| With the development of information technology,the problem of software security has become the focus of all walks of life.Therefore,the elicitation of high quality security requirements is a critical success factor in software development.However,modeling and analysis of security requirements is still challenging tasks for Software Engineering,especially in large development projects.The current methods of obtaining security requirements are based on the Common Criteria Standard(CC)and different analysis for different software,which is too technical for non-security specialists.Based on existing Security Target(ST)documents,this paper proposes a co-occurrence recommendation model for security threats and security requirements for automatically recommending security requirements based on security threats during the software development requirements phase.This paper extracts product-related security threat descriptions from known ST documents and labels the required security requirements.After that,this paper employ skip-thoughts model to calculate semantic similarity between different security threat and update the weight for the same security requirements between different products according to the similarity to build a Co-occurrence Model(Co RM)of security requirements and security threats.Finally,development a security recommendation strategy based on the mapping between software security threats and security requirements.Over 1000 Security Target documents of software products are exploited to train and test Co-occurrence Recommend Model.The experimental results show that the correct rate of safety requirements is stable for different types of products.This paper applies semantic clustering in natural language processing technology to the security requirements recommendation of requirements engineering.The proposed method reduces the difficulty of security requirement analysis to a certain extent and increases the accuracy of security requirement recommendation. |
PDF Full Text Request