Detecting Privacy Requirements from User Stories with NLP Transfer Learning Models

TL;DR

This paper presents an NLP and deep learning-based approach to automatically detect privacy-related information in user stories, enhancing privacy considerations early in agile software development.

Contribution

It introduces a transfer learning method combined with NLP for privacy detection in user stories, showing improved accuracy over traditional methods.

Findings

Deep learning outperforms shallow machine learning in privacy detection.

Transfer learning improves prediction accuracy by approximately 10%.

The approach is validated on a dataset of 1680 user stories.

Abstract

To provide privacy-aware software systems, it is crucial to consider privacy from the very beginning of the development. However, developers do not have the expertise and the knowledge required to embed the legal and social requirements for data protection into software systems. Objective: We present an approach to decrease privacy risks during agile software development by automatically detecting privacy-related information in the context of user story requirements, a prominent notation in agile Requirement Engineering (RE). Methods: The proposed approach combines Natural Language Processing (NLP) and linguistic resources with deep learning algorithms to identify privacy aspects into User Stories. NLP technologies are used to extract information regarding the semantic and syntactic structure of the text. This information is then processed by a pre-trained convolutional neural network, which paved the way for the implementation of a Transfer Learning technique. We evaluate the proposed approach by performing an empirical study with a dataset of 1680 user stories. Results: The experimental results show that deep learning algorithms allow to obtain better predictions than those achieved with conventional (shallow) machine learning methods. Moreover, the application of Transfer Learning allows to considerably improve the accuracy of the predictions, ca. 10%. Conclusions: Our study contributes to encourage software engineering researchers in considering the opportunities to automate privacy detection in the early phase of design, by also exploiting transfer learning models.