Akademik Veri Yönetim Sistemi
Yükseköğretim Kurumları Destekli Proje, 2021 - 2023
The software industry is developing and growing rapidly today. Accordingly, the complexity of the software increases and the security vulnerabilities increase at the same rate. Security vulnerabilities in a system, when used by malicious people, can cause serious financial and reputational loss, such as data leakage, damage to the system and complete destruction. Automatic classification of security vulnerabilities using artificial intelligence enables security vulnerabilities to be managed faster and without human error. In this thesis, it is aimed to classify software vulnerabilities according to their types with deep learning methods. In order to evaluate the classification performance of the models created in the study, a dataset consisting of 75,870 natural language-written vulnerability reports from the US National Vulnerability (NVD) Database was used. Key features were obtained by passing the software vulnerability disclosure data through the stages of text preprocessing, word vectorization, and feature selection. Software vulnerabilities were classified in 8 vulnerability categories by using the obtained features, Convolutional Neural Network, Long Short-Term Memory and NCP-LSTM, which are deep learning methods. Among the developed methods, 84% accuracy in the Convolutional Neural Network model, 87% in the Long Short-Term Memory model, and 88% in the NCP-LSTM hybrid model were obtained.