Existing binary security patch detection (SPD) methods for closed-source software are hindered by semantic gaps, insufficient structural information, and intra-project bias in evaluation datasets. To address these limitations, this work proposes StriderSPD, a novel framework that integrates a graph-structured branch into a large language model. By employing a graph-branch adapter, StriderSPD aligns assembly and pseudo-code representations at the token level and leverages a two-stage training strategy to enable structure-guided joint representation learning. Furthermore, the authors construct the first cross-project, cross-domain binary SPD benchmark to facilitate realistic evaluation. Experimental results demonstrate that StriderSPD significantly outperforms existing approaches on this new benchmark, confirming its effectiveness and strong generalization capability.

Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security Patch Detection (SPD) comes to protect software assets. Recently, most SPD studies have targeted Open-Source Software (OSS), yet a large portion of real-world software is closed-source, where patches are distributed as binaries without accessible source code. The limited binary SPD approaches often lift binaries to abstraction levels, i.e., assembly code or pseudo-code. However, assembly code is register-based instructions conveying limited semantics, while pseudo-code lacks parser-compatible grammar to extract structure, both hindering accurate vulnerability-fix representation learning. In addition, previous studies often obtain training and testing data from the same project for evaluation, which fails to reflect closed-source conditions. To alleviate the above challenges, we propose \textbf{\textit{StriderSPD}}, a \underline{Str}ucture-gu\underline{ide}d joint \underline{r}epresentation \underline{SPD} framework of binary code that integrates a graph branch into a large language model (LLM), leveraging structural information to guide the LLM in identifying security patches. Our novel design of the adapters in the graph branch effectively aligns the representations between assembly code and pseudo-code at the LLM's token level. We further present a two-stage training strategy to address the optimization imbalance caused by the large parameter disparity between StriderSPD's two branches, which enables proper branch fitting. To enable more realistic evaluation, we construct a binary SPD benchmark that is disjoint from prior datasets in both projects and domains and extensively evaluate StriderSPD on this benchmark.