KG-HiAttention: synergizing AI-based knowledge graphs and deep learning for explainable software vulnerability analysis

Abstract

[Abstract] Software vulnerability analysis is critical for maintaining secure and reliable systems, yet traditional Deep Learning (DL) models often act as “black boxes,” lacking transparency and failing to leverage the explicit structural semantics of code. In this paper, we propose KG-HiAttention, a novel neuro-symbolic framework that synergizes sub-symbolic deep learning with symbolic AI-based Knowledge Graphs (KGs). We construct a CPG-inspired lightweight program graph for each software function, approximating control-flow (CFG) and data-flow (DFG) dependencies through line-level edges. This symbolic structure is processed by a Graph Attention Network (GAT) and fused with semantic embeddings from a pre-trained CodeT5 encoder through multimodal fusion (concatenation and MLP classifier). Experiments on the real-world BigVul dataset show that KG-HiAttention achieves competitive performance (AUC-ROC 0.763 ± 0.009, five seeds), statistically equivalent to a strong Hybrid Ensemble baseline, while improving specificity from 0.321 (baseline) to 0.458 and providing graph-based explainability that the baseline cannot offer.