pith. machine review for the scientific record. sign in

arxiv: 2605.07737 · v1 · submitted 2026-05-08 · 💻 cs.SE

Recognition: no theorem link

Securing the Dark Matter: A Semantic-Enhanced Neuro-Symbolic Framework for Supply Chain Analysis of Opaque Industrial Software

Bowei Ning , Xuejun Zong , Lian Lian , Kan He , Yifei Sun , Yuxiang Lei , Plamen Vasilev
Authors on Pith no claims yet

Pith reviewed 2026-05-11 03:04 UTC · model grok-4.3

classification 💻 cs.SE
keywords binary analysisneuro-symbolic frameworksoftware supply chainvulnerability detectionknowledge graphsindustrial control systemsAPT fingerprint matchingabstract interpretation
0
0 comments X

The pith

A neuro-symbolic framework reconstructs behavioral semantics from stripped binaries to enable global supply-chain vulnerability reasoning.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper aims to close the semantic gap in analyzing industrial software that ships only as stripped, symbol-free binaries. It proposes combining abstract interpretation with a reflexive prompting pipeline to extract accurate behavioral semantics from an LLM without hallucinations, then compresses the results into typed knowledge graphs for scalable reasoning. A domain-adapted Graphormer plus subgraph matching then traces vulnerability propagation and matches attack patterns. If these steps succeed, defenders gain reliable detection of high-impact CVEs and APT fingerprints where conventional binary tools or unconstrained language models fall short. Readers in critical infrastructure security would care because the method targets real deployed systems from multiple vendors rather than idealized source code.

Core claim

The semantic-enhanced neuro-symbolic framework reconstructs behavioral semantics directly from opaque binaries using abstract interpretation and reflexive prompting to suppress hallucinations, applies a surjective transformation that compresses Code Property Graphs into Software Supply Chain Knowledge Graphs, and employs a domain-adapted Graphormer augmented by embedding-space subgraph matching to capture long-range vulnerability propagation and uncover zero-day and APT-style patterns.

What carries the argument

The semantic-enhanced neuro-symbolic framework driven by three mechanisms: abstract interpretation with reflexive prompting that constrains a local LLM agent, a surjective transformation from raw Code Property Graphs to typed Software Supply Chain Knowledge Graphs, and a domain-adapted Graphormer with embedding-space subgraph matching.

If this is right

  • Outperforms all baselines on detection accuracy, semantic lifting fidelity, and APT fingerprint matching across three benchmarks of increasing domain specificity.
  • Achieves strong coverage of high-impact CVEs when deployed on a hybrid virtual-physical testbed using production-grade hardware from five ICS vendors.
  • Substantially lowers false-positive rates compared with leading commercial tools.
  • Enables tractable global risk reasoning over supply-chain graphs that include zero-day and APT-style attack patterns.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same constrained extraction and graph compression steps could be tested on stripped binaries from other embedded domains such as automotive or medical devices.
  • The knowledge-graph representation may allow composition with existing source-based SCA tools to create hybrid analysis pipelines.
  • If the surjective property holds, the graphs could support additional reasoning tasks such as compliance checking against supply-chain security standards.
  • Success would motivate similar neuro-symbolic lifts for other reverse-engineering problems where semantic fidelity matters more than raw syntax.

Load-bearing premise

The reflexive prompting pipeline combined with abstract interpretation can reliably suppress LLM hallucinations and produce accurate behavioral semantics from stripped binaries, and the surjective transformation to Software Supply Chain Knowledge Graphs preserves all information needed for correct global risk reasoning.

What would settle it

A stripped binary containing a documented high-impact CVE whose vulnerability propagation path is missed or mis-ranked by the framework while being correctly identified by source-level analysis or manual inspection.

Figures

Figures reproduced from arXiv: 2605.07737 by Bowei Ning, Kan He, Lian Lian, Plamen Vasilev, Xuejun Zong, Yifei Sun, Yuxiang Lei.

