Home Embedded Vulns General Vulns

About ESV-Tracker

The first platform dedicated to identifying and classifying embedded system vulnerabilities, separating them from the noise of general-purpose CVEs.

Mission

Embedded systems power the most critical infrastructure around us, from medical devices and industrial controllers to IoT sensors and wireless sensor networks (WSN). Yet when it comes to vulnerability databases, embedded threats are buried alongside millions of general-purpose CVEs, making it nearly impossible for security teams to prioritize what truly matters.

ESV-Tracker was born from this gap. As a university research project developed at the Informatique & Applications Laboratory, our mission is simple: give embedded system security its own dedicated space, a platform that classifies, tracks, and surfaces vulnerabilities that specifically affect embedded and IoT environments.

How the Classification Works

At the core of ESV-Tracker is a Two-Stream Hybrid Embedding Architecture that combines two complementary models to classify each CVE as either an Embedded System Vulnerability (ESV) or a General-Purpose Software Vulnerability (GPSV).

The first stream uses Vuln2Vec, a custom domain-specific word embedding trained on vulnerability data, giving the model a deep understanding of specialized security terminology. The second stream leverages a large pre-trained language model (PLM) to capture broader contextual relationships and handle out-of-vocabulary (OOV) words that domain-specific models may miss.

The outputs of both streams are fused through a learnable weighted feature fusion mechanism, allowing the model to dynamically balance domain-specific precision with broad linguistic understanding โ€” achieving state-of-the-art classification accuracy.

Data Sources & Roadmap

ESV-Tracker currently ingests and classifies vulnerabilities from the National Vulnerability Database (NVD), the most comprehensive publicly available CVE repository. Every entry is automatically processed through our classification pipeline upon ingestion.

Future data sources planned:

โœ“ NVD CNVD CNNVD VarIoT ZDI

๐Ÿ‘ฅ Research Team RESI

Abdelbaki El Belrhiti El Alaoui
Supervisor & Principal Investigator
Noura Layachi
Current Researcher & Platform Developer
Aissa Ben Yahya
Researcher & Classification Model Author
Hicham El Akhal
Researcher
Anas Mejdoub
Researcher
Said Chouchf
Researcher
Wafae Zarrik
Researcher

๐Ÿ“„ Published Work

The classification model powering ESV-Tracker is based on the following peer-reviewed publication:

Improving Critical Infrastructure Security Through Hybrid Embeddings for Vulnerability Classification
Aissa Ben Yahya, Hicham El Akhal, Abdelbaki El Belrhiti El Alaoui. Journal of Information Security and Applications, Vol. 93, 104185 ยท September 2025
DOI: 10.1016/j.jisa.2025.104185 โ†—