基于神经网络和NLP的软件需求安全分析研究

摘要/Abstract

摘要： 为了对软件需求的不完备性和歧义性程度进行识别,搭建软件需求和标准规范之间的桥梁,提出一种基于自然语言处理(Natural Language Processing,NLP)和神经网络的分析评价模型。首先,从国际标准化组织(ISO)、开源Web应用程序安全计划(OWASP)和PCI目录等标准出发,识别出多个安全性规范特征,找到文本蕴涵关系;然后,利用蕴涵结果以及文本注释来训练神经网络模型,以预测文档中的某个语句是否存在于安全标准中。所提模型对每个蕴涵配置的预测性能进行了评价,结果表明:蕴涵配置9的平均F-得分最高,为最佳完备性预测器。且在最优和最差配置下,所提模型的性能均优于常用的空模型。

关键词: 安全性, 空模型, 软件需求, 神经网络模型, 蕴涵关系, 自然语言处理

Abstract: To identify the incompleteness and ambiguity of software requirements and build a bridge between software requirements and standard specifications,this paper proposed a model of analysis and evaluation based on the Natural Language Processing (NLP) and neural network.Firstly,from ISO,the open-source Web application security plan (OWASP) and the PCI directory,multiple security specification features are identified,and text implication relationships are found.Then,the implication results and text annotations are used to train the neural network model to predict whether a certain statement in the document is available.The proposed model evaluates the performance of each implication configuration.The results show that the average F- score of the implicative configuration 9 is the highest,which is the best completeness predictor.Moreover,the performance of the proposed model is better than that of the null model under optimal and worst allocation.

Key words: Implication relationships, Natural language processing, Neural networks model, Null model, Security, Software requirements

中图分类号:

TP391

孙宝华, 胡楠, 李东洋. 基于神经网络和NLP的软件需求安全分析研究[J]. 计算机科学, 2019, 46(6A): 348-352. https://doi.org/

SUN Bao-hua, HU Nan, LI Dong-yang. Analysis Research of Software Requirement Safety Based on Neural Network and NLP[J]. Computer Science, 2019, 46(6A): 348-352. https://doi.org/

参考文献

[1]陈志慧.基于Event-B的软件需求形式化建模技术的研究[D].成都:电子科技大学,2013.
[2]MALHOTRA R,CHUG A,HAYRAPETIAN A,et al.Analyzing and evaluating security features in software requirements[C]∥International Conference on Innovation and Challenges in Cyber Security.2016:26-30.
[3]熊伟,王娟丽,蔡铭.基于QFD技术的软件可信性评估研究[J].计算机应用研究,2010,27(8):2991-2994.
[4]王飞,郭渊博,李波,等.安全苛求软件需求规格中的安全特性验证方法[J].计算机应用,2013,33(7):2041-2045.
[5]KNAUSS E,OTT D.(Semi-) automatic Categorization of Natural Language Requirements[C]∥International Working Conference on Requirements Engineering:Foundation for Software Quality.Springer International Publishing,2014:39-54.
[6]白川,张璇,王旭,等.可信软件非功能需求可满足性经济学方法分析[J].计算机工程与应用,2017,53(22):249-257.
[7]张璇,李彤,王旭,等.可信软件非功能需求形式化表示与可满足分析[J].软件学报,2015,26(10):2545-2566.
[8]TAKAHASHI T,KANNISTO J,HARJU J,et al.Expressing Security Requirements:Usability of Taxonomy-Based Requirement Identification Scheme[C]∥IEEE World Congress on Services.IEEE Computer Society,2014:121-128.
[9]徐戈,王厚峰.自然语言处理中主题模型的发展[J].计算机学报,2011,34(8):1423-1436.
[10]RANTOS K,MARKANTONAKIS K.Analysis of Potential Vulnerabilities in Payment Terminals[M]∥Secure Smart Embedded Devices,Platforms and Applications.Springer New York,2014:311-333.
[11]倪盛俭.汉语文本蕴涵识别研究[D].武汉:武汉大学,2013.
[12]李睿,曾俊瑀,周四望.基于局部标签树匹配的改进网页聚类算法[J].计算机应用,2010,30(3):818-820.
[13]周冬梅.基于演化算法的智能学习与优化方法的研究[D].无锡:江南大学,2015.
[14]伦向敏,侯一民.运用迭代最大熵算法选取最佳图像分割阈值[J].计算机工程与设计,2015,40(5):1265-1268.
[15]GOLIA S,SIMONETTO A.Treating ordinal data:a comparison between rating scale and structural equation models[J].Quality &Quantity,2015,49(3):903-915.