Figure 1
Figure 1. Figure 1: End-to-end pipeline of the proposed SCAA framework. A stripped binary is first parsed into a Code Property [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Three-tier abstract domain A derived from MITRE ATT&CK for ICS. Tier 1 comprises 5 macro-behavior categories; Tier 2 refines these into 27 specific actions; Tier 3 qualifies 43 risk-contextualized labels. The partial order ⊑ follows the containment hierarchy, with ⊤ (Unknown Behavior) as the top element. Only representative branches are shown for clarity. 3.2.2 Galois Connection Formulation We establish a … view at source ↗
Figure 3
Figure 3. Figure 3: Reflexive Prompting pipeline. The teacher model (DeepSeek-v3) generates semantic summaries, which are [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Concrete example of the surjective transformation [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Domain-specific attention bias in a single Graphormer head. [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Comparative efficacy of six vulnerability-detection methods. [PITH_FULL_IMAGE:figures/full_fig_p016_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Ablation study on the InduVul-Dataset. (a) ∆F1 relative to the full model for four component removals across three datasets; the Semantic-Lifting drop widens monotonically toward industrial data (−10.4 → −14.5 → −15.2). (b) Dumbbell chart of Recall on short- versus long-range dependencies: the connected dots trace the progression from GCN through Graphormer (w/o EdgeEnc) to the full model, revealing a +28.… view at source ↗
Figure 8
Figure 8. Figure 8: APT detection diagnostics (four-panel view). [PITH_FULL_IMAGE:figures/full_fig_p019_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Semantic Lifting fidelity diagnostics. Left: Per-category EVR heatmap across four LLMs on the Golden Set (n=500); Reflexive Prompting reduces overall EVR by 4.7× relative to vanilla Qwen3-7B and by 6.0× on Hardware, with Cryptography remaining the hardest category. Right: Severity-ordered taxonomy of the 29 residual violations (donut chart): 48.3% under-specification, 27.6% misclassification, and 24.1% com… view at source ↗
Figure 10
Figure 10. Figure 10: Robustness analysis. (a) F1 as a function of the three hyperparameters β, τapt, and ε, plotted on a shared offset-from-optimum axis; the shaded band marks the ±3.2-point envelope around F max 1 = 89.4, within which all three parameters remain across the full tested range. (b) Horizontal lollipop chart of SSCKG compression on a log-scale axis: each row connects the raw CPG node count (grey square) to the S… view at source ↗
Figure 11
Figure 11. Figure 11: Architecture of the InduGuard-Testbed. The platform integrates three PLC families (Siemens S7-1200/1500, [PITH_FULL_IMAGE:figures/full_fig_p024_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Tier A static scalability on the InduGuard-Testbed (50 firmware images). (a) Per-stage processing time [PITH_FULL_IMAGE:figures/full_fig_p025_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: Tier B dynamic efficacy on the hybrid testbed. (a) Traffic-light detection heatmap across 15 CVEs [PITH_FULL_IMAGE:figures/full_fig_p027_13.png] view at source ↗
read the original abstract

Automated vulnerability detection in critical-infrastructure software confronts a fundamental barrier: industrial software is routinely deployed as stripped, symbol-free binaries that deprive conventional Software Composition Analysis of the source-level transparency it requires. Existing binary analysis techniques close this Semantic Gap only partially -- graph-based detectors preserve structural syntax but discard behavioral semantics, while large language models supply rich semantic cues at the cost of unstable, hallucination-prone inference. To address this gap, we present a semantic-enhanced neuro-symbolic framework that reconstructs behavioral semantics directly from opaque binaries and performs tractable global risk reasoning. Three tightly coupled mechanisms drive this capability: (1) abstract interpretation combined with a reflexive prompting pipeline that structurally constrains a local LLM agent, effectively suppressing hallucinations; (2) a surjective transformation that compresses raw Code Property Graphs into typed Software Supply Chain Knowledge Graphs amenable to scalable reasoning; and (3) a domain-adapted Graphormer that captures long-range vulnerability propagation, augmented by embedding-space subgraph matching to uncover zero-day and APT-style attack patterns. Evaluated across three benchmarks of increasing domain specificity, the framework consistently outperforms all baselines on detection accuracy, semantic lifting fidelity, and APT fingerprint matching. Deployment on a hybrid virtual-physical testbed incorporating production-grade hardware from five ICS vendors further confirms strong detection coverage of high-impact CVEs while substantially reducing false-positive rates relative to leading commercial tools.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript presents a semantic-enhanced neuro-symbolic framework for analyzing supply chains of opaque industrial software binaries. It addresses the semantic gap in stripped binaries by combining (1) abstract interpretation with a reflexive prompting pipeline to constrain an LLM agent and suppress hallucinations for behavioral semantics extraction, (2) a surjective transformation compressing Code Property Graphs into typed Software Supply Chain Knowledge Graphs for scalable reasoning, and (3) a domain-adapted Graphormer augmented with embedding-space subgraph matching to capture long-range vulnerability propagation and APT patterns. The framework is claimed to outperform baselines on three benchmarks of increasing specificity in detection accuracy, semantic lifting fidelity, and APT fingerprint matching, and is validated on a hybrid virtual-physical testbed with hardware from five ICS vendors showing strong CVE coverage and reduced false positives compared to commercial tools.

