Recent years have witnessed a growing focus on automated software vulnerability detection. Notably, deep learning (DL)-based methods, which employ source code for the implicit acquisition of vulnerability patterns, have demonstrated superior performance compared to other approaches. However, the DL-based approaches are still hard to capture the vulnerability-related information from the whole code snippet, since the vulnerable parts usually account for only a small proportion. As evidenced by our experiments, the approaches tend to excessively emphasize semantic information, potentially leading to limited vulnerability detection performance in practical scenarios. First, they cannot well distinguish between the code snippets before (i.e., vulnerable code) and after (i.e., non-vulnerable code) developers' fixes due to the minimal code changes. Besides, substituting user-defined identifiers with placeholders (e.g., "VAR1" and "FUN1") in obvious performance degradation at up to 14.53% with respect to the F1 score. To mitigate these issues, we propose to leverage the vulnerable and corresponding fixed code snippets, in which the minimal changes can provide hints about semantic-agnostic features for vulnerability detection. In this paper, we propose a software vulneRability dEteCtion framework with zerO-sum game and prototype learNing, named RECON. In RECON, we propose a zero-sum game construction module. Distinguishing the vulnerable code from the corresponding fixed code is regarded as one player (i.e. Calibrator), while the conventional vulnerability detection is another player (i.e. Detector) in the zero-sum game. The goal is to capture the semantic-agnostic features of the first player for enhancing the second player's performance for vulnerability detection. Experiments on the public benchmark dataset show that RECON outperforms the state-of-the-art baseline by 6.29% in F1 score.

翻译：[摘要] 近年来，自动化软件漏洞检测日益受到关注。值得注意的是，基于深度学习的方法通过源代码隐式获取漏洞模式，其性能已显著优于其他方法。然而，由于漏洞代码仅占整个代码片段的极小比例，基于深度学习的方法仍难以从完整代码片段中准确捕获漏洞相关信息。实验表明，此类方法往往过度强调语义信息，可能导致实际场景中漏洞检测性能受限。首先，由于开发者修复前后的代码变更极小，模型难以有效区分修复前（即存在漏洞的代码）与修复后（即无漏洞代码）的代码片段。此外，使用占位符（如“VAR1”和“FUN1”）替换用户自定义标识符后，F1分数会显著下降至多14.53%。针对这些问题，我们提出利用存在漏洞的代码及其对应的修复后代码片段——这些微小的代码变更可为漏洞检测提供与语义无关的线索。本文提出的RECON框架融合了零和博弈与原型学习机制，通过零和博弈构造模块，将区分漏洞代码与修复后代码视为博弈一方的校准器，而传统漏洞检测作为博弈另一方的检测器，旨在捕获校准器中的语义无关特征以提升检测器的漏洞检测性能。在公开基准数据集上的实验表明，RECON在F1分数上较现有最优基线模型提升6.29%。