Open Access

ARTICLE

Vulnerability2Vec: A Graph-Embedding Approach for Enhancing Vulnerability Classification

Myoung-oh Choi¹, Mincheol Shin¹, Hyonjun Kang¹, Ka Lok Man², Mucheol Kim^1,*

1 Department of Computer Science and Engineering, Chung-Ang University, Seoul, 06974, Republic of Korea
2 School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, 215123, China

* Corresponding Author: Mucheol Kim. Email:

Computer Modeling in Engineering & Sciences 2025, 144(3), 3191-3212. https://doi.org/10.32604/cmes.2025.068723

Received 05 June 2025; Accepted 15 August 2025; Issue published 30 September 2025

Abstract

The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability classification. To address this challenge, we propose Vulnerability2Vec, a graph-embedding-based framework designed to enhance the automated classification of security vulnerabilities that threaten energy system resilience. Vulnerability2Vec converts Common Vulnerabilities and Exposures (CVE) text explanations to semantic graphs, where nodes represent CVE IDs and key terms (nouns, verbs, and adjectives), and edges capture co-occurrence relationships. Then, it embeds the semantic graphs to a low-dimensional vector space with random-walk sampling and skip-gram with negative sampling. It is possible to identify the latent relationships and structural patterns that traditional sparse vector methods fail to capture. Experimental results demonstrate a classification accuracy of up to 80%, significantly outperforming baseline methods. This approach offers a theoretical basis for classifying vulnerability types as structured semantic patterns in complex software systems. The proposed method models the semantic structure of vulnerabilities, providing a theoretical foundation for their classification.

---

Keywords

---