SecureBERT β CWE Hierarchical Classifier
Part of the CVE-LMTune model suite β language models fine-tuned for multi-taxonomy vulnerability classification.
Paper
Franco Terranova, Sana Rekbi, Abdelkader Lahmadi, Isabelle Chrisment. Multi-Taxonomy Vulnerability Classification with Hierarchically Finetuned Language Models. The 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '26).
Task
CWE hierarchical multi-label classification (master + 10 slaves)
Performance
Micro-F1 = 0.8710 (hierarchical evaluation)
Model Structure
hierarchical β load master/ first, then the appropriate slave_*/ sub-model
Quick Start
from transformers import AutoTokenizer, AutoModelForSequenceClassification
import torch
tokenizer = AutoTokenizer.from_pretrained("Sana9/securebert-cwe-hierarchical")
model = AutoModelForSequenceClassification.from_pretrained("Sana9/securebert-cwe-hierarchical")
model.eval()
text = "Buffer overflow vulnerability in OpenSSL allows remote attackers to execute arbitrary code."
inputs = tokenizer(text, return_tensors="pt", truncation=True, max_length=512)
with torch.no_grad():
logits = model(**inputs).logits
probs = torch.sigmoid(logits) # multi-label β sigmoid
Note for hierarchical models: This repo contains multiple sub-folders (master + slave models). Load each sub-folder separately using
from_pretrained("Sana9/securebert-cwe-hierarchical/master")etc.
Citation
@inproceedings{terranova2026cvelmtune,
title = {Multi-Taxonomy Vulnerability Classification with Hierarchically Finetuned Language Models},
author = {Terranova, Franco and Rekbi, Sana and Lahmadi, Abdelkader and Chrisment, Isabelle},
booktitle = {Proceedings of DIMVA '26},
year = {2026}
}
Related Resources
- π€ Full model suite on Hugging Face
- π» CVE-LMTune β Training code (GitHub)
- π¦ Zenodo β Data repository
- π¦ Zenodo β Code repository
Disclaimers
- This product uses the NVD API but is not endorsed or certified by the NVD.
- This project relies on data publicly available from the CWE, CAPEC, and MITRE ATT&CK projects.
- This work has been partially supported by the French National Research Agency under the France 2030 label (Superviz ANR-22-PECY-0008). The views reflected herein do not necessarily reflect the opinion of the French government.