Graph-Based Profiling of Dependency Vulnerability Remediation

Fernando Vera Buschmann; Palina Pauliuchenka; Ethan Oh; Bai Chien Kao; Louis DiValentin; David A. Bader

doi:10.1007/978-981-96-2417-1_8

Graph-Based Profiling of Dependency Vulnerability Remediation

Fernando Vera Buschmann, Palina Pauliuchenka, Ethan Oh, Bai Chien Kao, Louis DiValentin, David A. Bader

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This research presents an enhanced Graph Attention Convolutional Neural Network (GAT) tailored for the analysis of open-source package vulnerability remediation. By meticulously examining control flow graphs and implementing node centrality metrics-specifically, degree, norm, and closeness centrality-our methodology identifies and evaluates changes resulting from vulnerability fixes in nodes, thereby predicting the ramifications of dependency upgrades on application workflows. Empirical testing on diverse datasets reveals that our model challenges established paradigms in software security, showcasing its efficacy in delivering comprehensive insights into code vulnerabilities and contributing to advancements in cybersecurity practices. This study delineates a strategic framework for the development of sustainable monitoring systems and the effective remediation of vulnerabilities in open-source software.

Original language	English (US)
Title of host publication	Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings
Editors	Jun Zhao, Weizhi Meng
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	138-157
Number of pages	20
ISBN (Print)	9789819624164
DOIs	https://doi.org/10.1007/978-981-96-2417-1_8
State	Published - 2025
Externally published	Yes
Event	6th International Conference on Science of Cyber Security, SciSec 2024 - Copenhagen, Denmark Duration: Aug 14 2024 → Aug 16 2024

Publication series

Name	Lecture Notes in Computer Science
Volume	15441 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	6th International Conference on Science of Cyber Security, SciSec 2024
Country/Territory	Denmark
City	Copenhagen
Period	8/14/24 → 8/16/24

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Keywords

Code Vulnerability Mitigation
Cybersecurity
Deep Learning Applications
Graph Attention Convolutional Neural Network (GAT)
Knowledge Graph
Network Analysis
Node Centrality Metrics
open source
package upgrade
Package Vulnerability Analysis

Access to Document

10.1007/978-981-96-2417-1_8

Cite this

Buschmann, F. V., Pauliuchenka, P., Oh, E., Kao, B. C., DiValentin, L., & Bader, D. A. (2025). Graph-Based Profiling of Dependency Vulnerability Remediation. In J. Zhao, & W. Meng (Eds.), Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings (pp. 138-157). (Lecture Notes in Computer Science; Vol. 15441 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-96-2417-1_8

@inproceedings{07fbc993b1ca416490b82f67e07007d5,

title = "Graph-Based Profiling of Dependency Vulnerability Remediation",

abstract = "This research presents an enhanced Graph Attention Convolutional Neural Network (GAT) tailored for the analysis of open-source package vulnerability remediation. By meticulously examining control flow graphs and implementing node centrality metrics-specifically, degree, norm, and closeness centrality-our methodology identifies and evaluates changes resulting from vulnerability fixes in nodes, thereby predicting the ramifications of dependency upgrades on application workflows. Empirical testing on diverse datasets reveals that our model challenges established paradigms in software security, showcasing its efficacy in delivering comprehensive insights into code vulnerabilities and contributing to advancements in cybersecurity practices. This study delineates a strategic framework for the development of sustainable monitoring systems and the effective remediation of vulnerabilities in open-source software.",

keywords = "Code Vulnerability Mitigation, Cybersecurity, Deep Learning Applications, Graph Attention Convolutional Neural Network (GAT), Knowledge Graph, Network Analysis, Node Centrality Metrics, open source, package upgrade, Package Vulnerability Analysis",

author = "Buschmann, \{Fernando Vera\} and Palina Pauliuchenka and Ethan Oh and Kao, \{Bai Chien\} and Louis DiValentin and Bader, \{David A.\}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.; 6th International Conference on Science of Cyber Security, SciSec 2024 ; Conference date: 14-08-2024 Through 16-08-2024",

year = "2025",

doi = "10.1007/978-981-96-2417-1\_8",

language = "English (US)",

isbn = "9789819624164",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "138--157",

