An Application to Recommend Attack Patterns Using LDA and LSA
Uriah Moore, Senior, Computer Science
Xiaohong Yuan, Computer Science, North Carolina Agricultural and Technical State University
One thing software developers must keep in mind when they are developing a project is the different ways this project can be exploited. Considering this in the development process would lead to minimal security issues when releasing the final product. Through using Common Attack Pattern Enumeration and Classification (CAPEC), software developers can see different attack patterns that can be used to exploit their software. We have developed a system that recommends the most relevant CAPEC attack patterns based on the Software Requirements Specification (SRS) document. This is accomplished using topic modeling, which extracts topics from the attack patterns and extracts topics from the system description, use cases, user classes, functional requirements that can be found in the SRS documents. The distance measure of each attack pattern topic distribution and each SRS topic distribution is then calculated by using cosine similarity. We are currently developing a web-based GUI which would allow users to choose the methods used for topic modeling, the number of topics for the topic modeling algorithms, and upload an SRS document. The user will then be shown a bar graph showing the relationship between CAPEC IDs and the cosine similarity scores pertaining to the SRS document and a table detailing the CAPEC IDs, the cosine similarity scores, the severity of the CAPEC ID, the prerequisite for the CAPEC ID, and a description of the CAPEC ID.
Moore, Uriah, "An Application to Recommend Attack Patterns Using LDA and LSA" (2023). Undergraduate Research and Creative Inquiry Symposia. 333.