Litcius/Paper detail

Recommending Attack Patterns for Software Requirements Document

Mounika Vanamala, Jairen Gilmore, Xiaohong Yuan, Kaushik Roy

202016 citationsDOI

Abstract

To develop secure software, software developers need to know the potential threats to the software. Knowledge captured in the Common Attack Pattern Enumeration and Classification (CAPEC) database can help software developers to understand how attackers target application weaknesses. In this paper, we present a method of recommending CAPEC attack patterns based on software requirement specification (SRS) documents. The method uses topic modelling to extract topics from each attack pattern and to extract topics from the software system description, user classes, use cases, and function requirements within the SRS documents. Attack patterns are recommended by calculating the distance measure of each attack pattern topic distribution and each SRS topic distribution using cosine similarity. Attack patterns are then ranked from maximum to minimum. The top attack patterns are then recommended to the software developers as the most relevant to the software system under development.

Topics & Concepts

Computer scienceSoftwareSoftware developmentCosine similaritySoftware engineeringData miningCluster analysisArtificial intelligenceProgramming languageSoftware Engineering ResearchInformation and Cyber SecurityNetwork Security and Intrusion Detection
Recommending Attack Patterns for Software Requirements Document | Litcius