Abstract
The existence of software vulnerabilities is an indicator of the reliability and safety of software products. Software vulnerabilities can be predicted using metrics derived from developers, organization, code and textual data. In this work, we aim to predict the software vulnerabilities using issue records in two different datasets. The first dataset consists of six-months of issue records collected in a corporate, whereas the second dataset consists of Wireshark project bug records from 2017 to 2018. Prediction models were established using six different machine learning for which textual descriptions of issue records were converted into topic models. A regression model was established for the corporate company in which textual description of issue records were used as the input, and the number of vulnerabilities were used as the output of the model. A classification model was established for Wireshark dataset in which textual descriptions of bug records were used as input of the model, and the class of vulnerable-prone or not is used as the output. The best regression model results are 0.23, 0.30, 0.44 MdMRE values, respectively. The best classification model result is 74% recall score.
Original language | English |
---|---|
Title of host publication | UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 739-744 |
Number of pages | 6 |
ISBN (Electronic) | 9781728139647 |
DOIs | |
Publication status | Published - Sept 2019 |
Event | 4th International Conference on Computer Science and Engineering, UBMK 2019 - Samsun, Turkey Duration: 11 Sept 2019 → 15 Sept 2019 |
Publication series
Name | UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering |
---|
Conference
Conference | 4th International Conference on Computer Science and Engineering, UBMK 2019 |
---|---|
Country/Territory | Turkey |
City | Samsun |
Period | 11/09/19 → 15/09/19 |
Bibliographical note
Publisher Copyright:© 2019 IEEE.
Keywords
- bug report
- issue record
- software vulnerability prediction
- textual description
- topic modeling