Software security testing, particularly when enhanced with deep learning models, has become a powerful approach for improving software quality, enabling faster detection of known flaws in source code. However, many approaches miss post-fix latent vulnerabilities that remain even after patches typically due to incomplete fixes or overlooked issues may later lead to zero-day exploits. In this paper, we propose $HYDRA$, a $Hy$brid heuristic-guided $D$eep $R$epresentation $A$rchitecture for predicting latent zero-day vulnerabilities in patched functions that combines rule-based heuristics with deep representation learning to detect latent risky code patterns that may persist after patches. It integrates static vulnerability rules, GraphCodeBERT embeddings, and a Variational Autoencoder (VAE) to uncover anomalies often missed by symbolic or neural models alone. We evaluate HYDRA in an unsupervised setting on patched functions from three diverse real-world software projects: Chrome, Android, and ImageMagick. Our results show HYDRA predicts 13.7%, 20.6%, and 24% of functions from Chrome, Android, and ImageMagick respectively as containing latent risks, including both heuristic matches and cases without heuristic matches ($None$) that may lead to zero-day vulnerabilities. It outperforms baseline models that rely solely on regex-derived features or their combination with embeddings, uncovering truly risky code variants that largely align with known heuristic patterns. These results demonstrate HYDRA's capability to surface hidden, previously undetected risks, advancing software security validation and supporting proactive zero-day vulnerabilities discovery.

翻译：软件安全测试，尤其是在深度学习模型增强下，已成为提升软件质量的有效途径，能够更快地检测源代码中的已知缺陷。然而，许多方法忽略了补丁后仍存在的潜在漏洞——这些漏洞通常由不完整的修复或忽视的问题导致，可能最终引发零日漏洞利用。本文提出HYDRA（混合启发式引导的深度表示架构），用于预测补丁函数中的潜在零日漏洞。该架构将基于规则的启发式方法与深度表示学习相结合，以检测补丁后可能遗留的高风险代码模式。它整合了静态漏洞规则、GraphCodeBERT嵌入以及变分自编码器（VAE），能够发现单独使用符号模型或神经模型时容易遗漏的异常。我们在来自三个不同真实软件项目（Chrome、Android和ImageMagick）的补丁函数上，于无监督设置下评估了HYDRA。结果表明，HYDRA分别预测Chrome、Android和ImageMagick中13.7%、20.6%和24%的函数包含潜在风险，其中既包括启发式匹配案例，也包括无启发式匹配（None）的案例，后者可能导向零日漏洞。其性能优于仅依赖正则表达式派生特征或将其与嵌入结合的基线模型，能够发现与已知启发式模式高度一致的真实高风险代码变体。这些结果证明了HYDRA揭示隐藏的、先前未检测到风险的能力，从而推动软件安全验证，并支持主动发现零日漏洞。