Significance. If the central claims are substantiated with rigorous evidence, the work could significantly advance binary analysis and software supply chain security for critical infrastructure. The neuro-symbolic integration potentially overcomes limitations of pure graph-based detectors (which lose behavioral semantics) and standalone LLMs (which suffer from hallucinations). The KG-based global reasoning and subgraph matching for zero-day/APT detection represent a promising direction. However, the current lack of methodological details, statistical validation, and justification for information preservation in the transformation limits the assessable impact and reproducibility.

major comments (3)
  1. Abstract: The assertion that the surjective transformation from Code Property Graphs to typed Software Supply Chain Knowledge Graphs preserves all information needed for correct global risk reasoning and APT fingerprint matching is not supported by a proof or empirical check. Surjectivity alone permits many-to-one collapses that can erase distinctions between distinct call sites, data-flow paths, or control dependencies in the original CPG, potentially yielding lossy representations for downstream Graphormer reasoning and subgraph matching. A demonstration that the typing and compression rules are injective on relevant behavioral relations (or reconstruction fidelity metrics) is required to support the central claim.
  2. Abstract: The reported outperformance across three benchmarks and the ICS hardware testbed lacks any details on baseline implementations, statistical significance tests, data exclusion criteria, or error analysis. Without these, the claims of superior detection accuracy, semantic lifting fidelity, and false-positive reduction cannot be verified or compared fairly to existing methods, leaving the empirical contribution unverifiable from the available text.
  3. Abstract: The reflexive prompting pipeline combined with abstract interpretation is claimed to reliably suppress LLM hallucinations and produce accurate behavioral semantics from stripped binaries. No specific prompt structures, structural constraints, validation metrics for hallucination rates, or ablation studies on this mechanism are described, making it difficult to assess the robustness of the neuro-symbolic component under realistic binary variability.
minor comments (2)
  1. The abstract introduces specialized terms such as 'reflexive prompting pipeline' and 'embedding-space subgraph matching' without brief definitions or forward references, which reduces accessibility.
  2. Consider including an architectural diagram showing the data flow among the three mechanisms (abstract interpretation + LLM, CPG-to-KG transform, Graphormer + matching) to clarify integration.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the detailed and constructive review. We address each major comment below with clarifications and commit to revisions that strengthen the manuscript's rigor, reproducibility, and evidential support without altering the core contributions.

read point-by-point responses

  1. Referee: Abstract: The assertion that the surjective transformation from Code Property Graphs to typed Software Supply Chain Knowledge Graphs preserves all information needed for correct global risk reasoning and APT fingerprint matching is not supported by a proof or empirical check. Surjectivity alone permits many-to-one collapses that can erase distinctions between distinct call sites, data-flow paths, or control dependencies in the original CPG, potentially yielding lossy representations for downstream Graphormer reasoning and subgraph matching. A demonstration that the typing and compression rules are injective on relevant behavioral relations (or reconstruction fidelity metrics) is required to support the central claim.

    Authors: We acknowledge that the abstract asserts preservation via the surjective mapping but does not supply an explicit proof or fidelity metrics. The full manuscript (Section 4.2) defines the typing and compression rules to retain vulnerability-critical relations, yet we agree a dedicated demonstration is needed. In revision we will add (i) a formal argument establishing that the rules are injective on data-flow paths, control dependencies, and call-site distinctions relevant to risk reasoning, and (ii) empirical reconstruction-fidelity metrics (precision/recall of recovered CPG substructures) computed on the three benchmarks. These additions directly address the concern about potential lossy collapses. revision: yes

  2. Referee: Abstract: The reported outperformance across three benchmarks and the ICS hardware testbed lacks any details on baseline implementations, statistical significance tests, data exclusion criteria, or error analysis. Without these, the claims of superior detection accuracy, semantic lifting fidelity, and false-positive reduction cannot be verified or compared fairly to existing methods, leaving the empirical contribution unverifiable from the available text.

