LOSVER: Line-Level Modifiability Signal-Guided Vulnerability Detection and Classification

The prevalence of software vulnerabilities necessitates accurate and scalable detection techniques. While Pre-trained Language Models (PLMs) have shown strong potential in vulnerability analysis, most existing methods provide no explicit guidance on which parts of the input code are more likely to be vulnerable. As a result, the model must infer token-level relevance without any indication of which parts are important, making it harder to learn the characteristics of vulnerable code during training. We address this by proposing LOSVER (Line-level mOdifiability Signal-guided VulnERability analyzer), a novel two-stage framework that enhances PLM-based vulnerability analysis using line-level modifiability signals. LOSVER first localizes modifiable lines, which are code segments likely to be changed in the future and often associated with vulnerabilities, and then assigns them greater importance, allowing the PLM to focus on potentially vulnerable regions during both training and inference. We evaluated LOSVER across three benchmark datasets (Devign, Big-Vul, and PrimeVul) for vulnerability detection, classification, and patch-pair analysis. Experimental results demonstrate that LOSVER consistently improves performance, increasing detection accuracy by 4 percentage points and the weighted F1-score for classification by over 2 points when applied on top of UniXcoder. These results demonstrate that integrating line-level modifiability signals significantly enhances the effectiveness of PLM-based software vulnerability analysis across both detection and classification tasks.