- The paper presents a novel graph-based framework that predicts multi-vulnerability attack chains by leveraging enriched SBOM graphs.
- It employs a Heterogeneous Graph Attention Network (HGAT) for component classification, achieving 91.03% accuracy and 74.02% F1-score.
- The approach predicts co-exploitation patterns using an MLP classifier with a ROC-AUC of 0.93, grounding predictions in dependency subgraphs.
Predicting Multi-Vulnerability Attack Chains from SBOM Graphs: A Graph Learning Perspective
Motivation and Problem Statement
Modern software supply chains exhibit complex, multi-component dependency graphs, in which real-world exploits frequently leverage chains of vulnerabilities spanning transitive dependencies. However, the industry standard pipeline for SBOM-based vulnerability analysis remains limited to enumerating per-component, per-CVE findings, ignoring the combinatorial effects of cascaded paths. Signature-based scanners such as Snyk or Trivy produce flat vulnerability lists, resulting in blind spots for analysts regarding multi-step chain attacks that materialize only when vulnerabilities interact via the dependency structure. This misalignment is repeatedly exposed by high-profile incidents such as ProxyLogon, where chained exploitation of multiple CVEs leads to critical compromise.
The paper "Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs" (2604.04977) proposes a graph-based framework for cascading vulnerability discovery. Unlike conventional approaches, this work formulates attack chain prediction as an evidence-driven, dependency-constrained heterogenous graph-learning task over enriched SBOMs.
Methodology
End-to-End Pipeline
The pipeline begins with transforming CycloneDX-format SBOMs—augmented with scanner-provided CVE annotations—into heterogeneous graphs incorporating components, vulnerabilities (CVEs), and weaknesses (CWEs), as distinct node types. Edges encode first-class relations: dependency relations (DEPENDS_ON), component-vulnerability links (HAS_VULNERABILITY), and potentially weakness annotations (HAS_CWE).
Figure 1: The complete pipeline, from mining a GitHub repository to SBOM generation, KB construction, graph modeling, and eventual attack chain prediction.
Figure 2: The proposed knowledge graph schema showing typed nodes and edges, with extensibility for additional cybersecurity-related entities (e.g., CWEs).
This schema enables embedding dependency topology and security metadata as relational evidence, as opposed to treating vulnerabilities as isolated observations.
Component Vulnerability Classification with HGAT
The first modeling stage reframes vulnerability detection as node classification: given the full heterogeneous graph, determine whether a component is associated with at least one known CVE. The representation is learned using a Heterogeneous Graph Attention Network (HGAT), which performs relation-aware aggregation across multiple node and edge types. The attention mechanism differentially weights information from dependency, vulnerability, and (in future) weakness relations. Hyperparameters include two HGAT layers and multiple attention heads, with training performed using cross-entropy loss and the Adam optimizer.
Ablation studies demonstrate that masking dependency relations (i.e., omitting DEPENDS_ON edges) during inference collapses recall to zero, substantiating that relational structure, and not only component-local metadata, drives predictive signal in heterogeneous SBOM graphs.
Attack Chain Link Prediction via CVE Pair Modeling
The core attack chain prediction is formalized as link prediction for CVE pairs: learning a scoring function that estimates the likelihood of two vulnerabilities being co-exploited in a multi-step attack scenario. Candidate positive pairs are extracted from a seed corpus of public multi-CVE chain disclosures, while negatives are sampled randomly, with feature vectors engineered from per-CVE and CVE-pair interactions (e.g., CVSS scores, time difference, co-exploited indicator).
A lightweight MLP is trained on these features to assign co-exploitation probabilities, yielding a ranked list of predicted chains for analyst inspection. The current prototype focuses on pairwise links, deferring construction of longer chains via compositional search in future work.
SBOM-Grounded Attack Chain Localization
Given predicted or reported CVE chains, the analysis protocol projects them onto SBOM dependency subgraphs. This grounds chain predictions to concrete component implementations, enabling both automated triage and analyst-driven error analysis within precise system context.
Results
Evaluation is conducted on 200 CycloneDX SBOMs (Python projects) from the Wild SBOMs dataset. The HGAT classifier achieves 91.03% accuracy and 74.02% F1-score for the binary has-any-CVE prediction. Crucially, removal of dependency edge information annihilates recall, demonstrating the necessity of capturing full graph context for signal propagation.
On the cascade discovery task, the MLP-based CVE pair classifier achieves a ROC-AUC of 0.93 on a dataset of 35 seed chains (with a 2:1 sampled negatives ratio), indicating robust discrimination of co-exploitation patterns based on metadata features. However, limitations include potential information leakage due to pairwise CVE re-use and the small scale of real-world chain annotation, both acknowledged as open methodological issues.
Contrasts with Prior Art
Contemporary SBOM and SCA tools do not reason about cross-component or cross-vulnerability dependencies, focusing on independent CVE reporting and severity scoring (CVSS/EPSS/VEX). Existing graph-based vulnerability risk models (e.g., VulKG, prior GNN-based exploitability predictors) operate over static KGs extracted from relational security databases, but do not instantiate SBOM-constrained evidence graphs at the bill-of-materials level, nor do they map cascade predictions onto explicit implementation dependencies.
The present pipeline represents a shift in both abstraction and practical workflow by grounding reasoning—and ultimately, chain discovery—in dependency-aware, instance-specific SBOM KGs.
Implications and Future Directions
The results substantiate that dependency structure in SBOM KGs encodes significant signal for both direct vulnerability assignments and co-exploitation inference, with immediate applications for analyst triage, security orchestration, and incident response workflows. The model is modular and extensible, supporting future integration of additional semantic information (e.g., extended CWE mapping), alternative graph neural models, or even LLM-based reasoning over structured SBOM graphs.
Substantive future directions include:
- Expansion of the chain annotation corpus for improved generalization in supervised cascade discovery
- Direct integration of HGAT-derived node/graph embeddings into the cascade MLP for end-to-end differentiability
- Generalization to diverse SBOM formats and non-Python ecosystems via flexible SBOM ingestion
- Integration of LLM-based prompting (e.g., ReAct) over structured SBOM/KG contexts for explainable, interactive triage
- Support for multi-step chain assembly beyond pairwise link prediction, leveraging compositional path search or differentiable chain models
Conclusion
This work inaugurates a pipeline for modeling software supply chain vulnerability as a graph reasoning task, linking SBOM-constrained evidence structures to attack chain prediction via advanced GNN architectures. Empirical results confirm that dependency graphs amplify the learnable signal for both direct and cascade vulnerability prediction, and that co-exploitation priors can be extracted from limited chain documentation. This paves the way for practices and tools that can anticipate attack chains before they materialize in the wild, rather than react to individual vulnerabilities in isolation. The demonstrated methodology establishes a foundation for graph-based analytical approaches in SBOM-centered software assurance (2604.04977).