当前位置:
X-MOL 学术
›
J. Syst. Softw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
An Ontology-Based Learning Approach for Automatically Classifying Security Requirements
Journal of Systems and Software ( IF 3.7 ) Pub Date : 2020-07-01 , DOI: 10.1016/j.jss.2020.110566 Tong Li , Zhishuai Chen
Journal of Systems and Software ( IF 3.7 ) Pub Date : 2020-07-01 , DOI: 10.1016/j.jss.2020.110566 Tong Li , Zhishuai Chen
Abstract Although academia has recognized the importance of explicitly specifying security requirements in early stages of system developments for years, in reality, many projects mix security requirements with other types of requirements. Thus, there is a strong need for precisely and efficiently classifying such security requirements from other requirements in requirement specifications. Existing studies leverage lexical evidence to build probabilistic classifiers, which are domain-dependent by design and cannot effectively classify security requirements from different application domains. In this paper, we propose an ontology-driven learning approach to automatically classify security requirements. Our approach consists of a conceptual layer and a linguistic layer, which understands security requirements based on not only lexical evidence but also conceptual domain knowledge. In particular, we apply a systematic approach to identify linguistic features of security requirements based on an extended security requirements ontology and linguistic knowledge, connecting the conceptual layer with the linguistic layer. Such linguistic features are then used to train domain-independent security requirements classifiers by using machine learning techniques. We have carried out a series of experiments to evaluate the performance and generalization ability of our proposal against existing approaches. The results of the experiments show that the proposed approach outperforms existing approaches with a significant increase of F1 score (0.63 VS. 0.44) when the training dataset and the testing dataset come from different application domains, i.e., the classifiers trained by our approach can be generalized to classify security requirements from different domains.
中文翻译:
一种基于本体的安全需求自动分类学习方法
摘要 尽管多年来学术界已经认识到在系统开发的早期阶段明确指定安全要求的重要性,但实际上,许多项目将安全要求与其他类型的要求混合在一起。因此,强烈需要将此类安全需求与需求规范中的其他需求进行精确和有效的分类。现有研究利用词汇证据来构建概率分类器,这些分类器在设计上依赖于领域,无法有效地对来自不同应用领域的安全需求进行分类。在本文中,我们提出了一种本体驱动的学习方法来自动分类安全需求。我们的方法由概念层和语言层组成,它不仅基于词汇证据而且基于概念领域知识来理解安全要求。特别是,我们应用系统的方法来识别基于扩展的安全需求本体和语言知识的安全需求的语言特征,将概念层与语言层连接起来。然后,通过使用机器学习技术,使用这些语言特征来训练与领域无关的安全需求分类器。我们进行了一系列实验,以评估我们的建议对现有方法的性能和泛化能力。实验结果表明,所提出的方法优于现有方法,F1 分数显着增加(0.63 VS. 0.
更新日期:2020-07-01
中文翻译:
一种基于本体的安全需求自动分类学习方法
摘要 尽管多年来学术界已经认识到在系统开发的早期阶段明确指定安全要求的重要性,但实际上,许多项目将安全要求与其他类型的要求混合在一起。因此,强烈需要将此类安全需求与需求规范中的其他需求进行精确和有效的分类。现有研究利用词汇证据来构建概率分类器,这些分类器在设计上依赖于领域,无法有效地对来自不同应用领域的安全需求进行分类。在本文中,我们提出了一种本体驱动的学习方法来自动分类安全需求。我们的方法由概念层和语言层组成,它不仅基于词汇证据而且基于概念领域知识来理解安全要求。特别是,我们应用系统的方法来识别基于扩展的安全需求本体和语言知识的安全需求的语言特征,将概念层与语言层连接起来。然后,通过使用机器学习技术,使用这些语言特征来训练与领域无关的安全需求分类器。我们进行了一系列实验,以评估我们的建议对现有方法的性能和泛化能力。实验结果表明,所提出的方法优于现有方法,F1 分数显着增加(0.63 VS. 0.
京公网安备 11010802027423号