Machine Learning Based Approach to Recommend MITRE ATT&CK Framework for
Software Requirements and Design Specifications
- URL: http://arxiv.org/abs/2302.05530v1
- Date: Fri, 10 Feb 2023 22:15:45 GMT
- Title: Machine Learning Based Approach to Recommend MITRE ATT&CK Framework for
Software Requirements and Design Specifications
- Authors: Nicholas Lasky, Benjamin Hallis, Mounika Vanamala, Rushit Dave, Jim
Seliya
- Abstract summary: To develop secure software, software developers need to think like an attacker through mining software repositories.
In this paper, we use machine learning algorithms to map requirements to the MITRE ATT&CK database.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Engineering more secure software has become a critical challenge in the cyber
world. It is very important to develop methodologies, techniques, and tools for
developing secure software. To develop secure software, software developers
need to think like an attacker through mining software repositories. These aim
to analyze and understand the data repositories related to software
development. The main goal is to use these software repositories to support the
decision-making process of software development. There are different
vulnerability databases like Common Weakness Enumeration (CWE), Common
Vulnerabilities and Exposures database (CVE), and CAPEC. We utilized a database
called MITRE. MITRE ATT&CK tactics and techniques have been used in various
ways and methods, but tools for utilizing these tactics and techniques in the
early stages of the software development life cycle (SDLC) are lacking. In this
paper, we use machine learning algorithms to map requirements to the MITRE
ATT&CK database and determine the accuracy of each mapping depending on the
data split.
Related papers
- A Systematic Literature Review on the Use of Machine Learning in Software Engineering [0.0]
The study was carried out following the objective and the research questions to explore the current state of the art in applying machine learning techniques in software engineering processes.
The review identifies the key areas within software engineering where ML has been applied, including software quality assurance, software maintenance, software comprehension, and software documentation.
arXiv Detail & Related papers (2024-06-19T23:04:27Z) - DevPhish: Exploring Social Engineering in Software Supply Chain Attacks
on Developers [0.25729063928675466]
adversaries utilize Social Engineering (SocE) techniques specifically aimed at software developers.
This paper aims to comprehensively explore the existing and emerging SocE tactics employed by adversaries to trick Software Engineers (SWEs) into delivering malicious software.
arXiv Detail & Related papers (2024-02-28T15:24:43Z) - Charting a Path to Efficient Onboarding: The Role of Software
Visualization [49.1574468325115]
The present study aims to explore the familiarity of managers, leaders, and developers with software visualization tools.
This approach incorporated quantitative and qualitative analyses of data collected from practitioners using questionnaires and semi-structured interviews.
arXiv Detail & Related papers (2024-01-17T21:30:45Z) - Software Repositories and Machine Learning Research in Cyber Security [0.0]
The integration of robust cyber security defenses has become essential across all phases of software development.
Attempts have been made to leverage topic modeling and machine learning for the detection of these early-stage vulnerabilities in the software requirements process.
arXiv Detail & Related papers (2023-11-01T17:46:07Z) - Intelligent Software Tooling for Improving Software Development [3.1763879286782966]
Deep Learning (DL) has shown huge advancements in automation across many domains, including Software Development processes.
One of the main reasons behind this success is the availability of large datasets such as open-source code available through GitHub or image datasets of mobile Graphical User Interfaces (GUIs) with RICO and ReDRAW to be trained on.
arXiv Detail & Related papers (2023-10-17T01:29:07Z) - Embedded Software Development with Digital Twins: Specific Requirements
for Small and Medium-Sized Enterprises [55.57032418885258]
Digital twins have the potential for cost-effective software development and maintenance strategies.
We interviewed SMEs about their current development processes.
First results show that real-time requirements prevent, to date, a Software-in-the-Loop development approach.
arXiv Detail & Related papers (2023-09-17T08:56:36Z) - Using Machine Learning To Identify Software Weaknesses From Software
Requirement Specifications [49.1574468325115]
This research focuses on finding an efficient machine learning algorithm to identify software weaknesses from requirement specifications.
Keywords extracted using latent semantic analysis help map the CWE categories to PROMISE_exp. Naive Bayes, support vector machine (SVM), decision trees, neural network, and convolutional neural network (CNN) algorithms were tested.
arXiv Detail & Related papers (2023-08-10T13:19:10Z) - Empowered and Embedded: Ethics and Agile Processes [60.63670249088117]
We argue that ethical considerations need to be embedded into the (agile) software development process.
We put emphasis on the possibility to implement ethical deliberations in already existing and well established agile software development processes.
arXiv Detail & Related papers (2021-07-15T11:14:03Z) - Technology Readiness Levels for Machine Learning Systems [107.56979560568232]
Development and deployment of machine learning systems can be executed easily with modern tools, but the process is typically rushed and means-to-an-end.
We have developed a proven systems engineering approach for machine learning development and deployment.
Our "Machine Learning Technology Readiness Levels" framework defines a principled process to ensure robust, reliable, and responsible systems.
arXiv Detail & Related papers (2021-01-11T15:54:48Z) - Machine Learning for Software Engineering: A Systematic Mapping [73.30245214374027]
The software development industry is rapidly adopting machine learning for transitioning modern day software systems towards highly intelligent and self-learning systems.
No comprehensive study exists that explores the current state-of-the-art on the adoption of machine learning across software engineering life cycle stages.
This study introduces a machine learning for software engineering (MLSE) taxonomy classifying the state-of-the-art machine learning techniques according to their applicability to various software engineering life cycle stages.
arXiv Detail & Related papers (2020-05-27T11:56:56Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.