Automated Identification of Security-Relevant Configuration Settings Using NLP
Abstract
To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
- Publication:
-
arXiv e-prints
- Pub Date:
- September 2022
- DOI:
- 10.48550/arXiv.2209.08853
- arXiv:
- arXiv:2209.08853
- Bibcode:
- 2022arXiv220908853S
- Keywords:
-
- Computer Science - Cryptography and Security;
- Computer Science - Software Engineering
- E-Print:
- Peer-reviewed version accepted for publication in the Industry Showcase track at the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22), October 10--14, 2022, Rochester, MI, USA