Maven Central CVE Classification Utilizing Machine Learning Techniques

Authors

Caleb Walz, Belmont UniversityFollow

Publication Date

2025

College

<-- Please Select One -->

Department

Math and Computer Science, Department of

Student Level

Undergraduate

SPARK Session

3:15-4:15 PM Talk/Performance Session 5 - MTH/CSC Senior Presentations - Ayers 2141

Presentation Type

Article

Summary

The continued advancement of technologies to build increasingly complex software systems has led to increasingly complex dependencies. This study examines the features of releases in the Maven Central Dependency network, exploring how these can be used as a classification tool for Common Vulnerability and Exposure (CVE) details. This paper analyzes 6,031 releases using Random Forest, Decision Tree, K Nearest Neighbors, Logistic Regression, Support Vector Machine, and a Feed-Forward Neural Network. The findings of the study indicate the strongest classification performance with random forest and decision tree modeling, closely followed by neural networks and K nearest neighbors, to classify the severity of a CVE as low, moderate, high, or critical. The accuracy remains modest regardless of the technique, with 4-category classification accuracy scores ranging between 0.415 and 0.505. In addition to accuracy scores, the models give strong insights into the nuance of the dataset; overall, the study contributes to understanding network vulnerabilities and functional strategies for security against severe CVEs.

Recommended Citation

Walz, Caleb, "Maven Central CVE Classification Utilizing Machine Learning Techniques" (2025). SPARK Symposium Presentations. 211.
https://repository.belmont.edu/spark_presentations/211