Abstract
To develop secure software, software developers need to know the potential threats to the software. Knowledge captured in the Common Attack Pattern Enumeration and Classification (CAPEC) database can help software developers to understand how attackers target application weaknesses. In this paper, we present a method of recommending CAPEC attack patterns based on software requirement specification (SRS) documents. The method uses topic modelling to extract topics from each attack pattern and to extract topics from the software system description, user classes, use cases, and function requirements within the SRS documents. Attack patterns are recommended by calculating the distance measure of each attack pattern topic distribution and each SRS topic distribution using cosine similarity. Attack patterns are then ranked from maximum to minimum. The top attack patterns are then recommended to the software developers as the most relevant to the software system under development.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
