A Machine Learning-Based Vulnerability Prediction System Using SBOM Metadata for Software Supply Chain Security 


Vol. 51,  No. 4, pp. 792-803, Apr.  2026
10.7840/kics.2026.51.4.792


PDF Full-Text
  Abstract

The growing complexity of software supply chains has increased the importance of the Software Bill of Materials (SBOM). However, traditional approaches that fully query external Vulnerability Databases (VDBs) face scalability limitations in large-component environments. This study proposes a Machine Learning (ML)-based probabilistic vulnerability prediction system that utilizes SBOM metadata. The system applies a ML approach by extracting and normalizing textual and categorical features from SBOMs, followed by feature hashing and dimensionality reduction to convert them into numerical vectors. Using the ‘Wild SBOMs’ dataset, models were trained and evaluated through cross-validation, and their generalization performance was assessed with the ‘Evaluating SBOM’ dataset. Results indicate that XGBoost is preferable when prioritizing Precision and F1-Score, whereas LightGBM performs better when emphasizing Recall and AUC. The proposed approach delivers processing speeds over 520 times faster than direct OSV (Open Source Vulnerabilities) queries, reducing bottlenecks in large-scale SBOM analysis and enhancing real-time response capabilities. This study demonstrates the technical feasibility of SBOM metadata-based vulnerability prediction and outlines future research directions, including severity prediction and strategies for mitigating data drift.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Related Articles
  Cite this article

[IEEE Style]

D. Jang and S. Jeon, "A Machine Learning-Based Vulnerability Prediction System Using SBOM Metadata for Software Supply Chain Security," The Journal of Korean Institute of Communications and Information Sciences, vol. 51, no. 4, pp. 792-803, 2026. DOI: 10.7840/kics.2026.51.4.792.

[ACM Style]

Dae-Han Jang and Sanghoon Jeon. 2026. A Machine Learning-Based Vulnerability Prediction System Using SBOM Metadata for Software Supply Chain Security. The Journal of Korean Institute of Communications and Information Sciences, 51, 4, (2026), 792-803. DOI: 10.7840/kics.2026.51.4.792.

[KICS Style]

Dae-Han Jang and Sanghoon Jeon, "A Machine Learning-Based Vulnerability Prediction System Using SBOM Metadata for Software Supply Chain Security," The Journal of Korean Institute of Communications and Information Sciences, vol. 51, no. 4, pp. 792-803, 4. 2026. (https://doi.org/10.7840/kics.2026.51.4.792)
Vol. 51, No. 4 Index

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)






pISSN : 1226 - 4717
eISSN : 2287 - 3880