NatGVD: Natural Adversarial Example Attack towards Graph-based Vulnerability Detection Article Swipe
Avilash Rath
,
Wen Qi
,
Youpeng Li
,
Xinda Wang
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2510.04987
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2510.04987
Graph-based models learn rich code graph structural information and present superior performance on various code analysis tasks. However, the robustness of these models against adversarial example attacks in the context of vulnerability detection remains an open question. This paper proposes NatGVD, a novel attack methodology that generates natural adversarial vulnerable code to circumvent GNN-based and graph-aware transformer-based vulnerability detectors. NatGVD employs a set of code transformations that modify graph structure while preserving code semantics. Instead of injecting dead or unrelated code like previous works, NatGVD considers naturalness requirements: generated examples should not be easily recognized by humans or program analysis tools. With extensive evaluation of NatGVD on state-of-the-art vulnerability detection systems, the results reveal up to 53.04% evasion rate across GNN-based detectors and graph-aware transformer-based detectors. We also explore potential defense strategies to enhance the robustness of these systems against NatGVD.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2510.04987
- https://arxiv.org/pdf/2510.04987
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4414972809
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4414972809Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2510.04987Digital Object Identifier
- Title
-
NatGVD: Natural Adversarial Example Attack towards Graph-based Vulnerability DetectionWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-10-06Full publication date if available
- Authors
-
Avilash Rath, Wen Qi, Youpeng Li, Xinda WangList of authors in order
- Landing page
-
https://arxiv.org/abs/2510.04987Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2510.04987Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2510.04987Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4414972809 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2510.04987 |
| ids.doi | https://doi.org/10.48550/arxiv.2510.04987 |
| ids.openalex | https://openalex.org/W4414972809 |
| fwci | |
| type | preprint |
| title | NatGVD: Natural Adversarial Example Attack towards Graph-based Vulnerability Detection |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11241 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9800999760627747 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1711 |
| topics[0].subfield.display_name | Signal Processing |
| topics[0].display_name | Advanced Malware Detection Techniques |
| topics[1].id | https://openalex.org/T10734 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9790999889373779 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1710 |
| topics[1].subfield.display_name | Information Systems |
| topics[1].display_name | Information and Cyber Security |
| topics[2].id | https://openalex.org/T10743 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9750999808311462 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1712 |
| topics[2].subfield.display_name | Software |
| topics[2].display_name | Software Testing and Debugging Techniques |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2510.04987 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | cc-by |
| locations[0].pdf_url | https://arxiv.org/pdf/2510.04987 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | https://openalex.org/licenses/cc-by |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2510.04987 |
| locations[1].id | doi:10.48550/arxiv.2510.04987 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2510.04987 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5010162374 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Avilash Rath |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Rath, Avilash |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5035835836 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-2091-3718 |
| authorships[1].author.display_name | Wen Qi |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Qi, Weiliang |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5042127707 |
| authorships[2].author.orcid | |
| authorships[2].author.display_name | Youpeng Li |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Li, Youpeng |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5081178619 |
| authorships[3].author.orcid | https://orcid.org/0009-0004-5559-1714 |
| authorships[3].author.display_name | Xinda Wang |
| authorships[3].author_position | last |
| authorships[3].raw_author_name | Wang, Xinda |
| authorships[3].is_corresponding | False |
| has_content.pdf | True |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2510.04987 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-09T00:00:00 |
| display_name | NatGVD: Natural Adversarial Example Attack towards Graph-based Vulnerability Detection |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11241 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9800999760627747 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1711 |
| primary_topic.subfield.display_name | Signal Processing |
