Mounika Vanamala, Jairen Gilmore, Xiaohong Yuan, K. Roy
{"title":"Recommending Attack Patterns for Software Requirements Document","authors":"Mounika Vanamala, Jairen Gilmore, Xiaohong Yuan, K. Roy","doi":"10.1109/CSCI51800.2020.00334","DOIUrl":null,"url":null,"abstract":"To develop secure software, software developers need to know the potential threats to the software. Knowledge captured in the Common Attack Pattern Enumeration and Classification (CAPEC) database can help software developers to understand how attackers target application weaknesses. In this paper, we present a method of recommending CAPEC attack patterns based on software requirement specification (SRS) documents. The method uses topic modelling to extract topics from each attack pattern and to extract topics from the software system description, user classes, use cases, and function requirements within the SRS documents. Attack patterns are recommended by calculating the distance measure of each attack pattern topic distribution and each SRS topic distribution using cosine similarity. Attack patterns are then ranked from maximum to minimum. The top attack patterns are then recommended to the software developers as the most relevant to the software system under development.","PeriodicalId":336929,"journal":{"name":"2020 International Conference on Computational Science and Computational Intelligence (CSCI)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Conference on Computational Science and Computational Intelligence (CSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCI51800.2020.00334","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
To develop secure software, software developers need to know the potential threats to the software. Knowledge captured in the Common Attack Pattern Enumeration and Classification (CAPEC) database can help software developers to understand how attackers target application weaknesses. In this paper, we present a method of recommending CAPEC attack patterns based on software requirement specification (SRS) documents. The method uses topic modelling to extract topics from each attack pattern and to extract topics from the software system description, user classes, use cases, and function requirements within the SRS documents. Attack patterns are recommended by calculating the distance measure of each attack pattern topic distribution and each SRS topic distribution using cosine similarity. Attack patterns are then ranked from maximum to minimum. The top attack patterns are then recommended to the software developers as the most relevant to the software system under development.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
