{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T09:05:47Z","timestamp":1775552747179,"version":"3.50.1"},"reference-count":54,"publisher":"World Scientific Pub Co Pte Ltd","issue":"09","funder":[{"name":"Basic Innovation Research Cultivation Program of Yanshan University","award":["2024LGZD004"],"award-info":[{"award-number":["2024LGZD004"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62376240"],"award-info":[{"award-number":["62376240"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"S&T Program of Hebei","award":["236Z0304G"],"award-info":[{"award-number":["236Z0304G"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2026,7]]},"abstract":"<jats:p>Heap vulnerabilities pose a significant risk to software, leading to stability issues such as slowdown and resource depletion. These vulnerabilities can potentially disrupt critical operations and compromise the overall system performance, especially in the case of automated control systems implemented in C\/C[Formula: see text] language. While various artificial intelligence-based detection methods have been studied, there has been limited analysis of the detection process and the structural and semantic features, resulting in lower detection efficiency. This paper proposes a novel heap vulnerability detection (HVDet) method based on the Pointer Program Dependency Graph (P-PDG) representation and Bidirectional Gated Recurrent Unit (Bi-GRU) algorithm for software. Through inter-procedural analysis, the P-PDG serves as an innovative code representation model that places emphasis on pointer operations, which are closely associated with heap vulnerabilities. It leads to a reduction in code size while simultaneously capturing a broader range of structural and semantic features of the source code. Subsequently, a mixed feature matrix incorporating these features from code slices is generated as input for the Bi-GRU algorithm. When compared with 7 state-of-the-art (SOTA) vulnerability detection tools, HVDet demonstrates superior performance. It successfully identified three heap vulnerabilities in real-world software such as Linux Kernel, Espruino and LibreDWG.<\/jats:p>","DOI":"10.1142\/s0218194025501086","type":"journal-article","created":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T11:29:07Z","timestamp":1766575747000},"page":"1255-1284","source":"Crossref","is-referenced-by-count":0,"title":["HVDet: Heap Vulnerability Detection Method Based on P-PDG Representation and Bi-GRU Algorithm"],"prefix":"10.1142","volume":"36","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-9320-9382","authenticated-orcid":false,"given":"Rong","family":"Ren","sequence":"first","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, Qinhuangdao, P. R. China"},{"name":"The Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, P. R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jingyi","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, Qinhuangdao, P. R. China"},{"name":"The Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, P. R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9867-8439","authenticated-orcid":false,"given":"Bing","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, Qinhuangdao, P. R. China"},{"name":"The Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, P. R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haitao","family":"He","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, Qinhuangdao, P. R. China"},{"name":"The Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, P. R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7159-1424","authenticated-orcid":false,"given":"Qian","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, Qinhuangdao, P. R. China"},{"name":"The Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, P. R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guoyan","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, Qinhuangdao, P. R. China"},{"name":"The Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, P. R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"219","published-online":{"date-parts":[[2026,1,26]]},"reference":[{"key":"S0218194025501086BIB001","unstructured":"MITRE Corporation, Common vulnerabilities and exposures, 2023, http:\/\/cve.mitre.org."},{"key":"S0218194025501086BIB002","unstructured":"MITRE Corporation, 2020 cwe top 25 most dangerous software weaknesses, 2020, https:\/\/cwe.mitre.org\/top25\/archive\/2020\/2020_cwe_top25.html."},{"key":"S0218194025501086BIB003","unstructured":"MITRE Corporation, 2021 cwe top 25 most dangerous software weaknesses, 2021, https:\/\/cwe.mitre.org\/top25\/archive\/2021\/2021_cwe_top25.html."},{"key":"S0218194025501086BIB004","unstructured":"MITRE Corporation, 2022 cwe top 25 most dangerous software weaknesses, 2022, https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html."},{"key":"S0218194025501086BIB005","unstructured":"MITRE Corporation, 2023 cwe top 25 most dangerous software weaknesses, 2023, https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_cwe_top25.html."},{"key":"S0218194025501086BIB006","unstructured":"MITRE Corporation, 2024 cwe top 25 most dangerous software weaknesses, 2024, https:\/\/cwe.mitre.org\/top25\/archive\/2024\/2024_cwe_top25.html."},{"issue":"8","key":"S0218194025501086BIB007","first-page":"188","volume":"42","author":"Yang Y.","year":"2021","journal-title":"J. Commun."},{"key":"S0218194025501086BIB008","first-page":"1","volume-title":"Proc. 37th IEEE\/ACM Int. Conf. Automated Software Engineering","author":"Yu Y.","year":"2023"},{"key":"S0218194025501086BIB009","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690310"},{"key":"S0218194025501086BIB010","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2015.10"},{"key":"S0218194025501086BIB011","unstructured":"J. Liu, H. An, J. Li and H. Liang, Detecting exploit primitives automatically for heap vulnerabilities on binary programs, arXiv:2212.13990."