Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security Patch Detection (SPD) comes to protect software assets. Recently, most SPD studies have targeted Open-Source Software (OSS), yet a large portion of real-world software is closed-source, where patches are distributed as binaries without accessible source code. The limited binary SPD approaches often lift binaries to abstraction levels, i.e., assembly code or pseudo-code. However, assembly code is register-based instructions conveying limited semantics, while pseudo-code lacks parser-compatible grammar to extract structure, both hindering accurate vulnerability-fix representation learning. In addition, previous studies often obtain training and testing data from the same project for evaluation, which fails to reflect closed-source conditions. To alleviate the above challenges, we propose \textbf{\textit{StriderSPD}}, a \underline{Str}ucture-gu\underline{ide}d joint \underline{r}epresentation \underline{SPD} framework of binary code that integrates a graph branch into a large language model (LLM), leveraging structural information to guide the LLM in identifying security patches. Our novel design of the adapters in the graph branch effectively aligns the representations between assembly code and pseudo-code at the LLM's token level. We further present a two-stage training strategy to address the optimization imbalance caused by the large parameter disparity between StriderSPD's two branches, which enables proper branch fitting. To enable more realistic evaluation, we construct a binary SPD benchmark that is disjoint from prior datasets in both projects and domains and extensively evaluate StriderSPD on this benchmark.

翻译：漏洞严重威胁软件系统，及时应用安全补丁对于缓解攻击至关重要。然而，软件供应商常以有限披露的方式静默修补漏洞，此时安全补丁检测（SPD）成为保护软件资产的关键手段。当前多数SPD研究集中于开源软件，但现实环境中大量软件为闭源形式，其补丁以二进制形式分发且无法获取源代码。现有有限的二进制SPD方法通常将二进制代码提升至抽象层次（如汇编代码或伪代码）。然而，汇编代码是基于寄存器的指令集，语义信息有限；而伪代码缺乏与解析器兼容的语法结构，两者均阻碍了准确的漏洞修复表示学习。此外，已有研究常从同一项目中获取训练与测试数据进行评估，这无法反映闭源场景的实际条件。为缓解上述挑战，本文提出\textbf{\textit{StriderSPD}}——一种面向二进制代码的\underline{Str}ucture-gu\underline{ide}d \underline{r}epresentation \underline{SPD}联合表示学习框架，通过将图分支集成至大语言模型（LLM），利用结构信息引导LLM识别安全补丁。我们在图分支中设计了创新的适配器模块，能在LLM的词元级别有效对齐汇编代码与伪代码的表示。进一步提出两阶段训练策略，以解决StriderSPD双分支间巨大参数量差异导致的优化失衡问题，实现分支的协同拟合。为构建更贴近现实的评估环境，我们创建了在项目与领域维度均与现有数据集无交集的二进制SPD基准数据集，并在此基准上对StriderSPD进行了全面评估。