    Authors: We agree that the evaluation section requires greater transparency. While Section 5 describes the benchmarks and high-level baseline categories, concrete implementation details, statistical tests, exclusion rules, and error breakdowns are insufficient. In the revision we will expand the section to include: full baseline specifications (reimplementation details, versions, hyperparameters, and code availability), results of statistical significance tests (e.g., McNemar’s test and Wilcoxon signed-rank with p-values), explicit data-exclusion criteria, and a systematic error analysis with representative false-positive and false-negative cases. These changes will make the performance claims verifiable and comparable. revision: yes

  3. Referee: Abstract: The reflexive prompting pipeline combined with abstract interpretation is claimed to reliably suppress LLM hallucinations and produce accurate behavioral semantics from stripped binaries. No specific prompt structures, structural constraints, validation metrics for hallucination rates, or ablation studies on this mechanism are described, making it difficult to assess the robustness of the neuro-symbolic component under realistic binary variability.

    Authors: The referee correctly identifies that the high-level description in Section 3.1 does not provide concrete prompt templates, constraints, hallucination metrics, or ablations. In the revised manuscript we will add: (1) representative prompt structures and the reflexive-loop constraints derived from abstract-interpretation results, (2) hallucination-rate metrics obtained via expert annotation on a 100-binary validation subset, and (3) ablation experiments isolating the reflexive component versus plain LLM and abstract-interpretation-only variants. These additions will allow readers to evaluate the mechanism’s robustness across binary variability. revision: yes

Circularity Check

0 steps flagged

No circularity: framework is a constructed system with empirical evaluation

full rationale

The manuscript describes a neuro-symbolic framework built from three explicit mechanisms (reflexive LLM prompting + abstract interpretation, surjective CPG-to-KG compression, and Graphormer + subgraph matching) and evaluates it on three benchmarks plus a hybrid testbed. No equations, fitted parameters, or self-citations appear in the derivation of the claimed performance; the central results are obtained by direct measurement against external baselines and commercial tools rather than by any reduction to the framework's own inputs. The surjectivity property is stated as a design choice whose information-preservation consequences are left to empirical verification, not asserted by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 3 axioms · 0 invented entities

The abstract relies on domain assumptions about LLM controllability and semantic preservation in graph transformations without introducing free parameters or new entities.

axioms (3)
  • domain assumption Reflexive prompting can structurally constrain a local LLM agent to suppress hallucinations during semantic reconstruction from binaries
    Invoked as mechanism (1)
  • domain assumption A surjective transformation from Code Property Graphs to typed Software Supply Chain Knowledge Graphs preserves sufficient behavioral semantics for tractable global risk reasoning
    Invoked as mechanism (2)
  • domain assumption A domain-adapted Graphormer augmented by embedding-space subgraph matching can capture long-range vulnerability propagation and zero-day/APT patterns
    Invoked as mechanism (3)

pith-pipeline@v0.9.0 · 5569 in / 1522 out tokens · 50858 ms · 2026-05-11T03:04:03.390774+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

44 extracted references · 44 canonical work pages · 2 internal anchors

  1. [1]

    ACM Transactions on Internet Technology (TOIT) , volume=

    Inside pagerank , author=. ACM Transactions on Internet Technology (TOIT) , volume=. 2005 , publisher=

    work page 2005

  2. [2]

    IEEE Transactions on Software Engineering , volume=

    Deep learning based vulnerability detection: Are we there yet? , author=. IEEE Transactions on Software Engineering , volume=. 2021 , publisher=

    work page 2021

  3. [3]

    BMC genomics , volume=

    The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation , author=. BMC genomics , volume=. 2020 , publisher=

    work page 2020

  4. [4]

    National Security Agency, Nov , year=

    Ghidra Software Reverse Engineering Framework , author=. National Security Agency, Nov , year=

    work page

  5. [5]

