*Result*: 基于多维度特征融合与边语义增强的 代码漏洞检测方法.

*Graph-based code vulnerability detection still faces challenges such as graph structural redundancy, disjointed local and global feature representations, and missing edge semantic information. To address these issues, this paper proposed a static detection method based on multidimensional feature fusion and edge semantic augmentation. Firstly, it designed a hierarchical graph fusion strategy, combining abstract syntax trees and program dependence graphs to construct a lightweight program se-mantic graph, effectively reducing the number of graph nodes. Secondly, the typical static structural feature of scope paths in code was explicitly identified. Local syntax and semantic features, along with global contextual constraints of statement nodes, were extracted from three dimensions; code token sequences, abstract syntax trees, and scope paths. Finally, it constructed an edge-semantic-augmented graph attention network to enable collaborative updating of node and edge attributes. Experimental results show accuracies of 93.1% and 91.9%, and F1-scores of 92.8% and 91.6% on C/C++ and Java datasets, respectively. The method outperforms four mainstream approaches, including MGVD and VulMPFF, and demonstrates better adaptability and generalization across multiple common vulnerability types. [ABSTRACT FROM AUTHOR]*

*针对图驱动的代码漏洞检测方法中存在的图结构臃肿、局部与全局特征割裂及边语义信息缺失的问题, 提出一种基于多维度特征融合与边语义增强的静态检测方法。首先, 设计分层图融合策略, 通过融合抽象语法树与程序依赖图, 构建轻量化程序语义图, 有效减少图节点数量。其次, 明确提出代码具有作用域路径这一典型静态结构特征, 并从代码文本序列、抽象语法树和作用域路径三个维度提取语句节点的局部语法、语义及全局上下文约束特征。最后, 构建边语义增强的 GAT 网络, 实现节点与边属性的协同更新。实验结果显示, 在 C / C ++和 Java 数据集上的准确率分别达到 93.1% 和 91.9%, F1 值为 92.8% 和 91.6%, 明显优于 MGVD、 VulMPFF 等四种主流方法, 并在多种常见漏洞类型中展现出更优的适应性和泛化能力。 [ABSTRACT FROM AUTHOR]*