TY  - EJOU
AU  - Choi, Myoung-oh 
AU  - Shin, Mincheol 
AU  - Kang, Hyonjun 
AU  - Man, Ka Lok 
AU  - Kim, Mucheol 

TI  - Vulnerability2Vec: A Graph-Embedding Approach for Enhancing Vulnerability Classification
T2  - Computer Modeling in Engineering \& Sciences

PY  - 2025
VL  - 144
IS  - 3
SN  - 1526-1506

AB  - The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability classification. To address this challenge, we propose Vulnerability2Vec, a graph-embedding-based framework designed to enhance the automated classification of security vulnerabilities that threaten energy system resilience. Vulnerability2Vec converts Common Vulnerabilities and Exposures (CVE) text explanations to semantic graphs, where nodes represent CVE IDs and key terms (nouns, verbs, and adjectives), and edges capture co-occurrence relationships. Then, it embeds the semantic graphs to a low-dimensional vector space with random-walk sampling and skip-gram with negative sampling. It is possible to identify the latent relationships and structural patterns that traditional sparse vector methods fail to capture. Experimental results demonstrate a classification accuracy of up to 80%, significantly outperforming baseline methods. This approach offers a theoretical basis for classifying vulnerability types as structured semantic patterns in complex software systems. The proposed method models the semantic structure of vulnerabilities, providing a theoretical foundation for their classification.
KW  - Security vulnerability; graph representation; graph-embedding; deep learning; node classification

DO  - 10.32604/cmes.2025.068723