    IEEE transactions on pattern analysis and machine intelligence , volume=

    A (sub) graph isomorphism algorithm for matching large graphs , author=. IEEE transactions on pattern analysis and machine intelligence , volume=. 2004 , publisher=

    work page 2004

  6. [6]

    Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages , pages=

    Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , author=. Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages , pages=. 1977 , doi=

    work page 1977

  7. [7]

    Advances in neural information processing systems , volume=

    Qlora: Efficient finetuning of quantized llms , author=. Advances in neural information processing systems , volume=. 2023 , doi=

    work page 2023

  8. [8]

    ACM Transactions on Software Engineering and Methodology , year=

    A Scalable Vulnerability Detection System with Multi-View Graph Representations , author=. ACM Transactions on Software Engineering and Methodology , year=

    work page

  9. [9]

    Executive Order 14028: Improving the Nation's Cybersecurity , year =

    work page

  10. [10]

    kdd , volume=

    A density-based algorithm for discovering clusters in large spatial databases with noise , author=. kdd , volume=

    work page

  11. [11]

    Proceedings of the 17th international conference on mining software repositories , pages=

    A C/C++ code vulnerability dataset with code changes and CVE summaries , author=. Proceedings of the 17th international conference on mining software repositories , pages=. 2020 , doi=

    work page 2020

  12. [12]

    2018 USENIX Workshop on Advances in Security Education (ASE 18) , year=

    Lowering the barriers to industrial control system security with \ GRFICS \ , author=. 2018 USENIX Workshop on Advances in Security Education (ASE 18) , year=

    work page 2018

  13. [13]

    Proceedings of the 30th ACM joint european software engineering conference and symposium on the foundations of software engineering , pages=

    Vulrepair: a t5-based automated software vulnerability repair , author=. Proceedings of the 30th ACM joint european software engineering conference and symposium on the foundations of software engineering , pages=. 2022 , doi=

    work page 2022

  14. [14]

    DeepSeek-Coder: When the Large Language Model Meets Programming -- The Rise of Code Intelligence

    DeepSeek-Coder: when the large language model meets programming--the rise of code intelligence , author=. arXiv preprint arXiv:2401.14196 , year=

    work page internal anchor Pith review Pith/arXiv arXiv

  15. [15]

    Information and Software Technology , volume=

    Dynamic program slicing methods , author=. Information and Software Technology , volume=. 1998 , publisher=

    work page 1998

  16. [16]

    2024 , howpublished =

    Census. 2024 , howpublished =

    work page 2024

  17. [17]

    Proceedings of the AAAI conference on artificial intelligence , volume=

    Deeper insights into graph convolutional networks for semi-supervised learning , author=. Proceedings of the AAAI conference on artificial intelligence , volume=. 2018 , doi=

    work page 2018

  18. [18]

    Vuldeepecker: A deep learning-based system for vulnerability detection,

    Vuldeepecker: A deep learning-based system for vulnerability detection , author=. arXiv preprint arXiv:1801.01681 , year=

    work page arXiv

  19. [19]

    IEEE Transactions on Dependable and Secure Computing , volume=

    Sysevr: A framework for using deep learning to detect software vulnerabilities , author=. IEEE Transactions on Dependable and Secure Computing , volume=. 2021 , publisher=

    work page 2021

  20. [20]

    Proceedings of the IEEE , volume=

    Software vulnerability detection using deep neural networks: a survey , author=. Proceedings of the IEEE , volume=. 2020 , publisher=

    work page 2020

  21. [21]

    Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) , year =

    Liu, Yue and Tantithamthavorn, Chakkrit and Li, Li and Liu, Yepang , title =. Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) , year =

    work page

  22. [22]

    Proceedings of the IEEE/ACM 46th International Conference on Software Engineering , pages=

    Pre-training by predicting program dependencies for vulnerability analysis tasks , author=. Proceedings of the IEEE/ACM 46th International Conference on Software Engineering , pages=. 2024 , doi=

    work page 2024

  23. [23]

    Biochemia medica , volume=

    Interrater reliability: the kappa statistic , author=. Biochemia medica , volume=. 2012 , publisher=

    work page 2012

  24. [24]

    2019 , school=

    Dynamic binary firmware analysis: challenges & solutions , author=. 2019 , school=

    work page 2019

  25. [25]

    2023 , howpublished =

    work page 2023

  26. [26]

