TY - GEN
T1 - Automated Identification of Security-Relevant Configuration Settings Using NLP
AU - Stöckle, Patrick
AU - Wasserer, Theresa
AU - Grobauer, Bernd
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/9/19
Y1 - 2022/9/19
N2 - To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
AB - To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
KW - Hardening
KW - Natural Language Processing
KW - Security Configuration
UR - http://www.scopus.com/inward/record.url?scp=85146917162&partnerID=8YFLogxK
U2 - 10.1145/3551349.3559499
DO - 10.1145/3551349.3559499
M3 - Conference contribution
AN - SCOPUS:85146917162
T3 - ACM International Conference Proceeding Series
BT - 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022
A2 - Aehnelt, Mario
A2 - Kirste, Thomas
PB - Association for Computing Machinery
T2 - 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022
Y2 - 10 October 2022 through 14 October 2022
ER -