023.121865_b31","series-title":"Proceedings of the thirty-seventh conference on uncertainty in artificial intelligence","first-page":"54","article-title":"Treebert: A tree-based pre-trained model for programming language","volume":"vol. 161","author":"Jiang","year":"2021"},{"key":"10.1016\/j.eswa.2023.121865_b32","series-title":"Proceedings of the 2019 27th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering","first-page":"695","article-title":"The importance of accounting for real-world labelling when predicting software vulnerabilities","author":"Jimenez","year":"2019"},{"key":"10.1016\/j.eswa.2023.121865_b33","series-title":"Proceedings of the 55th annual meeting of the association for computational linguistics (Volume 1: Long papers)","first-page":"562","article-title":"Deep pyramid convolutional neural networks for text categorization","author":"Johnson","year":"2017"},{"key":"10.1016\/j.eswa.2023.121865_b34","series-title":"Proceedings of the 15th conference of the european chapter of the association for computational linguistics: Volume 2, Short papers","first-page":"427","article-title":"Bag of tricks for efficient text classification","author":"Joulin","year":"2017"},{"key":"10.1016\/j.eswa.2023.121865_b35","series-title":"Proceedings of the 2022 ACM SIGSAC conference on computer and communications security","first-page":"1695","article-title":"TRACER: Signature-based static analysis for detecting recurring vulnerabilities","author":"Kang","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b36","series-title":"Proceedings of the 2014 conference on empirical methods in natural language processing","first-page":"1746","article-title":"Convolutional neural networks for sentence classification","author":"Kim","year":"2014"},{"key":"10.1016\/j.eswa.2023.121865_b37","series-title":"2017 IEEE symposium on security and privacy","first-page":"595","article-title":"VUDDY: A scalable approach for vulnerable code clone discovery","author":"Kim","year":"2017"},{"key":"10.1016\/j.eswa.2023.121865_b38","series-title":"2017 IEEE symposium on security and privacy","first-page":"595","article-title":"VUDDY: A scalable approach for vulnerable code clone discovery","author":"Kim","year":"2017"},{"key":"10.1016\/j.eswa.2023.121865_b39","series-title":"2021 IEEE\/ACM 43rd international conference on software engineering","first-page":"150","article-title":"Code prediction by feeding trees to transformers","author":"Kim","year":"2021"},{"key":"10.1016\/j.eswa.2023.121865_b40","series-title":"Semi-supervised classification with graph convolutional networks","author":"Kipf","year":"2016"},{"key":"10.1016\/j.eswa.2023.121865_b41","series-title":"Proceedings of the 2021 SIAM international conference on data mining","first-page":"208","article-title":"Turning attacks into protection: Social media privacy protection using adversarial attacks","author":"Li","year":"2021"},{"issue":"3","key":"10.1016\/j.eswa.2023.121865_b42","doi-asserted-by":"crossref","first-page":"176","DOI":"10.1109\/TSE.2006.28","article-title":"CP-miner: finding copy-paste and related bugs in large-scale software code","volume":"32","author":"Li","year":"2006","journal-title":"IEEE Transactions on Software Engineering"},{"key":"10.1016\/j.eswa.2023.121865_b43","series-title":"Proceedings of the 29th ACM joint meeting on European software engineering conference and symposium on the foundations of software engineering","first-page":"292","article-title":"Vulnerability detection with fine-grained interpretations","author":"Li","year":"2021"},{"issue":"OOPSLA","key":"10.1016\/j.eswa.2023.121865_b44","doi-asserted-by":"crossref","DOI":"10.1145\/3360588","article-title":"Improving bug detection via context-based code representation learning and attention-based neural networks","volume":"3","author":"Li","year":"2019","journal-title":"Proceedings of the ACM on Programming Languages"},{"issue":"4","key":"10.1016\/j.eswa.2023.121865_b45","doi-asserted-by":"crossref","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","article-title":"VulDeeLocator: A deep learning-based fine-grained vulnerability detector","volume":"19","author":"Li","year":"2022","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"10.1016\/j.eswa.2023.121865_b46","series-title":"Proceedings of the 