editor = "Jun Zhao and Weizhi Meng",

booktitle = "Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings",

address = "Germany",

}

Buschmann, FV, Pauliuchenka, P, Oh, E, Kao, BC, DiValentin, L & Bader, DA 2025, Graph-Based Profiling of Dependency Vulnerability Remediation. in J Zhao & W Meng (eds), Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings. Lecture Notes in Computer Science, vol. 15441 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 138-157, 6th International Conference on Science of Cyber Security, SciSec 2024, Copenhagen, Denmark, 8/14/24. https://doi.org/10.1007/978-981-96-2417-1_8

Graph-Based Profiling of Dependency Vulnerability Remediation. / Buschmann, Fernando Vera; Pauliuchenka, Palina; Oh, Ethan et al.
Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings. ed. / Jun Zhao; Weizhi Meng. Springer Science and Business Media Deutschland GmbH, 2025. p. 138-157 (Lecture Notes in Computer Science; Vol. 15441 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Graph-Based Profiling of Dependency Vulnerability Remediation

AU - Buschmann, Fernando Vera

AU - Pauliuchenka, Palina

AU - Oh, Ethan

AU - Kao, Bai Chien

AU - DiValentin, Louis

AU - Bader, David A.

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

PY - 2025

Y1 - 2025

N2 - This research presents an enhanced Graph Attention Convolutional Neural Network (GAT) tailored for the analysis of open-source package vulnerability remediation. By meticulously examining control flow graphs and implementing node centrality metrics-specifically, degree, norm, and closeness centrality-our methodology identifies and evaluates changes resulting from vulnerability fixes in nodes, thereby predicting the ramifications of dependency upgrades on application workflows. Empirical testing on diverse datasets reveals that our model challenges established paradigms in software security, showcasing its efficacy in delivering comprehensive insights into code vulnerabilities and contributing to advancements in cybersecurity practices. This study delineates a strategic framework for the development of sustainable monitoring systems and the effective remediation of vulnerabilities in open-source software.

AB - This research presents an enhanced Graph Attention Convolutional Neural Network (GAT) tailored for the analysis of open-source package vulnerability remediation. By meticulously examining control flow graphs and implementing node centrality metrics-specifically, degree, norm, and closeness centrality-our methodology identifies and evaluates changes resulting from vulnerability fixes in nodes, thereby predicting the ramifications of dependency upgrades on application workflows. Empirical testing on diverse datasets reveals that our model challenges established paradigms in software security, showcasing its efficacy in delivering comprehensive insights into code vulnerabilities and contributing to advancements in cybersecurity practices. This study delineates a strategic framework for the development of sustainable monitoring systems and the effective remediation of vulnerabilities in open-source software.

KW - Code Vulnerability Mitigation

KW - Cybersecurity

KW - Deep Learning Applications

KW - Graph Attention Convolutional Neural Network (GAT)

KW - Knowledge Graph

KW - Network Analysis

KW - Node Centrality Metrics

KW - open source

KW - package upgrade

KW - Package Vulnerability Analysis

UR - https://www.scopus.com/pages/publications/105000772358

UR - https://www.scopus.com/inward/citedby.url?scp=105000772358&partnerID=8YFLogxK

U2 - 10.1007/978-981-96-2417-1_8

DO - 10.1007/978-981-96-2417-1_8

M3 - Conference contribution

AN - SCOPUS:105000772358

SN - 9789819624164

T3 - Lecture Notes in Computer Science

SP - 138

EP - 157

BT - Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings

A2 - Zhao, Jun

A2 - Meng, Weizhi

PB - Springer Science and Business Media Deutschland GmbH

T2 - 6th International Conference on Science of Cyber Security, SciSec 2024

Y2 - 14 August 2024 through 16 August 2024

ER -

Buschmann FV, Pauliuchenka P, Oh E, Kao BC, DiValentin L, Bader DA. Graph-Based Profiling of Dependency Vulnerability Remediation. In Zhao J, Meng W, editors, Science of Cyber Security - 6th International Conference, SciSec 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 138-157. (Lecture Notes in Computer Science). doi: 10.1007/978-981-96-2417-1_8