Abstract
Network security policies contain requirements-including system and software features as well as expected and desired actions of human actors. In this paper, we present a framework for evaluation of textual network security policies as requirements documents to identify areas for improvement. Specifically, our framework concentrates on completeness. We use topic modeling coupled with expert evaluation to learn the complete list of important topics that should be addressed in a network security policy. Using these topics as a checklist, we evaluate (students) a collection of network security policies for completeness, i.e., the level of presence of these topics in the text. We developed three methods for topic recognition to identify missing or poorly addressed topics. We examine network security policies and report the results of our analysis: preliminary success of our approach.
Original language | English |
---|---|
Title of host publication | Proceedings - 7th International Workshop on Artificial Intelligence and Requirements Engineering, AIRE 2020 |
Pages | 83-86 |
Number of pages | 4 |
ISBN (Electronic) | 9781728183527 |
DOIs | |
State | Published - Sep 2020 |
Event | 7th International Workshop on Artificial Intelligence and Requirements Engineering, AIRE 2020 - Zurich, Switzerland Duration: Sep 1 2020 → … |
Publication series
Name | Proceedings - 7th International Workshop on Artificial Intelligence and Requirements Engineering, AIRE 2020 |
---|
Conference
Conference | 7th International Workshop on Artificial Intelligence and Requirements Engineering, AIRE 2020 |
---|---|
Country/Territory | Switzerland |
City | Zurich |
Period | 9/1/20 → … |
Bibliographical note
Publisher Copyright:© 2020 IEEE.
Keywords
- Requirements quality
- completeness
- empirical evaluation
- machine learning
- network security
ASJC Scopus subject areas
- Artificial Intelligence
- Software
- Safety, Risk, Reliability and Quality