32nd annual conference on computer security applications","first-page":"201","article-title":"VulPecker: An automated vulnerability detection system based on code similarity analysis","author":"Li","year":"2016"},{"issue":"4","key":"10.1016\/j.eswa.2023.121865_b47","doi-asserted-by":"crossref","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","article-title":"SySeVR: A framework for using deep learning to detect software vulnerabilities","volume":"19","author":"Li","year":"2022","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"10.1016\/j.eswa.2023.121865_b48","series-title":"25th Annual network and distributed system security symposium","article-title":"VulDeePecker: A deep learning-based system for vulnerability detection","author":"Li","year":"2018"},{"issue":"10","key":"10.1016\/j.eswa.2023.121865_b49","doi-asserted-by":"crossref","first-page":"1825","DOI":"10.1109\/JPROC.2020.2993293","article-title":"Software vulnerability detection using deep neural networks: A survey","volume":"108","author":"Lin","year":"2020","journal-title":"Proceedings of the IEEE"},{"key":"10.1016\/j.eswa.2023.121865_b50","series-title":"Proceedings of the 2017 ACM SIGSAC conference on computer and communications security","first-page":"2539","article-title":"POSTER: Vulnerability discovery with function representation learning from unlabeled projects","author":"Lin","year":"2017"},{"issue":"7","key":"10.1016\/j.eswa.2023.121865_b51","doi-asserted-by":"crossref","first-page":"3289","DOI":"10.1109\/TII.2018.2821768","article-title":"Cross-project transfer representation learning for vulnerable function discovery","volume":"14","author":"Lin","year":"2018","journal-title":"IEEE Transactions on Industrial Informatics"},{"key":"10.1016\/j.eswa.2023.121865_b52","first-page":"544","article-title":"An empirical study on the effectiveness of static c code analyzers for vulnerability detection","author":"Lipp","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b53","series-title":"Cppcheck","author":"Marjamaki","year":"2013"},{"key":"10.1016\/j.eswa.2023.121865_b54","unstructured":"Mikolov, T., Chen, K., Corrado, G., & Dean, J. (2013). Efficient Estimation of Word Representations in Vector Space. In 1st International conference on learning representations, ICLR 2013, Scottsdale, Arizona, USA, May 2-4, 2013, Workshop track proceedings."},{"key":"10.1016\/j.eswa.2023.121865_b55","series-title":"2022 State of open source security report","author":"Moore","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b56","series-title":"Proceedings of the 2015 symposium and bootcamp on the science of security","article-title":"Challenges with applying vulnerability prediction models","author":"Morrison","year":"2015"},{"key":"10.1016\/j.eswa.2023.121865_b57","series-title":"Proceedings of the thirtieth AAAI conference on artificial intelligence","first-page":"1287","article-title":"Convolutional neural networks over tree structures for programming language processing","author":"Mou","year":"2016"},{"key":"10.1016\/j.eswa.2023.121865_b58","series-title":"2021 International joint conference on neural networks","first-page":"1","article-title":"Information-theoretic source code vulnerability highlighting","author":"Nguyen","year":"2021"},{"key":"10.1016\/j.eswa.2023.121865_b59","series-title":"2022 IEEE\/ACM 44th international conference on software engineering","first-page":"01","article-title":"SPT-code: Sequence-to-sequence pre-training for learning source code representations","author":"Niu","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b60","series-title":"Proceedings of the 30th ACM joint european software engineering conference and symposium on the foundations of software engineering","first-page":"1097","article-title":"Generating realistic vulnerabilities via neural code editing: An empirical study","author":"Nong","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b61","series-title":"Proceedings of the 2014 conference on empirical methods in natural language processing","first-page":"1532","article-title":"Glove: Global vectors for word representation","author":"Pennington","year":"2014"},{"key":"10.1016\/j.eswa.2023.121865_b62","series-title":"Proceedings of the 22nd ACM SIGSAC conference on computer and communications