相关文章 15

[1]	周连兵, 周湘贞, 崔学荣. 基于双重二维混沌映射的压缩图像加密方案 Compressed Image Encryption Scheme Based on Dual Two Dimensional Chaotic Map 计算机科学, 2022, 49(8): 344-349. https://doi.org/10.11896/jsjkx.210700235
[2]	闫佳丹, 贾彩燕. 基于双图神经网络信息融合的文本分类方法 Text Classification Method Based on Information Fusion of Dual-graph Neural Network 计算机科学, 2022, 49(8): 230-236. https://doi.org/10.11896/jsjkx.210600042
[3]	侯钰涛, 阿布都克力木·阿布力孜, 哈里旦木·阿布都克里木. 中文预训练模型研究进展 Advances in Chinese Pre-training Models 计算机科学, 2022, 49(7): 148-163. https://doi.org/10.11896/jsjkx.211200018
[4]	李瑭, 秦小麟, 迟贺宇, 费珂. 面向多无人系统的安全协同模型 Secure Coordination Model for Multiple Unmanned Systems 计算机科学, 2022, 49(7): 332-339. https://doi.org/10.11896/jsjkx.210600107
[5]	李小伟, 舒辉, 光焱, 翟懿, 杨资集. 自然语言处理在简历分析中的应用研究综述 Survey of the Application of Natural Language Processing for Resume Analysis 计算机科学, 2022, 49(6A): 66-73. https://doi.org/10.11896/jsjkx.210600134
[6]	康雁, 吴志伟, 寇勇奇, 张兰, 谢思宇, 李浩. 融合Bert和图卷积的深度集成学习软件需求分类 Deep Integrated Learning Software Requirement Classification Fusing Bert and Graph Convolution 计算机科学, 2022, 49(6A): 150-158. https://doi.org/10.11896/jsjkx.210500065
[7]	张振超, 刘亚丽, 殷新春. 适用于物联网环境的无证书广义签密方案 New Certificateless Generalized Signcryption Scheme for Internet of Things Environment 计算机科学, 2022, 49(3): 329-337. https://doi.org/10.11896/jsjkx.201200256
[8]	张虎, 柏萍. 融入句子中远距离词语依赖的图卷积短文本分类方法 Graph Convolutional Networks with Long-distance Words Dependency in Sentences for Short Text Classification 计算机科学, 2022, 49(2): 279-284. https://doi.org/10.11896/jsjkx.201200062
[9]	陈志毅, 隋杰. 基于DeepFM和卷积神经网络的集成式多模态谣言检测方法 DeepFM and Convolutional Neural Networks Ensembles for Multimodal Rumor Detection 计算机科学, 2022, 49(1): 101-107. https://doi.org/10.11896/jsjkx.201200007
[10]	王立梅, 朱旭光, 汪德嘉, 张勇, 邢春晓. 基于深度学习的民事案件判决结果分类方法研究 Study on Judicial Data Classification Method Based on Natural Language Processing Technologies 计算机科学, 2021, 48(8): 80-85. https://doi.org/10.11896/jsjkx.210300130
[11]	陈海彪, 黄声勇, 蔡洁锐. 一个基于智能电网的跨层路由的信任评估协议 Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid 计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169
[12]	姜昊堃, 董学东, 张成. 改进的具有前向安全性的无证书代理盲签名方案 Improved Certificateless Proxy Blind Signature Scheme with Forward Security 计算机科学, 2021, 48(6A): 529-532. https://doi.org/10.11896/jsjkx.200700049
[13]	刘梦炀, 武利娟, 梁慧, 段旭磊, 刘尚卿, 高一波. 一种高精度LSTM-FC大气污染物浓度预测模型 A Kind of High-precision LSTM-FC Atmospheric Contaminant Concentrations Forecasting Model 计算机科学, 2021, 48(6A): 184-189. https://doi.org/10.11896/jsjkx.200600090
[14]	裴莹, 李天祥, 王鏖清, 付加胜, 韩霄松. 基于新闻的国际天然气价格趋势预测方法 Prediction Method of International Natural Gas Price Trends Based on News 计算机科学, 2021, 48(6A): 235-239. https://doi.org/10.11896/jsjkx.201000056
[15]	石铁柱, 钱俊彦, 潘海玉. 模糊安全性和活性 Fuzzy Safety and Liveness Properties 计算机科学, 2021, 48(4): 31-36. https://doi.org/10.11896/jsjkx.200500036

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed