New security challenges follow from the growing complexity of today’s software systems. Security Requirements (SRs) have many characteristics that make their identification during the requirements analysis phase a labor-intensive and time consuming task. Previous work had focused on the reuse of documented experience for the purpose of automatically capturing security and security related requirements. However, the achieved results were inaccurate due to the duplicated SRs which have been discovered in the proposed dataset. Also, the obtained classification results were restricted to one training approach (i.e. Cross Validation) using the Naïve Bayes classifier. Most of the previous literature treats each requirement specification as vector of terms. However, in requirements classification, the challenges arise from the nature of text which is contains data sparseness and involves semantics. This research aims to conducts an empirical study using ontology, wordNet and machine learning algorithms to classify SRs automatically and to overcome previous work’s shortcomings. Based on our research findings, we will develop new classification model for SRs and suggest potential future research activities.
DAAD, 2015-2016