Abstract

In the context of rising cybersecurity threats within software supply chains, the precise classification of software package functionalities is essential for mitigating risks posed by the exploitation of third-party libraries in web-based systems. This paper introduces a novel approach employing a Heterogeneous Information Network (HIN) and the Metapath2Vec algorithm to elevate the security and reliability of software package classification within the NPM repository, which is crucial for web application development. Our methodology capitalises on intricate package dependencies and metadata to not only enhance classification accuracy but also effectively utilise the complex and dynamic relationships widespread in web ecosystems. Comparative analyses underscore that our framework outstrips conventional methods such as DeepWalk and Node2Vec, with substantial improvements in precision and recall across a majority of functionality classes assessed. This research significantly advances web information systems engineering by providing a robust framework for the dynamic analysis of relationships and functionalities in software packages, thereby strengthening the security resilience of web-based software ecosystems.

Original languageEnglish
Title of host publicationWeb Information Systems Engineering – WISE 2024 - 25th International Conference, Proceedings
EditorsMahmoud Barhamgi, Hua Wang, Xin Wang
Pages58-73
Number of pages16
DOIs
Publication statusPublished - 2025

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume15440 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Dive into the research topics of 'A Graph-Based Approach for Software Functionality Classification on the Web'. Together they form a unique fingerprint.

Cite this