The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability cla...The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability classification.To address this challenge,we propose Vulnerability2Vec,a graph-embedding-based framework designed to enhance the automated classification of security vulnerabilities that threaten energy system resilience.Vulnerability2Vec converts Common Vulnerabilities and Exposures(CVE)text explanations to semantic graphs,where nodes represent CVE IDs and key terms(nouns,verbs,and adjectives),and edges capture co-occurrence relationships.Then,it embeds the semantic graphs to a low-dimensional vector space with random-walk sampling and skip-gram with negative sampling.It is possible to identify the latent relationships and structural patterns that traditional sparse vector methods fail to capture.Experimental results demonstrate a classification accuracy of up to 80%,significantly outperforming baseline methods.This approach offers a theoretical basis for classifying vulnerability types as structured semantic patterns in complex software systems.The proposed method models the semantic structure of vulnerabilities,providing a theoretical foundation for their classification.展开更多
基金supported by the MSIT(Ministry of Science and ICT),Republic of Korea,under the Convergence Security Core Talent Training Business Support Program(IITP-2025-RS-2023-00266605,50%)in part by the Institute of Information&Communications Technology Planning&Evaluation(lITP)grant funded by the Korea government(MSIT)(RS-2025-02305436,Development of Digital Innovative Element Technologies for Rapid Prediction of Potential Complex Disasters and Continuous Disaster Prevention,30%)supported by the Chung-Ang University Graduate Research Scholar-ship in 2023(20%).
文摘The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability classification.To address this challenge,we propose Vulnerability2Vec,a graph-embedding-based framework designed to enhance the automated classification of security vulnerabilities that threaten energy system resilience.Vulnerability2Vec converts Common Vulnerabilities and Exposures(CVE)text explanations to semantic graphs,where nodes represent CVE IDs and key terms(nouns,verbs,and adjectives),and edges capture co-occurrence relationships.Then,it embeds the semantic graphs to a low-dimensional vector space with random-walk sampling and skip-gram with negative sampling.It is possible to identify the latent relationships and structural patterns that traditional sparse vector methods fail to capture.Experimental results demonstrate a classification accuracy of up to 80%,significantly outperforming baseline methods.This approach offers a theoretical basis for classifying vulnerability types as structured semantic patterns in complex software systems.The proposed method models the semantic structure of vulnerabilities,providing a theoretical foundation for their classification.
