CVEForecast

Technical Details

Project Overview

CVE Forecast is a self-improving automated platform that leverages advanced hyperparameter optimization and 25+ time series forecasting models to predict Common Vulnerabilities and Exposures (CVEs). The system provides data-driven insights into future vulnerability disclosure trends through an intelligent, continuously-evolving forecasting pipeline.

🧠 Self-Improving AI

Comprehensive tuner learns from previous runs and continuously optimizes 25+ models across statistical, ML, and deep learning categories.

⚑ Dynamic Optimization

Intelligent timeout redistribution and adaptive search strategies maximize resource utilization during hyperparameter exploration.

πŸ—οΈ Production Architecture

Modular design with 5 core modules ensures maintainability, extensibility, and enterprise-grade reliability.

System Architecture

CVE Forecast employs a sophisticated, self-improving architecture that combines 25+ forecasting models with intelligent optimization capabilities.

πŸ—οΈ Core Components

  • main.py: Orchestrates entire forecasting workflow
  • data_loader.py: Processes 300K+ CVE JSON files
  • model_trainer.py: Trains and evaluates models
  • utils.py: Logging and configuration management
  • comprehensive_tuner.py: Hyperparameter optimization

πŸ“Š Model Categories (25+ Models)

Statistical (8): Prophet, AutoARIMA, TBATS, Theta, FourTheta, ExponentialSmoothing, KalmanFilter, Croston
ML/Tree (5): XGBoost, LightGBM, CatBoost, RandomForest, LinearRegression
Deep Learning (5): TCN, NBEATS, NHiTS, TiDE, DLinear
Baseline (3): NaiveDrift, NaiveMean, NaiveSeasonal

🧠 Self-Improving Optimization

Revolutionary Workflow: The comprehensive tuner learns from previous runs, only updating configurations when improvements are found, creating an intelligent system that evolves over time.

  • Dynamic Timeout Redistribution: Unused time from fast models redistributed to slower ones
  • Adaptive Search Strategies: Grid/random search selection based on model complexity
  • Dual-Config Management: Updates both production and tuner configurations
  • Performance Tracking: Maintains optimization history and automatic backups

πŸ“ˆ Evaluation System

Dual-Metric Evaluation:

  • MAPE: Primary ranking metric for model selection
  • MAE: Intuitive error measurement in original CVE units

Deployment & Automation

The system features fully automated CI/CD pipeline with daily updates and intelligent optimization integration.

πŸ”„ GitHub Actions Workflow

  • Daily scheduled execution (midnight UTC)
  • Automatic CVE data fetching and processing
  • Model training and forecast generation
  • Intelligent hyperparameter optimization
  • Automated deployment and configuration updates

⚑ Production Features

  • Processes 300K+ CVE JSON files daily
  • Dynamic forecasting through January 2026
  • Self-improving optimization workflow
  • Automatic configuration backups
  • Comprehensive validation and error handling

Change Log

πŸŽ‰ v.07 - Security Summer Camp Prep πŸ•οΈ (August 2025)

Fixed critical month transition bug in cumulative total calculations, ensuring accurate data representation across month boundaries

πŸ› οΈ Bug Fix Details

  • Replaced hard-coded month references with dynamic month detection
  • Ensured cumulative totals properly build upon the previous month's values
  • Fixed inconsistencies in cumulative statistics when crossing month boundaries
  • Implemented future-proof solution that works reliably for all calendar transitions
  • Added comprehensive logging to track cumulative total calculations

v.06 - KarlΕ―v mos πŸ‡¨πŸ‡Ώ (July 2025)

Revolutionary self-improving forecasting system with intelligent hyperparameter optimization

🧠 Intelligent Optimization

  • Comprehensive hyperparameter tuner for 19+ models
  • Self-improving workflow that learns from previous runs
  • Adaptive grid/random search selection
  • Intelligent timeout management and progress tracking

πŸ”„ Automated Infrastructure

  • Daily GitHub Actions integration with tuner
  • Automatic configuration backup and management
  • End-to-end validation pipeline
  • Complete self-optimization workflow
  • Support for 25+ models across Statistical, Tree-Based, and Deep Learning categories
  • Enterprise-grade modular architecture with 7 focused modules
  • Enhanced model stability with comprehensive error handling
  • Dynamic forecasting with automatic period adaptation

v.05 - Adolfo SuΓ‘rez Madrid-Baraja πŸ‡ͺπŸ‡Έ

  • Fixed a critical bug that prevented the cumulative graph from rendering due to an incorrect data structure in data.json.
  • Restored frontend compatibility by correcting the data generation logic, ensuring all charts now load correctly.

v.04 ORD ✈️ MAD

  • Enhanced model stability with improved error handling.
  • Added input validation and scaling for better numerical stability.
  • Optimized for CPU-only environments.
  • Implemented dynamic forecast period calculation.
  • Improved model selection based on MAPE scores.