security","first-page":"426","article-title":"VCCFinder: Finding potential vulnerabilities in open-source projects to assist code audits","author":"Perl","year":"2015"},{"key":"10.1016\/j.eswa.2023.121865_b63","series-title":"Proceedings of the IEEE\/ACM international conference on automated software engineering","first-page":"447","article-title":"Detection of recurring software vulnerabilities","author":"Pham","year":"2010"},{"key":"10.1016\/j.eswa.2023.121865_b64","series-title":"DeepBugs: A learning approach to name-based bug detection, Vol. 2","author":"Pradel","year":"2018"},{"key":"10.1016\/j.eswa.2023.121865_b65","series-title":"2018 17th IEEE international conference on machine learning and applications","first-page":"757","article-title":"Automated vulnerability detection in source code using deep representation learning","author":"Russell","year":"2018"},{"issue":"8","key":"10.1016\/j.eswa.2023.121865_b66","doi-asserted-by":"crossref","first-page":"7719","DOI":"10.1109\/TCYB.2022.3143798","article-title":"Feature-attention graph convolutional networks for noise resilient learning","volume":"52","author":"Shi","year":"2022","journal-title":"IEEE Transactions on Cybernetics"},{"key":"10.1016\/j.eswa.2023.121865_b67","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102417","article-title":"Vdsimilar: Vulnerability detection based on code similarity of vulnerabilities and patches","volume":"110","author":"Sun","year":"2021","journal-title":"Computers & Security"},{"key":"10.1016\/j.eswa.2023.121865_b68","series-title":"Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery","first-page":"2727","article-title":"Pythia: AI-assisted code completion system","author":"Svyatkovskiy","year":"2019"},{"key":"10.1016\/j.eswa.2023.121865_b69","series-title":"Coverity scan static analysis","author":"Synopsys","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b70","series-title":"Proceedings of the 53rd annual meeting of the association for computational linguistics and the 7th international joint conference on natural language processing (Volume 1: Long papers)","first-page":"1556","article-title":"Improved semantic representations from tree-structured long short-term memory networks","author":"Tai","year":"2015"},{"key":"10.1016\/j.eswa.2023.121865_b71","series-title":"2022 52nd Annual IEEE\/IFIP international conference on dependable systems and networks","first-page":"150","article-title":"SeVulDet: A semantics-enhanced learnable vulnerability detector","author":"Tang","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b72","series-title":"Proceedings of the 44th international conference on software engineering","first-page":"150","article-title":"AST-trans: Code summarization with efficient tree-structured attention","author":"Tang","year":"2022"},{"issue":"11","key":"10.1016\/j.eswa.2023.121865_b73","doi-asserted-by":"crossref","DOI":"10.3390\/electronics12112495","article-title":"Learning and fusing multi-view code representations for function vulnerability detection","volume":"12","author":"Tian","year":"2023","journal-title":"Electronics"},{"key":"10.1016\/j.eswa.2023.121865_b74","series-title":"Graph attention networks","author":"Veli\u010dkovi\u0107","year":"2017"},{"key":"10.1016\/j.eswa.2023.121865_b75","series-title":"Proceedings of the 15th ACM \/ IEEE international symposium on empirical software engineering and measurement","article-title":"Continuous software bug prediction","author":"Wang","year":"2021"},{"key":"10.1016\/j.eswa.2023.121865_b76","series-title":"Proceedings of the ACM web conference 2022","first-page":"755","article-title":"Hiddencpg: Large-scale vulnerable clone detection using subgraph isomorphism of code property graphs","author":"Wi","year":"2022"},{"issue":"1","key":"10.1016\/j.eswa.2023.121865_b77","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1109\/TNNLS.2020.2978386","article-title":"A comprehensive survey on graph neural networks","volume":"32","author":"Wu","year":"2021","journal-title":"IEEE Transactions on Neural Networks and Learning Systems"},{"key":"10.1016\/j.eswa.2023.121865_b78","series-title":"2022 IEEE\/ACM 44th international conference on software engineering","first-page":"2365","article-title":"Vulcnn: An image-inspired scalable vulnerability detection