Authors
Mounika Vanamala and Sean Loesch and Alexander Caravella, University of Wisconsin-Eau Claire, USA
Abstract
Secure software engineering is crucial but can be time-consuming; therefore, methods that could expedite the identification of software weaknesses without reducing the process' efficacy would benefit the software engineering industry and thus benefit modern life. This research focuses on finding an efficient machine learning algorithm to identify software weaknesses from requirement specifications. The research uses the CWE repository and PROMISE_exp dataset for training. Keywords extracted using latent semantic analysis help map the CWE categories to PROMISE_exp. Naïve Bayes, support vector machine (SVM), decision trees, neural network, and convolutional neural network (CNN) algorithms were tested, with SVM and neural network producing reliable results. The research's unique contribution lies in the mapping technique and algorithm selection. It serves as a valuable reference for the secure software engineering community seeking to expedite the development lifecycle without compromising efficacy. Future work involves testing more algorithms, optimizing existing ones, and improving the training sets' accuracy.
Keywords
Machine Learning, Software Weakness, Common Weakness Enumeration, Neural Network, Software Requirement Specification