},{"key":"S0218194025501086BIB012","doi-asserted-by":"publisher","DOI":"10.1109\/ICSIP61881.2024.10671522"},{"key":"S0218194025501086BIB013","first-page":"521","volume-title":"2010 IEEE Int. Conf. Information Theory and Information Security","author":"Li P.","year":"2010"},{"key":"S0218194025501086BIB014","doi-asserted-by":"publisher","DOI":"10.1109\/CECNet.2013.6703400"},{"key":"S0218194025501086BIB015","doi-asserted-by":"publisher","DOI":"10.1109\/ICCC51575.2020.9345026"},{"key":"S0218194025501086BIB016","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2003.1209970"},{"issue":"5","key":"S0218194025501086BIB017","first-page":"1330","volume":"30","author":"Zhu Y.","year":"2019","journal-title":"J. Softw."},{"key":"S0218194025501086BIB018","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-014-3460-8"},{"key":"S0218194025501086BIB019","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180178"},{"issue":"4","key":"S0218194025501086BIB020","first-page":"827","volume":"28","author":"Li X.","year":"2017","journal-title":"J. Softw."},{"key":"S0218194025501086BIB021","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3076142"},{"key":"S0218194025501086BIB022","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v30i1.10139"},{"key":"S0218194025501086BIB023","first-page":"1364","volume-title":"Proc. 35th IEEE\/ACM Int. Conf. Automated Software Engineering","author":"Liu S.","year":"2021"},{"key":"S0218194025501086BIB024","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102572"},{"key":"S0218194025501086BIB025","volume-title":"Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks","author":"Zhou Y.","year":"2019"},{"key":"S0218194025501086BIB026","unstructured":"Z. Li, D. Zou, S. Xu, X. Ou, H. Jin, S. Wang, Z. Deng and Y. Zhong, Vuldeepecker: A deep learning-based system for vulnerability detection, abs\/1801.01681."},{"issue":"5","key":"S0218194025501086BIB027","first-page":"2224","volume":"18","author":"Zou D.","year":"2021","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"S0218194025501086BIB028","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2021.3137314"},{"key":"S0218194025501086BIB029","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"S0218194025501086BIB030","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510229"},{"key":"S0218194025501086BIB031","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528452"},{"key":"S0218194025501086BIB032","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3527949"},{"key":"S0218194025501086BIB033","unstructured":"Checkmarx (2023), Accessed: 2024-07-11."},{"key":"S0218194025501086BIB034","unstructured":"D. A. Wheeler, Flawfinder (2023), Accessed: 2024-07-11."},{"key":"S0218194025501086BIB035","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857720"},{"key":"S0218194025501086BIB036","doi-asserted-by":"publisher","DOI":"10.1109\/ICISCE.2016.76"},{"key":"S0218194025501086BIB037","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-017-5069-3"},{"key":"S0218194025501086BIB038","unstructured":"J. A. Harer\n                      et al.\n                      , Automated software vulnerability detection with machine learning,\n                      CoRR\n                      , abs\/1803.04497."},{"key":"S0218194025501086BIB039","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2821768"},{"key":"S0218194025501086BIB040","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"S0218194025501086BIB041","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-Companion58688.2023.00059"},{"key":"S0218194025501086BIB042","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833610"},{"key":"S0218194025501086BIB043","first-page":"99","volume-title":"27th USENIX Security Symp.","author":"Eckert M.","year":"2018"},{"key":"S0218194025501086BIB044","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00691-1"},{"key":"S0218194025501086BIB045","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427645"},{"key":"S0218194025501086BIB046","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6639345"},{"key":"S0218194025501086BIB047","doi-asserted-by":"publisher","DOI":"10.1145\/3065386"},{"key":"S0218194025501086BIB048","unstructured":"I. Sutskever, O. Vinyals and Q. V. Le, Sequence to sequence learning with neural networks,\n                      CoRR\n                      , abs\/1409.3215."},{"issue":"3","key":"S0218194025501086BIB049","first-page":"18","volume":"2","author":"Liaw A.","year":"2002","journal-title":"R News"},{"key":"S0218194025501086BIB050","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2001.989572"},{"key":"S0218194025501086BIB051","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-64626-3_12"},{"key":"S0218194025501086BIB052","unstructured":"Clang: A c language family frontend for llvm, 2023, https:\/\/clang.llvm.org\/."},{"key":"S0218194025501086BIB053","unstructured":"T. Mikolov, K. Chen, G. Corrado and J. Dean, Efficient estimation of word representations in vector space, arXiv:1301.3781."},{"key":"S0218194025501086BIB054","unstructured":"J. Bond, Vdpython 2022, https:\/\/github.com\/johnb110\/VDPython."}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194025501086","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T08:25:27Z","timestamp":1775550327000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/10.1142\/S0218194025501086"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,26]]},"references-count":54,"journal-issue":{"issue":"09","published-print":{"date-parts":[[2026,7]]}},"alternative-id":["10.1142\/S0218194025501086"],"URL":"https:\/\/doi.org\/10.1142\/s0218194025501086","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"value":"0218-1940","type":"print"},{"value":"1793-6403","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,26]]}}}