Loading...
Please wait, while we are loading the content...
Similar Documents
Which faults are security faults
| Content Provider | Semantic Scholar |
|---|---|
| Author | Gegick, Michael Williams, Laurie Rotella, Pete |
| Copyright Year | 2009 |
| Abstract | The subtleties associated with security faults can sometimes be missed by developers and testers. When developers encounter a fault and are unaware of the security implications, they are less likely to report it as a security fault to a security team. Security engineers may know the best remediation for a security fault and have the authority to elevate the priority of that fault. Limited resources (e.g., budget, person-hours) preclude a security team from examining all faults in a database to identify which faults are securityrelated. Therefore, an automated means to identify which faults in a fault database are security faults can improve the security assurance of the software. We used SAS Enterprise Miner to automate the textual analysis of fault reports of a Cisco software system in a fault database. We created a predictive model based on a neural network that takes as input the textual description of a fault report and assigns a probability that the fault is security-related. Preliminary results indicate that the model correctly predicted 91.4% of the system’s security faults. We applied the model to three other different Cisco software systems and showed that 67% of the security faults were correctly predicted to be security-related. The results indicate that the model is very effective for the system that it was trained on, and is moderately effective for other systems; it may require training on security faults specific to other systems to achieve similar performance. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | https://repository.lib.ncsu.edu/bitstream/handle/1840.4/4082/TR-2009-3.pdf?isAllowed=y&sequence=1 |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
