Yazilim Güvenli̇k Açiği Ekosi̇stemi̇ Ve Türki̇ye’deki̇ Durum Değerlendi̇rmesi̇

Bozoklu, Oğuz; Çil, Celal Zaim

doi:10.18640/ubgmd.303598

Cited by 5 publications

(4 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Important problems can be avoided by taking preventive measures. Management of software vulnerabilities is therefore very important [33]. It is important to know what data is collected and how it is reported.…”

Section: Software Vulnerability Databasesmentioning

confidence: 99%

A Multiclass Approach to Estimating Software Vulnerability Severity Rating with Statistical and Word Embedding Methods

KEKÜL¹,

Ergen²,

Arslan³

2022

IJCNIS

View full text Add to dashboard Cite

The analysis and grading of software vulnerabilities is an important process that is done manually by experts today. For this reason, there are time delays, human errors, and excessive costs involved with the process. The final result of these software vulnerability reports created by experts is the calculation of a severity score and a severity rating. The severity rating is the first and foremost value of the software’s vulnerability. The vulnerabilities that can be exploited are only 20% of the total vulnerabilities. The vast majority of exploitations take place within the first two weeks. It is therefore imperative to determine the severity rating without time delays. Our proposed model uses statistical methods and deep learning-based word embedding methods from natural language processing techniques, and machine learning algorithms that perform multi-class classification. Bag of Words, Term Frequency Inverse Document Frequency and Ngram methods, which are statistical methods, were used for feature extraction. Word2Vec, Doc2Vec and Fasttext algorithms are included in the study for deep learning based Word embedding. In the classification stage, Naive Bayes, Decision Tree, K-Nearest Neighbors, Multi-Layer Perceptron, and Random Forest algorithms that can make multi-class classification were preferred. With this aspect, our model proposes a hybrid method. The database used is open to the public and is the most reliable data set in the field. The results obtained in our study are quite promising. By helping experts in this field, procedures will speed up. In addition, our study is one of the first studies containing the latest version of the data size and scoring systems it covers.

show abstract

Section: Software Vulnerability Databasesmentioning

confidence: 99%

A Multiclass Approach to Estimating Software Vulnerability Severity Rating with Statistical and Word Embedding Methods

KEKÜL¹,

Ergen²,

Arslan³

2022

IJCNIS

View full text Add to dashboard Cite

show abstract

“…Important problems can be avoided by taking preventive measures. This is why handling software vulnerabilities is very important [22]. It is important to know what data is collected and how it is reported.…”

Section: Software Vulnerability Databasesmentioning

confidence: 99%

Comparison and Analysis of Software Vulnerability Databases

KEKÜL¹,

Ergen²,

Arslan³

2022

IJEM

View full text Add to dashboard Cite

In order to protect information systems against threats and vulnerabilities, security breaches should be analyzed. In this case, analysts primarily conduct intelligence research through open source systems. In particular, vulnerability databases stand out as the most preferred references at this stage. At this point, our study will be the main reference for the verification of vulnerability analysis. It will assist in the planning of testing processes, patches and updates in the development of software. Moreover, it will create a perspective in this field, enabling readers to understand the concept of software security and databases. In addition to unique advantages of this diversity, this has also led to some disadvantages. Our study focused on the reasons behind the creation of different databases. In addition, its advantages and disadvantages have been clearly demonstrated. First, the databases used were determined by examining the academic studies in the field of software security vulnerabilities. Twelve different databases used in the literature were identified. However, among these, the ones that are current and accessible to researchers were selected. As a result of this screening process, seven different databases were included in this study. The determined databases were examined in detail and explained. Then, databases were compared according to certain criteria. The data obtained as a result of the comparison are presented in detail. In this study, a systematic review of up-to-date and accessible vulnerability databases that are widely used in the literature is presented to help researchers decide which database to use.

show abstract

“…Correct coordination and information sharing between the researchers and stakeholders of the field is essential. In this way, attacks can be prevented by taking preventive measures against cyber attack [9]. Studies confirm that individuals who perceive themselves as vulnerable to a security threat are more likely to adopt an IS security innovation [10].…”

Section: Related Workmentioning

confidence: 99%

A New Vulnerability Reporting Framework for Software Vulnerability Databases

Kekül¹,

Ergen²,

Arslan³

2021

IJEME

View full text Add to dashboard Cite

Cyber security is one of the fundamental research areas of software engineering. The systems that make up today's information systems infrastructure have been developed largely with software support. Security vulnerabilities in the software used in these systems may cause undesirable results. It is very important to manage software vulnerabilities correctly. In addition, an effective communication mechanism and certain standards should be established among those working in this field. The importance of the subject has been understood in recent years and the studies in this area have gradually increased. The use of machine learning algorithms is increasing in recent studies in this area. Although there is a large data set accumulated in vulnerability databases, there is often the problem of unstructured data. Vulnerability databases and security reports are created in natural language that people can understand and interpret. These reports are difficult to read and understand by machines. Our study focuses on the difficulties of this unstructured and natural language system. In order to investigate this problem, firstly, up-to-date and accessible databases used in scientific research were examined and evaluated. Then, a three-stage security framework was proposed, consisting of the use of vulnerabilities by machines to assist experts from the notification stage to the reporting stage. The rules and flow charts of each stage are defined. In order to increase the usability of different databases in their own systems, the framework rules are defined as a guideline containing flexible directions, not rigid items. The point of consideration is not the methods and tools used, but the definition of outputs as common and similar attributes.

show abstract

Yazilim Güvenli̇k Açiği Ekosi̇stemi̇ Ve Türki̇ye’deki̇ Durum Değerlendi̇rmesi̇

Cited by 5 publications

References 2 publications

A Multiclass Approach to Estimating Software Vulnerability Severity Rating with Statistical and Word Embedding Methods

A Multiclass Approach to Estimating Software Vulnerability Severity Rating with Statistical and Word Embedding Methods

Comparison and Analysis of Software Vulnerability Databases

A New Vulnerability Reporting Framework for Software Vulnerability Databases

Contact Info

Product

Resources

About