Automated Identification of Security-Relevant Configuration Settings Using NLP

Patrick Stöckle, Theresa Wasserer, Bernd Grobauer, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.

Original languageEnglish
Title of host publication37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022
EditorsMario Aehnelt, Thomas Kirste
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450396240
DOIs
StatePublished - 19 Sep 2022
Event37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022 - Rochester, United States
Duration: 10 Oct 202214 Oct 2022

Publication series

NameACM International Conference Proceeding Series

Conference

Conference37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022
Country/TerritoryUnited States
CityRochester
Period10/10/2214/10/22

Keywords

  • Hardening
  • Natural Language Processing
  • Security Configuration

Fingerprint

Dive into the research topics of 'Automated Identification of Security-Relevant Configuration Settings Using NLP'. Together they form a unique fingerprint.

Cite this