Abstract
In the recent years, techniques and approaches associated with machine learning are being proposed to improvise the aspect of security of software product. These techniques and approaches of machine learning are proposed to cater to various phases of software development process for the implementation of security. This paper investigates the various approaches and techniques of machine learning used for security purpose. The research paper further explores how the alignment of misuse care oriented quality requirements framework metrics can be done with the eligible technique/approach of machine learning for specification and implementation of security requirements during the requirements engineering phase of software development process and also highlights the outcome of this alignment. The paper also presents some areas where further research work could be carried out to strengthen the security aspect of the software during its development process.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rawat, M.S., Dubey, S.K.: Software defect prediction models for quality improvement: a literature study. IJCSI Int. J. Comput. Sci. Iss. 9(5), 288–296 (2012)
Batcheller, A., Fowler, S.C., Cunningham, R., Doyle, D., Jaeger, T., Lindqvist, U.: Building on the success of building security. IEEE Secur. Priv. 15(4), 85–87 (2017)
Vijayakumar, K., Arun, C.: Continuous security assessment of cloud based applications using distributed hashing algorithm in SDLC. Cluster Comput., 1–12 (2017)
Sharma, B., Duer, K.A., Goldberg, R.M., Teilhet, S.D., Turnham, J.C., Wang, S., Xiao, H.: U.S. Patent No. 9,544,327. Washington, DC: U.S. Patent and Trademark Office (2017)
Chandra, K., Kapoor, G., Kohli, R., Gupta, A.: Improving software quality using machine learning. In: 2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH), pp. 115–118. IEEE (2016)
Banerjee, C., Banerjee, A., Sharma, S.K.: Use Case and Misuse Case in Eliciting Security Requirements: MCOQR Metrics Framework Perspective
Figl, K., Recker, J., Hidalga, A.N., Hardisty, A., Jones, A.: Security is nowadays an indispensable requirement in software systems. Traditional software engineering processes focus primarily on business requirements, leaving security as an afterthought to be addressed via generic “patched-on” defensive mechanisms. This approach is insufficient, and software systems need to have security functionality engineered within in a similar fashion as ordinary business…. Requir. Eng. 21(1), 107–129 (2016)
Banerjee, C., Pandey, S.K.: Software security rules. SDLC Perspective (2009)
Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., Vance, A.: What levels of moral reasoning and values explain adherence to information security rules? An empirical study. Eur. J. Inf. Syst. 18(2), 126–139 (2009)
Dick, J., Hull, E., Jackson, K.: Requirements Engineering. Springer (2017)
Ismael, O.A., Song, D., Ha, P.T., Gilbert, P.J., Xue, H.: U.S. Patent No. 9,594,905. Washington, DC: U.S. Patent and Trademark Office (2017)
Witten, I.H., Frank, E., Hall, M. A., Pal, C.J.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann (2016)
Poonia, A.S., Banerjee, C., Banerjee, A., Sharma, S.K.: Vulnerability identification and misuse case classification framework. In: Soft Computing: Theories and Applications, pp. 659–666. Springer, Singapore (2018)
Banerjee, C., Banerjee, A., Poonia, A.S., Sharma, S.K.: Proposed algorithm for identification of vulnerabilities and associated misuse cases using CVSS, CVE standards during security requirements elicitation phase. In: Soft Computing: Theories and Applications, pp. 651–658. Springer, Singapore (2018)
Riaz, M., Elder, S., Williams, L.: Systematically developing prevention, detection, and response patterns for security requirements. In: IEEE International Requirements Engineering Conference Workshops (REW), pp. 62–67, Sept., 2016. IEEE
Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114. ACM (2010)
Alves, H., Fonseca, B., Antunes, N.: Experimenting machine learning techniques to predict vulnerabilities. In: 2016 Seventh Latin-American Symposium on Dependable Computing (LADC), pp. 151–156. IEEE (2016)
Webster, A.: A Comparison of Transfer Learning Algorithms for Defect and Vulnerability Detection (2017)
Banerjee, C., Pandey, S.K.: Research on software security awareness: problems and prospects. ACM SIGSOFT Softw. Eng. Notes 35(5), 1–5 (2010)
Han, Z., Li, X., Xing, Z., Liu, H., Feng, Z.: Learning to predict severity of software vulnerability using only vulnerability description. In: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 125–136. IEEE (2017)
Banerjee, C., Banerjee, A., Pandey, S.K.: MCOQR (Misuse Case-Oriented Quality Requirements) Metrics Framework. In Problem Solving and Uncertainty Modeling through Optimization and Soft Computing Applications, pp. 184–209. IGI Global (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Poonia, A.S., Banerjee, C., Banerjee, A., Sharma, S.K. (2019). Aligning Misuse Case Oriented Quality Requirements Metrics with Machine Learning Approach. In: Ray, K., Sharma, T., Rawat, S., Saini, R., Bandyopadhyay, A. (eds) Soft Computing: Theories and Applications. Advances in Intelligent Systems and Computing, vol 742. Springer, Singapore. https://doi.org/10.1007/978-981-13-0589-4_64
Download citation
DOI: https://doi.org/10.1007/978-981-13-0589-4_64
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-0588-7
Online ISBN: 978-981-13-0589-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)