Using Machine Learning To Identify Software Weaknesses From Software Requirement Specifications

TL;DR

This paper explores machine learning techniques, particularly SVM and neural networks, to efficiently identify software weaknesses from requirement specifications, aiming to enhance secure software development processes.

Contribution

It introduces a novel mapping technique between CWE categories and requirement data, and evaluates multiple ML algorithms for this task.

Findings

SVM and neural networks yielded reliable results

Mapping technique improved categorization accuracy

Future work includes algorithm optimization and dataset enhancement

Abstract

Secure software engineering is crucial but can be time-consuming; therefore, methods that could expedite the identification of software weaknesses without reducing the process efficacy would benefit the software engineering industry and thus benefit modern life. This research focuses on finding an efficient machine learning algorithm to identify software weaknesses from requirement specifications. The research uses the CWE repository and PROMISE exp dataset for training. Keywords extracted using latent semantic analysis help map the CWE categories to PROMISE_exp. Naive Bayes, support vector machine (SVM), decision trees, neural network, and convolutional neural network (CNN) algorithms were tested, with SVM and neural network producing reliable results. The research is unique contribution lies in the mapping technique and algorithm selection. It serves as a valuable reference for the secure software engineering community seeking to expedite the development lifecycle without compromising efficacy. Future work involves testing more algorithms, optimizing existing ones, and improving the training sets accuracy.