TY - GEN
T1 - A Graph-Based Approach for Software Functionality Classification on the Web
AU - Jiang, Yinhao
AU - Bewong, Michael
AU - Islam, Zahid
AU - Ip, H.L.
AU - Islam, Rafiqul
AU - Mahboubi, Arash
AU - Halder, Sajal
AU - Gauravaram, Praveen
AU - Xue, Jason
PY - 2025
Y1 - 2025
N2 - In the context of rising cybersecurity threats within software supply chains, the precise classification of software package functionalities is essential for mitigating risks posed by the exploitation of third-party libraries in web-based systems. This paper introduces a novel approach employing a Heterogeneous Information Network (HIN) and the Metapath2Vec algorithm to elevate the security and reliability of software package classification within the NPM repository, which is crucial for web application development. Our methodology capitalises on intricate package dependencies and metadata to not only enhance classification accuracy but also effectively utilise the complex and dynamic relationships widespread in web ecosystems. Comparative analyses underscore that our framework outstrips conventional methods such as DeepWalk and Node2Vec, with substantial improvements in precision and recall across a majority of functionality classes assessed. This research significantly advances web information systems engineering by providing a robust framework for the dynamic analysis of relationships and functionalities in software packages, thereby strengthening the security resilience of web-based software ecosystems.
AB - In the context of rising cybersecurity threats within software supply chains, the precise classification of software package functionalities is essential for mitigating risks posed by the exploitation of third-party libraries in web-based systems. This paper introduces a novel approach employing a Heterogeneous Information Network (HIN) and the Metapath2Vec algorithm to elevate the security and reliability of software package classification within the NPM repository, which is crucial for web application development. Our methodology capitalises on intricate package dependencies and metadata to not only enhance classification accuracy but also effectively utilise the complex and dynamic relationships widespread in web ecosystems. Comparative analyses underscore that our framework outstrips conventional methods such as DeepWalk and Node2Vec, with substantial improvements in precision and recall across a majority of functionality classes assessed. This research significantly advances web information systems engineering by providing a robust framework for the dynamic analysis of relationships and functionalities in software packages, thereby strengthening the security resilience of web-based software ecosystems.
UR - https://rdcu.be/d3nRL
UR - http://www.scopus.com/inward/record.url?scp=85211251858&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85211251858&partnerID=8YFLogxK
U2 - 10.1007/978-981-96-0576-7_5
DO - 10.1007/978-981-96-0576-7_5
M3 - Conference paper
SN - 9789819605750
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 58
EP - 73
BT - Web Information Systems Engineering – WISE 2024 - 25th International Conference, Proceedings
A2 - Barhamgi, Mahmoud
A2 - Wang, Hua
A2 - Wang, Xin
ER -