{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T15:36:48Z","timestamp":1764949008698,"version":"3.46.0"},"reference-count":27,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T00:00:00Z","timestamp":1764720000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006701","name":"Umm al-Qura University","doi-asserted-by":"publisher","award":["25UQU4331451GSSR02"],"award-info":[{"award-number":["25UQU4331451GSSR02"]}],"id":[{"id":"10.13039\/501100006701","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>As software systems grow increasingly complex and interconnected, detecting vulnerabilities in source code has become a critical and challenging task. Traditional static analysis methods often fall short in capturing deep, context-dependent vulnerabilities and adapting to rapidly evolving threat landscapes. Recent efforts have explored knowledge graphs and transformer-based models to enhance semantic understanding; however, these solutions frequently rely on static knowledge bases, exhibit high computational overhead, and lack adaptability to emerging threats. To address these limitations, we propose DynaKG-NER++, a novel and lightweight framework for context-aware vulnerability detection in source code. Our approach integrates lexical, syntactic, and semantic features using a transformer-based token encoder, dynamic knowledge graph embeddings, and a Graph Attention Network (GAT). We further introduce contrastive learning on vulnerability\u2013patch pairs to improve discriminative capacity and design an attention-based fusion module to combine token and entity representations adaptively. A key innovation of our method is the dynamic construction and continual update of the knowledge graph, allowing the model to incorporate newly published CVEs and evolving relationships without retraining. We evaluate DynaKG-NER++ on five benchmark datasets, demonstrating superior performance across span-level F1 (89.3%), token-level accuracy (93.2%), and AUC-ROC (0.936), while achieving the lowest false positive rate (5.1%) among state-of-the-art baselines. Sta tistical significance tests confirm that these improvements are robust and meaningful. Overall, DynaKG-NER++ establishes a new standard in vulnerability detection, balancing accuracy, adaptability, and efficiency, making it highly suitable for deployment in real-world static analysis pipelines and resource-constrained environments.<\/jats:p>","DOI":"10.3390\/fi17120557","type":"journal-article","created":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T15:11:24Z","timestamp":1764947484000},"page":"557","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Context-Aware Lightweight Framework for Source Code Vulnerability Detection"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4442-1865","authenticated-orcid":false,"given":"Yousef","family":"Sanjalawe","sequence":"first","affiliation":[{"name":"Department of Information Technology, King Abdullah II School for Information Technology, University of Jordan (JU), Amman 11942, Jordan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-0424-6894","authenticated-orcid":false,"given":"Budoor","family":"Allehyani","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, College of Computing, Umm Al-Qura University (UQU), Makkah 24381, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2134-4158","authenticated-orcid":false,"given":"Salam","family":"Al-E\u2019mari","sequence":"additional","affiliation":[{"name":"Department of Information Security, Faculty of Information Technology, University of Petra (UoP), Amman 11196, Jordan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,3]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"103475","DOI":"10.1016\/j.inffus.2025.103475","article-title":"MDVul: A semantic-based complex dependency code vulnerability detection using fusion path","volume":"125","author":"Zhequ","year":"2025","journal-title":"Inf. Fusion"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"110848","DOI":"10.1016\/j.compeleceng.2025.110848","article-title":"A novel approach for software vulnerability detection based on ensemble learning model","volume":"130","author":"Quang","year":"2026","journal-title":"Comput. Electr. Eng."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"104098","DOI":"10.1016\/j.cose.2024.104098","article-title":"Survey of source code vulnerability analysis based on deep learning","volume":"148","author":"Liang","year":"2025","journal-title":"Comput. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s10664-025-10749-4","article-title":"A zero-shot framework for cross-project vulnerability detection in source code","volume":"31","author":"Haque","year":"2026","journal-title":"Empir. Softw. Eng."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3556974","article-title":"Android source code vulnerability detection: A systematic literature review","volume":"55","author":"Senanayake","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"103450","DOI":"10.1016\/j.inffus.2025.103450","article-title":"Enhancing vulnerability detection by fusing code semantic features with LLM-generated explanations","volume":"125","author":"Tian","year":"2026","journal-title":"Inf. Fusion"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Ziems, N., and Wu, S. (2021, January 10\u201313). Security vulnerability detection using deep learning natural language processing. Proceedings of the IEEE INFOCOM 2021-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Vancouver, BC, Canada.","DOI":"10.1109\/INFOCOMWKSHPS51825.2021.9484500"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1176898","DOI":"10.1155\/2022\/1176898","article-title":"Code vulnerability detection based on deep sequence and graph models: A survey","volume":"2022","author":"Wu","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Xu, X., Hu, T., Li, B., and Liao, L. (2023, January 27\u201329). Ccdetector: Detect chaincode vulnerabilities based on knowledge graph. Proceedings of the 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC), Torino, Italy.","DOI":"10.1109\/COMPSAC57700.2023.00095"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1007\/s44163-025-00347-0","article-title":"Static detection method for multi-level network source code vulnerabilities based on knowledge graph technology","volume":"5","author":"Xiao","year":"2025","journal-title":"Discov. Artif. Intell."