Fine-Tuning Bert-Based Transformers for Detecting Security Requirements

Abstract

ContextThe identification of security requirements in the early phases of system development ensures integrating necessary aspects into the IT network infrastructure and saving time and costs in the software development life cycle.AimsIn this work, we explore the impact of transformer language models on the task of detecting security-related requirements from text documents.MethodThe proposed approach adopts recent Natural Language Processing techniques for implementing sentence-level classifications of security requirements. We leverage three different BERT-based transformers, each combined with a sentence classification model, to determine whether a requirement is security-related. Our proposal is evaluated using three datasets of specificationsfromdifferentindustrydomains,andconsideringpredictionmodelstrained and validated on requirements of the same dataset (i.e., intra-domain) and of different datasets (i.e., inter-domain).ResultsThe analysis reveals that our approach achieves high performances with all the considered models. The best model outperforms existing approaches with F1-score improved of about 8% for intra-domain experiments (0.95 vs. 0.88) and of about 11% for inter-domain experiments (0.70 vs. 0.63).ConclusionThe results of our study should inspire software engineering researchers and practitioners to consider opportunities to automate security detection in the early stages of the software development process by taking advantage of recent transformer-based models.