[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1109/ESEM.2017.25acmconferencesArticle/Chapter ViewAbstractPublication PagesesemConference Proceedingsconference-collections
research-article

An ontology-based approach to automate tagging of software artifacts

Published: 09 November 2017 Publication History

Abstract

Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify cybersecurity knowledge captured in unstructured text found in software artifacts.

References

[1]
R. Jagarlamudi, Jagadeesh and Daum III, Hal and Udupa, "Incorporating lexical priors into topic models," in Proceedings of the 13th Conference of the European Chapter of the Association for Computational Linguistics, 2012, pp. 204--213.
[2]
M. I. Blei, David M and Ng, Andrew Y and Jordan, "Latent dirichlet allocation," J. Mach. Learn. Res., vol. 3, pp. 993--1022, 2003.
[3]
S. S. Alqahtani, E. E. Eghan, and J. Rilling, "SV-AF --- A Security Vulnerability Analysis Framework," in 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), 2016, pp. 219--229.
[4]
T. Berners-Lee, J. Hendler, and O. Lassila, "The Semantic Web," Sci. Am., vol. 284, no. 5, pp. 34--43, May 2001.
[5]
T. R. Gruber, "A translation approach to portable ontology specifications," Knowl. Acquis., vol. 5, no. 2, pp. 199--220, Jun. 1993.
[6]
M. Uschold and M. Gruninger, "Ontologies: principles, methods and applications," Knowl. Eng. Rev., vol. 11, no. 2, p. 93, Jun. 1996.
[7]
O. Corcho, M. Fernández-López, and A. Gómez-Pérez, "Ontological Engineering: Principles, Methods, Tools and Languages," in Ontologies for Software Engineering and Software Technology, Springer Berlin Heidelberg, 2006, pp. 1--48.
[8]
F. Ruiz and J. R. Hilera, "Using Ontologies in Software Engineering and Technology," in Ontologies for Software Engineering and Software Technology, Springer Berlin Heidelberg, 2006, pp. 49--102.
[9]
F. Baader, I. Horrocks, and U. Sattler, "Description Logics as Ontology Languages for the Semantic Web," in Mechanizing Mathematical Reasoning, 2005, pp. 228--248.
[10]
B. Decker, J. Rech, E. Ras, B. Klein, and C. Hoecht, "Selforganized Reuse of Software Engineering Knowledge Supported by Semantic Wikis," in Proceedings of the Workshop on Semantic Web Enabled Software Engineering (SWESE), 2005, p. 76.
[11]
Y. Zhang, J. Rilling, and V. Haarslev, "An Ontology-based Approach to Software Comprehension - Reasoning about Security Concerns," in Computer Software and Applications Conference, 2006. COMPSAC'06. 30th Annual International, 2006, pp. 333--342.
[12]
B. Wouters, D. Deridder, and E. Van Paesschen, "The use of ontologies as a backbone for use case management," in European Conference on Object-Oriented Programming (ECOOP 2000), Workshop: Objects and Classifications, a natural convergence, 2000.
[13]
U. Nonnenmann and J. K. Eddy, "KITSS-a functional software testing system using a hybrid domain model," in Proceedings Eighth Conference on Artificial Intelligence for Applications, pp. 136--142.
[14]
A. Ankolekar, K. Sycara, J. Herbsleb, R. Kraut, and C. Welty, "Supporting online problem-solving communities with the semantic web," Proc. 15th Int. Conf. World Wide Web - WWW '06, p. 575, 2006.
[15]
G. Schermann, M. Brandtner, S. Panichella, P. Leitner, and H. Gall, "Discovering Loners and Phantoms in Commit and Issue Data," in 2015 IEEE 23rd International Conference on Program Comprehension, 2015, pp. 4--14.
[16]
G. Sidorov, A. Gelbukh, H. Gómez-Adorno, and D. Pinto, "Soft Similarity and Soft Cosine Measure: Similarity of Features in Vector Space Model," Comput. y Sist., vol. 18, no. 3, Sep. 2014.
[17]
B. Triggs, "Autocalibration and the absolute quadric," in Proceedings of IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 1997, pp. 609--614.
[18]
NIST, "National Vulnerability Database," 2007. {Online}. Available: http://web.nvd.nist.gov/view/vuln/search. {Accessed: 15-Dec-2014}.
[19]
P. Bandharangshi, "Third Party Libraries: the Swiss Cheese of App Security," Info Security, 2014.
[20]
S. S. Alqahtani, E. E. Eghan, and J. Rilling, "SE-GPS," 2015. {Online}. Available: http://aseg.cs.concordia.ca/segps. {Accessed: 26-Sep-2015}.

Cited By

View all
  • (2021)Towards a Human Values Dashboard for Software DevelopmentProceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1145/3475716.3475770(1-12)Online publication date: 11-Oct-2021

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
ESEM '17: Proceedings of the 11th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement
November 2017
481 pages
ISBN:9781509040391

Sponsors

Publisher

IEEE Press

Publication History

Published: 09 November 2017

Check for updates

Author Tags

  1. automated security concern classification
  2. bug reports
  3. tagging
  4. topic modeling

Qualifiers

  • Research-article

Conference

ESEM '17
Sponsor:

Acceptance Rates

Overall Acceptance Rate 130 of 594 submissions, 22%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2021)Towards a Human Values Dashboard for Software DevelopmentProceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1145/3475716.3475770(1-12)Online publication date: 11-Oct-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media