| primary_topic.display_name | Advanced Malware Detection Techniques |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2510.04987 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | cc-by |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2510.04987 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | https://openalex.org/licenses/cc-by |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2510.04987 |
| primary_location.id | pmh:oai:arXiv.org:2510.04987 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | cc-by |
| primary_location.pdf_url | https://arxiv.org/pdf/2510.04987 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | https://openalex.org/licenses/cc-by |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2510.04987 |
| publication_date | 2025-10-06 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 41, 61 |
| abstract_inverted_index.We | 126 |
| abstract_inverted_index.an | 34 |
| abstract_inverted_index.be | 92 |
| abstract_inverted_index.by | 95 |
| abstract_inverted_index.in | 27 |
| abstract_inverted_index.of | 20, 30, 63, 75, 104, 136 |
| abstract_inverted_index.on | 12, 106 |
| abstract_inverted_index.or | 78, 97 |
| abstract_inverted_index.to | 51, 115, 132 |
| abstract_inverted_index.up | 114 |
| abstract_inverted_index.and | 8, 54, 122 |
| abstract_inverted_index.not | 91 |
| abstract_inverted_index.set | 62 |
| abstract_inverted_index.the | 18, 28, 111, 134 |
| abstract_inverted_index.This | 37 |
| abstract_inverted_index.With | 101 |
| abstract_inverted_index.also | 127 |
| abstract_inverted_index.code | 4, 14, 50, 64, 72, 80 |
| abstract_inverted_index.dead | 77 |
| abstract_inverted_index.like | 81 |
| abstract_inverted_index.open | 35 |
| abstract_inverted_index.rate | 118 |
| abstract_inverted_index.rich | 3 |
| abstract_inverted_index.that | 45, 66 |
| abstract_inverted_index.graph | 5, 68 |
| abstract_inverted_index.learn | 2 |
| abstract_inverted_index.novel | 42 |
| abstract_inverted_index.paper | 38 |
| abstract_inverted_index.these | 21, 137 |
| abstract_inverted_index.while | 70 |
| abstract_inverted_index.53.04% | 116 |
| abstract_inverted_index.NatGVD | 59, 84, 105 |
| abstract_inverted_index.across | 119 |
| abstract_inverted_index.attack | 43 |
| abstract_inverted_index.easily | 93 |
| abstract_inverted_index.humans | 96 |
| abstract_inverted_index.models | 1, 22 |
| abstract_inverted_index.modify | 67 |
| abstract_inverted_index.reveal | 113 |
| abstract_inverted_index.should | 90 |
| abstract_inverted_index.tasks. | 16 |
| abstract_inverted_index.tools. | 100 |
| abstract_inverted_index.works, | 83 |
| abstract_inverted_index.Instead | 74 |
| abstract_inverted_index.NatGVD, | 40 |
| abstract_inverted_index.NatGVD. | 140 |
| abstract_inverted_index.against | 23, 139 |
| abstract_inverted_index.attacks | 26 |
| abstract_inverted_index.context | 29 |
| abstract_inverted_index.defense | 130 |
| abstract_inverted_index.employs | 60 |
| abstract_inverted_index.enhance | 133 |
| abstract_inverted_index.evasion | 117 |
| abstract_inverted_index.example | 25 |
| abstract_inverted_index.explore | 128 |
| abstract_inverted_index.natural | 47 |
| abstract_inverted_index.present | 9 |
| abstract_inverted_index.program | 98 |
| abstract_inverted_index.remains | 33 |
| abstract_inverted_index.results | 112 |
| abstract_inverted_index.systems | 138 |
| abstract_inverted_index.various | 13 |
| abstract_inverted_index.However, | 17 |
| abstract_inverted_index.analysis | 15, 99 |
| abstract_inverted_index.examples | 89 |
| abstract_inverted_index.previous | 82 |
| abstract_inverted_index.proposes | 39 |
| abstract_inverted_index.superior | 10 |
| abstract_inverted_index.systems, | 110 |
| abstract_inverted_index.GNN-based | 53, 120 |
| abstract_inverted_index.considers | 85 |
| abstract_inverted_index.detection | 32, 109 |
| abstract_inverted_index.detectors | 121 |
| abstract_inverted_index.extensive | 102 |
| abstract_inverted_index.generated | 88 |
| abstract_inverted_index.generates | 46 |
| abstract_inverted_index.injecting | 76 |
| abstract_inverted_index.potential | 129 |
| abstract_inverted_index.question. | 36 |
| abstract_inverted_index.structure | 69 |
| abstract_inverted_index.unrelated | 79 |
| abstract_inverted_index.circumvent | 52 |
| abstract_inverted_index.detectors. | 58, 125 |
| abstract_inverted_index.evaluation | 103 |
| abstract_inverted_index.preserving | 71 |
| abstract_inverted_index.recognized | 94 |
| abstract_inverted_index.robustness | 19, 135 |
| abstract_inverted_index.semantics. | 73 |
| abstract_inverted_index.strategies | 131 |
| abstract_inverted_index.structural | 6 |
| abstract_inverted_index.vulnerable | 49 |
| abstract_inverted_index.Graph-based | 0 |
| abstract_inverted_index.adversarial | 24, 48 |
| abstract_inverted_index.graph-aware | 55, 123 |
| abstract_inverted_index.information | 7 |
| abstract_inverted_index.methodology | 44 |
| abstract_inverted_index.naturalness | 86 |
| abstract_inverted_index.performance | 11 |
| abstract_inverted_index.requirements: | 87 |
| abstract_inverted_index.vulnerability | 31, 57, 108 |
| abstract_inverted_index.transformations | 65 |
| abstract_inverted_index.state-of-the-art | 107 |
| abstract_inverted_index.transformer-based | 56, 124 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 4 |
| citation_normalized_percentile |