system","author":"Wu","year":"2022"},{"key":"10.1016\/j.eswa.2023.121865_b79","series-title":"29th USENIX security symposium","first-page":"1165","article-title":"MVP: Detecting vulnerabilities using Patch-Enhanced vulnerability signatures","author":"Xiao","year":"2020"},{"key":"10.1016\/j.eswa.2023.121865_b80","series-title":"2014 IEEE symposium on security and privacy","first-page":"590","article-title":"Modeling and discovering vulnerabilities with code property graphs","author":"Yamaguchi","year":"2014"},{"key":"10.1016\/j.eswa.2023.121865_b81","series-title":"Proceedings of the 28th annual computer security applications conference","first-page":"359","article-title":"Generalized vulnerability extrapolation using abstract syntax trees","author":"Yamaguchi","year":"2012"},{"key":"10.1016\/j.eswa.2023.121865_b82","series-title":"Proceedings of the 2016 conference of the north american chapter of the association for computational linguistics: Human language technologies","first-page":"1480","article-title":"Hierarchical attention networks for document classification","author":"Yang","year":"2016"},{"key":"10.1016\/j.eswa.2023.121865_b83","series-title":"Proceedings of the sixth ACM conference on data and application security and privacy","first-page":"97","article-title":"To fear or not to fear that is the question: Code characteristics of a vulnerable functionwith an existing exploit","author":"Younis","year":"2016"},{"key":"10.1016\/j.eswa.2023.121865_b84","unstructured":"Yu, N., Yuzhe, O., Michael, P., Feng, C., & Haipeng, C. (2023). VULGEN: Realistic Vulnerability Generation Via Pattern Mining and Deep Learning. In Proceedings of the 2023 IEEE\/ACM international conference on software engineering (p. 1)."},{"key":"10.1016\/j.eswa.2023.121865_b85","doi-asserted-by":"crossref","unstructured":"Zhang, J., Wang, X., Zhang, H., Sun, H., & Liu, X. (2020). Retrieval-based Neural Source Code Summarization. In 2020 IEEE\/ACM 42nd international conference on software engineering (pp. 1385\u20131397).","DOI":"10.1145\/3377811.3380383"},{"key":"10.1016\/j.eswa.2023.121865_b86","series-title":"2019 IEEE\/ACM 41st international conference on software engineering","first-page":"783","article-title":"A novel neural source code representation based on abstract syntax tree","author":"Zhang","year":"2019"},{"key":"10.1016\/j.eswa.2023.121865_b87","series-title":"Proceedings of the 43rd international conference on software engineering: software engineering in practice","first-page":"111","article-title":"D2A: A dataset built for AI-based vulnerability detection methods using differential analysis","author":"Zheng","year":"2021"},{"key":"10.1016\/j.eswa.2023.121865_b88","series-title":"Proceedings of the 33rd international conference on neural information processing systems","article-title":"Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks","author":"Zhou","year":"2019"},{"issue":"5","key":"10.1016\/j.eswa.2023.121865_b89","first-page":"2224","article-title":"MuVulDeePecker: A deep learning-based system for multiclass vulnerability detection","volume":"18","author":"Zou","year":"2021","journal-title":"IEEE Transactions on Dependable and Secure Computing"}],"container-title":["Expert Systems with Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0957417423023679?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0957417423023679?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T06:47:47Z","timestamp":1760683667000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0957417423023679"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3]]},"references-count":89,"alternative-id":["S0957417423023679"],"URL":"https:\/\/doi.org\/10.1016\/j.eswa.2023.121865","relation":{},"ISSN":["0957-4174"],"issn-type":[{"value":"0957-4174","type":"print"}],"subject":[],"published":{"date-parts":[[2024,3]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Enhancing vulnerability detection via AST decomposition and neural sub-tree encoding","name":"articletitle","label":"Article Title"},{"value":"Expert Systems with Applications","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.eswa.2023.121865","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2023 Elsevier Ltd. All rights reserved.","name":"copyright","label":"Copyright"}],"article-number":"121865"}}