KG-HiAttention: synergizing AI-based knowledge graphs and deep learning for explainable software vulnerability analysis

Simple item page
UDC.coleccionInvestigación
UDC.departamentoEnxeñaría Industrial
UDC.grupoInvCiencia e Técnica Cibernética (CTC)
UDC.institutoCentroCITIC - Centro de Investigación de Tecnoloxías da Información e da Comunicación
UDC.issue1794125
UDC.journalTitleFrontiers in Artificial Intelligence
UDC.volume9
dc.contributor.authorPinto-Santos, Francisco
dc.contributor.authorZato, Carolina
dc.contributor.authorQuintián, Héctor
dc.contributor.authorLi, Tian Cheng
dc.contributor.authorChamoso, Pablo
dc.date.accessioned2026-05-29T06:22:19Z
dc.date.available2026-05-29T06:22:19Z
dc.date.issued2026-05-21
dc.description.abstract[Abstract] Software vulnerability analysis is critical for maintaining secure and reliable systems, yet traditional Deep Learning (DL) models often act as “black boxes,” lacking transparency and failing to leverage the explicit structural semantics of code. In this paper, we propose KG-HiAttention, a novel neuro-symbolic framework that synergizes sub-symbolic deep learning with symbolic AI-based Knowledge Graphs (KGs). We construct a CPG-inspired lightweight program graph for each software function, approximating control-flow (CFG) and data-flow (DFG) dependencies through line-level edges. This symbolic structure is processed by a Graph Attention Network (GAT) and fused with semantic embeddings from a pre-trained CodeT5 encoder through multimodal fusion (concatenation and MLP classifier). Experiments on the real-world BigVul dataset show that KG-HiAttention achieves competitive performance (AUC-ROC 0.763 ± 0.009, five seeds), statistically equivalent to a strong Hybrid Ensemble baseline, while improving specificity from 0.321 (baseline) to 0.458 and providing graph-based explainability that the baseline cannot offer.
dc.description.sponsorshipThe author(s) declared that financial support was received for this work and/or its publication. This research was part of the International Chair on Trustworthy Artificial Intelligence and Demographic Challenge within Spain's National Strategy for Artificial Intelligence (ENIA), in the framework of the European Recovery, Transformation and Resilience Plan. Reference: TSI-100933-2023-0001. This project was funded by the Spanish Secretary of State for Digitalization and Artificial Intelligence and by the European Union (Next Generation).
dc.identifier.citationPinto-Santos F, Zato C, Quintián H, Li TC and Chamoso P (2026) KG-HiAttention: synergizing AI-based knowledge graphs and deep learning for explainable software vulnerability analysis. Front. Artif. Intell. 9:1794125. doi: 10.3389/frai.2026.1794125
dc.identifier.doi10.3389/frai.2026.1794125
dc.identifier.issn2624-8212
dc.identifier.urihttps://hdl.handle.net/2183/48413
dc.language.isoeng
dc.publisherFrontiers
dc.relation.projectIDinfo:eu-repo/grantAgreement/MTDFP//TSI-100933-2023-0001/ES/CÁTEDRA INTERNACIONAL EN INTELIGENCIA ARTIFICIAL FIABLE Y RETO DEMOGRÁFICO
dc.relation.urihttps://doi.org/10.3389/frai.2026.1794125
dc.rightsAttribution 4.0 Internationalen
dc.rights.accessRightsopen access
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/
dc.subjectAI-based knowledge graphs
dc.subjectCode property graph
dc.subjectCodeT5
dc.subjectExplainable AI (XAI)
dc.subjectGraph attention networks
dc.subjectNeuro-symbolic AI
dc.subjectSoftware vulnerability analysis
dc.titleKG-HiAttention: synergizing AI-based knowledge graphs and deep learning for explainable software vulnerability analysis
dc.typejournal article
dc.type.hasVersionVoR
dspace.entity.typePublication
relation.isAuthorOfPublication6d1ae813-ec03-436f-a119-dce9055142de
relation.isAuthorOfPublication.latestForDiscovery6d1ae813-ec03-436f-a119-dce9055142de

Files

Original bundle

Now showing 1 - 1 of 1
Thumbnail Image
Name:
Pinto-Santos_Francisco_2026_KG-HiAttention.pdf
Size:
682.98 KB
Format:
Adobe Portable Document Format
Download

Collections

Investigación (EPEF)