    2024 , howpublished =

    2024 Open Source Security and Risk Analysis (. 2024 , howpublished =

    work page 2024

  27. [27]

    Frontiers of Information Technology & Electronic Engineering , volume=

    Large language model-enhanced probabilistic modeling for effective static analysis alarms , author=. Frontiers of Information Technology & Electronic Engineering , volume=. 2025 , publisher=

    work page 2025

  28. [28]

    National Institute of Standards and Technology , year=

    Public draft: The NIST cybersecurity framework 2.0 , author=. National Institute of Standards and Technology , year=

    work page

  29. [29]

    Sentence-bert: Sentence embeddings using siamese bert-networks , author=. Proceedings of the 2019 conference on empirical methods in natural language processing and the 9th international joint conference on natural language processing (EMNLP-IJCNLP) , pages=. 2019 , doi=

    work page 2019

  30. [30]

    2016 IEEE symposium on security and privacy (SP) , pages=

    Sok:(state of) the art of war: Offensive techniques in binary analysis , author=. 2016 IEEE symposium on security and privacy (SP) , pages=. 2016 , organization=

    work page 2016

  31. [31]

    Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things , pages=

    Firmfuzz: Automated iot firmware introspection and analysis , author=. Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things , pages=. 2019 , doi=

    work page 2019

  32. [32]

    arXiv preprint arXiv:2601.06948 , year=

    Operational Runtime Behavior Mining for Open-Source Supply Chain Security , author=. arXiv preprint arXiv:2601.06948 , year=

    work page arXiv

  33. [33]

    ACM Computing Surveys , volume=

    Alert fatigue in security operations centres: Research challenges and opportunities , author=. ACM Computing Surveys , volume=. 2025 , publisher=

    work page 2025

  34. [34]

    ACM Computing Surveys (CSUR) , volume=

    Challenges in firmware re-hosting, emulation, and analysis , author=. ACM Computing Surveys (CSUR) , volume=. 2021 , publisher=

    work page 2021

  35. [35]

    2014 IEEE symposium on security and privacy , pages=

    Modeling and discovering vulnerabilities with code property graphs , author=. 2014 IEEE symposium on security and privacy , pages=. 2014 , organization=

    work page 2014

  36. [36]

    Qwen3 Technical Report

    Qwen3 technical report , author=. arXiv preprint arXiv:2505.09388 , year=

    work page internal anchor Pith review Pith/arXiv arXiv

  37. [37]

    Advances in neural information processing systems , volume=

    Do transformers really perform badly for graph representation? , author=. Advances in neural information processing systems , volume=

    work page

  38. [38]

    Cancer , volume=

    Index for rating diagnostic tests , author=. Cancer , volume=. 1950 , publisher=

    work page 1950

  39. [39]

    Software: Practice and Experience , volume=

    Declarative static analysis for multilingual programs using CodeQL , author=. Software: Practice and Experience , volume=. 2023 , publisher=

    work page 2023

  40. [40]

    IEEE Transactions on Dependable and Secure Computing , volume=

    Binary-level formal verification based automatic security ensurement for PLC in Industrial IoT , author=. IEEE Transactions on Dependable and Secure Computing , volume=. 2024 , publisher=

    work page 2024

  41. [41]

    Empirical Software Engineering , volume=

    An empirical comparison of dependency network evolution in seven software packaging ecosystems , author=. Empirical Software Engineering , volume=. 2019 , publisher=

    work page 2019

  42. [42]

    ACM Transactions on Software Engineering and Methodology , volume=

    An empirical study on vulnerability disclosure management of open source software systems , author=. ACM Transactions on Software Engineering and Methodology , volume=. 2025 , publisher=

    work page 2025

  43. [43]

    Proceedings of the 11th ACM on Asia conference on computer and communications security , pages=

    Automated dynamic firmware analysis at scale: a case study on embedded web interfaces , author=. Proceedings of the 11th ACM on Asia conference on computer and communications security , pages=. 2016 , publisher =

    work page 2016

  44. [44]

    Proceedings of the 44th International Conference on Software Engineering , pages=

    Modx: binary level partially imported third-party library detection via program modularization and semantic matching , author=. Proceedings of the 44th International Conference on Software Engineering , pages=. 2022 , doi =

    work page 2022