TL;DR
This paper explores using NLP techniques to classify security-relevant configuration settings, aiming to assist security experts in identifying critical settings more efficiently.
Contribution
It introduces a machine learning approach with labeled datasets and code to aid security experts, though it does not fully replace human judgment.
Findings
Classifiers assist but do not replace experts
Labeled datasets and code are publicly available
Further research needed to improve accuracy
Abstract
To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