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Hanif, H., and Maffeis, S. (2022, January 18\u201323). Vulberta: Simplified source code pre-training for vulnerability detection. Proceedings of the 2022 International Joint Conference on Neural Networks (IJCNN), Padua, Italy.","DOI":"10.1109\/IJCNN55064.2022.9892280"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"3454","DOI":"10.1109\/TSE.2024.3493245","article-title":"Stagedvulbert: Multi-granular vulnerability detection with a novel pre-trained code model","volume":"50","author":"Jiang","year":"2024","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Curto, C., Giordano, D., Palazzo, S., and Indelicato, D. (2024, January 8\u201310). MultiVD: A Transformer-based Multitask Approach for Software Vulnerability Detection. Proceedings of the 21st International Conference on Security and Cryptography, Dijon, France.","DOI":"10.5220\/0012719400003767"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Tian, L., and Zhang, C. (2025, January 21\u201323). EFVD: A Framework of Source Code Vulnerability Detection via Fusion of Enhanced Graph Representation Learning and Pre-trained Transformer-Based Model. Proceedings of the 2025 5th International Conference on Computer Network Security and Software Engineering, Qingdao, China.","DOI":"10.1145\/3732365.3732421"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Ding, Y., Suneja, S., Zheng, Y., Laredo, J., Morari, A., Kaiser, G., and Ray, B. (2022, January 15\u201318). VELVET: A noVel Ensemble Learning approach to automatically locate VulnErable sTatements. Proceedings of the 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Virtual.","DOI":"10.1109\/SANER53432.2022.00114"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Sheng, Z., Wu, F., Zuo, X., Li, C., Qiao, Y., and Hang, L. (2024). Lprotector: An llm-driven vulnerability detection system. arXiv.","DOI":"10.1109\/ICDSCA63855.2024.10859408"},{"key":"ref_17","unstructured":"Yang, A.Z., Tian, H., Ye, H., Martins, R., and Goues, C.L. (2024). Security vulnerability detection with multitask self-instructed fine-tuning of large language models. arXiv."},{"key":"ref_18","unstructured":"Bhandari, G., Naseer, A., and Moonen, L. (2021, January 12\u201316). CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software. Proceedings of the 2021 IEEE\/ACM 6th International Conference on Software Testing, Verification and Validation (ICST), Porto de Galinhas, Brazil."},{"key":"ref_19","unstructured":"National Institute of Standards and Technology (NIST) (2025, June 30). National Vulnerability Database (NVD), Available online: https:\/\/nvd.nist.gov."},{"key":"ref_20","unstructured":"Zero, G.P. (2025, June 30). VulnCode-DB. Available online: https:\/\/github.com\/google\/vulncode-db."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Ni, C., Shen, L., Yang, X., Zhu, Y., and Wang, S. (2024, January 15\u201316). MegaVul: A C\/C++ Vulnerability Dataset with Comprehensive Code Representations. Proceedings of the 21st IEEE\/ACM International Conference on Mining Software Repositories (MSR), Lisbon, Portugal. Available online: https:\/\/github.com\/Icyrockton\/MegaVul.","DOI":"10.1145\/3643991.3644886"},{"key":"ref_22","unstructured":"Ruan, B., Liu, J., Zhao, W., and Liang, Z. (November, January 27). VulZoo: A Comprehensive Vulnerability Intelligence Dataset. Proceedings of the ASE Tool Demonstrations, 39th International Conference on Automated Software Engineering (ASE), Sacramento, CA, USA. Available online: https:\/\/github.com\/NUS-Curiosity\/VulZoo."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"103512","DOI":"10.1016\/j.cose.2023.103512","article-title":"Detection of obfuscated Tor traffic based on bidirectional generative adversarial networks and vision transform","volume":"135","author":"Sanjalawe","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"98516","DOI":"10.1109\/ACCESS.2023.3313630","article-title":"Abnormal transactions detection in the ethereum network using semi-supervised generative adversarial networks","volume":"11","author":"Sanjalawe","year":"2023","journal-title":"IEEE Access"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"He, X., Han, D., Zhou, S., Fu, X., and Li, H. (2025). An Improved Software Source Code Vulnerability Detection Method: Combination of Multi-Feature Screening and Integrated Sampling Model. Sensors, 25.","DOI":"10.3390\/s25061816"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"102748","DOI":"10.1016\/j.inffus.2024.102748","article-title":"Vul-LMGNNs: Fusing language models and online-distilled graph neural networks for code vulnerability detection","volume":"115","author":"Liu","year":"2025","journal-title":"Inf. Fusion"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Du, X., Wen, M., Zhu, J., Xie, Z., Ji, B., Liu, H., Shi, X., and Jin, H. (2024). Generalization-enhanced code vulnerability detection via multi-task instruction fine-tuning. arXiv.","DOI":"10.18653\/v1\/2024.findings-acl.625"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/12\/557\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T15:34:32Z","timestamp":1764948872000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/12\/557"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,3]]},"references-count":27,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["fi17120557"],"URL":"https:\/\/doi.org\/10.3390\/fi17120557","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,3]]}}}