Myoung-oh Choi¹, Mincheol Shin¹, Hyonjun Kang¹, Ka Lok Man², Mucheol Kim^1,*

CMES-Computer Modeling in Engineering & Sciences, Vol.144, No.3, pp. 3191-3212, 2025, DOI:10.32604/cmes.2025.068723 - 30 September 2025

Abstract The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability classification. To address this challenge, we propose Vulnerability2Vec, a graph-embedding-based framework designed to enhance the automated classification of security vulnerabilities that threaten energy system resilience. Vulnerability2Vec converts Common Vulnerabilities and Exposures (CVE) text explanations to semantic graphs, where nodes represent CVE IDs and key terms (nouns, verbs, and adjectives), and edges capture co-occurrence relationships. Then, it embeds the semantic graphs to a low-dimensional vector space with random-walk sampling and skip-gram More >

Kyungmin Sim, Jeong Hyun Yi, Haehyun Cho^*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3257-3274, 2023, DOI:10.32604/cmc.2023.036695 - 31 March 2023

Abstract Despite the advances in automated vulnerability detection approaches, security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems. Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage. Therefore, it is an essential task to discover unrestricted and misimplemented behaviors of a system. However, it is a daunting task for security experts to discover such vulnerabilities in advance because it is time-consuming and error-prone to analyze the whole code in detail. Also,… More >

Roddy A. Correa¹, Juan Ramón Bermejo Higuera², Javier Bermejo Higuera², Juan Antonio Sicilia Montalvo², Manuel Sánchez Rubio², Á. Alberto Magreñán^3,*

CMES-Computer Modeling in Engineering & Sciences, Vol.126, No.1, pp. 89-124, 2021, DOI:10.32604/cmes.2021.010700 - 22 December 2020

Abstract This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications. The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box, to carry out the security validation of a web application in an agile and precise way. The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks. Each one of the phases contemplated in the methodology is supported by security analysis tools of different… More >

Juan R. Bermejo Higuera^{1, *}, Javier Bermejo Higuera¹, Juan A. Sicilia Montalvo¹, Javier Cubo Villalba¹, Juan José Nombela Pérez¹

CMC-Computers, Materials & Continua, Vol.64, No.3, pp. 1555-1577, 2020, DOI:10.32604/cmc.2020.010885 - 30 June 2020

Abstract To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows… More >