keyboard_arrow_up
Using Machine Learning to Identify Software Weaknesses from Software Requirement Specifications

Authors

Mounika Vanamala and Sean Loesch and Alexander Caravella, University of Wisconsin-Eau Claire, USA

Abstract

Secure software engineering is crucial but can be time-consuming; therefore, methods that could expedite the identification of software weaknesses without reducing the process' efficacy would benefit the software engineering industry and thus benefit modern life. This research focuses on finding an efficient machine learning algorithm to identify software weaknesses from requirement specifications. The research uses the CWE repository and PROMISE_exp dataset for training. Keywords extracted using latent semantic analysis help map the CWE categories to PROMISE_exp. Naïve Bayes, support vector machine (SVM), decision trees, neural network, and convolutional neural network (CNN) algorithms were tested, with SVM and neural network producing reliable results. The research's unique contribution lies in the mapping technique and algorithm selection. It serves as a valuable reference for the secure software engineering community seeking to expedite the development lifecycle without compromising efficacy. Future work involves testing more algorithms, optimizing existing ones, and improving the training sets' accuracy.

Keywords

Machine Learning, Software Weakness, Common Weakness Enumeration, Neural Network, Software Requirement Specification

Full Text  Volume 13, Number 17