Hierarchy-Aware RoBERTa Improves Cybersecurity Vulnerability Classification

Bipin Chhetri, Deepika Giri, Avishek Kadel, Rabin Kumar Karki, Akbar Siami Namin· July 15, 2026 View original

Summary

Researchers propose a Hierarchy-Aware RoBERTa framework to classify cybersecurity vulnerabilities using the CWE taxonomy, addressing extreme class imbalance and hierarchical dependencies. This model explicitly incorporates CWE structural information through learnable parent-class embeddings, outperforming oversampling techniques and baseline models.

Classifying cybersecurity vulnerabilities using the Common Weakness Enumeration (CWE) taxonomy presents significant challenges due to severe class imbalance and the inherent hierarchical structure of weakness categories. Traditional oversampling methods like SMOTE and ADASYN, while common for imbalance, prove largely ineffective or even detrimental for deep learning models when applied to hierarchical CWE text classification. This paper introduces a Hierarchy-Aware RoBERTa framework that directly integrates CWE structural information. It achieves this by using learnable parent-class embeddings, which helps preserve taxonomic consistency. Experiments on a CWE Research Concept dataset show that this approach achieves a weighted F1-score of 0.76 without data augmentation, significantly outperforming all baselines. Notably, it improved the F1-score for the minority "Class" category from 0.40 to 0.60 over the BERT baseline, demonstrating that hierarchy-aware representation learning is a more effective strategy than oversampling for structured vulnerability classification.

Why it matters

Cybersecurity professionals and developers can leverage this advanced classification method to more accurately identify and categorize software vulnerabilities, leading to improved security posture and more efficient remediation efforts.

How to implement this in your domain

  1. 1Evaluate existing vulnerability classification systems for their handling of hierarchical data and class imbalance.
  2. 2Consider integrating hierarchy-aware representation learning techniques into custom vulnerability detection tools.
  3. 3Train and fine-tune a Hierarchy-Aware RoBERTa model on proprietary or public CWE datasets.
  4. 4Develop a pipeline to automatically classify newly discovered vulnerabilities using this enhanced framework.

Who benefits

CybersecuritySoftware DevelopmentGovernmentDefenseIT Services

Key takeaways

  • Classifying cybersecurity vulnerabilities with CWE is challenging due to imbalance and hierarchy.
  • Traditional oversampling methods are ineffective for hierarchical deep learning.
  • Hierarchy-Aware RoBERTa uses parent-class embeddings to preserve taxonomic consistency.
  • The model significantly improves classification accuracy, especially for minority classes.

Original post by Bipin Chhetri, Deepika Giri, Avishek Kadel, Rabin Kumar Karki, Akbar Siami Namin

"arXiv:2607.11994v1 Announce Type: new Abstract: Classifying cybersecurity vulnerabilities using the Common Weakness Enumeration (CWE) taxonomy is challenging due to extreme class imbalance and strong hierarchical dependencies among weakness categories. Although oversampling techn…"

View on X

Originally posted by Bipin Chhetri, Deepika Giri, Avishek Kadel, Rabin Kumar Karki, Akbar Siami Namin on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses