TY - GEN
T1 - Mining Learner-friendly Security Patterns from Huge Published Histories of Software Applications for an Intelligent Tutoring System in Secure Coding
AU - Imtiaz, Sayem Mohammad
AU - Sultana, Kazi Zakia
AU - Varde, Aparna S.
N1 - Funding Information:
ACKNOWLEDGMENTS Dr. Aparna Varde is supported by the NSF grants MRI: Acquisition of a High-Performance GPU Cluster for Research and Education (Award Number 2018575), and MRI: Acquisition of a Multimodal Collaborative Robot System (MCROS) to Support Cross-Disciplinary Human-Centered Research and Education (Award Number 2117308). Dr. Kazi Zakia Sultana has support from the NSF grant REU Site: Enhancing Undergraduate Research Experiences in Cyber-security and Privacy-Enhanced Technologies Award Number 2050548. Sayem Mohammad Imtiaz is working as a Research Assistant in the Laboratory for Software Design under the supervision of Dr. Hridesh Rajan at Iowa State University.
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Security patterns are proven solutions to recurring problems in software development. The growing importance of secure software development has introduced diverse research efforts on security patterns that mostly focused on classification schemes, evolution and evaluation of the patterns. Despite a huge mature history of research and popularity among researchers, security patterns have not fully penetrated software development practices. Besides, software security education has not been benefited by these patterns though a commonly stated motivation is the dissemination of expert knowledge and experience. This is because the patterns lack a simple embodiment to help students learn about vulnerable code, and to guide new developers on secure coding. In order to address this problem, we propose to conduct intelligent data mining in the context of software engineering to discover learner-friendly software security patterns. Our proposed model entails knowledge discovery from large scale published real-world vulnerability histories in software applications. We harness association rule mining for frequent pattern discovery to mine easily comprehensible and explainable learner-friendly rules, mainly of the type flaw implies fix and attack type implies flaw, so as to enhance training in secure coding which in turn would augment secure software development. We propose to build a learner-friendly intelligent tutoring system (ITS) based on the newly discovered security patterns and rules explored. We present our proposed model based on association rule mining in secure software development with the goal of building this ITS. Our proposed model and prototype experiments are discussed in this paper along with challenges and ongoing work.
AB - Security patterns are proven solutions to recurring problems in software development. The growing importance of secure software development has introduced diverse research efforts on security patterns that mostly focused on classification schemes, evolution and evaluation of the patterns. Despite a huge mature history of research and popularity among researchers, security patterns have not fully penetrated software development practices. Besides, software security education has not been benefited by these patterns though a commonly stated motivation is the dissemination of expert knowledge and experience. This is because the patterns lack a simple embodiment to help students learn about vulnerable code, and to guide new developers on secure coding. In order to address this problem, we propose to conduct intelligent data mining in the context of software engineering to discover learner-friendly software security patterns. Our proposed model entails knowledge discovery from large scale published real-world vulnerability histories in software applications. We harness association rule mining for frequent pattern discovery to mine easily comprehensible and explainable learner-friendly rules, mainly of the type flaw implies fix and attack type implies flaw, so as to enhance training in secure coding which in turn would augment secure software development. We propose to build a learner-friendly intelligent tutoring system (ITS) based on the newly discovered security patterns and rules explored. We present our proposed model based on association rule mining in secure software development with the goal of building this ITS. Our proposed model and prototype experiments are discussed in this paper along with challenges and ongoing work.
KW - Association Rules
KW - Big Data in Software Engineering
KW - Comprehensibility
KW - Explainable Knowledege
KW - Intelligent Tutoring Systems
KW - Security
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85125296105&partnerID=8YFLogxK
U2 - 10.1109/BigData52589.2021.9671757
DO - 10.1109/BigData52589.2021.9671757
M3 - Conference contribution
AN - SCOPUS:85125296105
T3 - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021
SP - 4869
EP - 4876
BT - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021
A2 - Chen, Yixin
A2 - Ludwig, Heiko
A2 - Tu, Yicheng
A2 - Fayyad, Usama
A2 - Zhu, Xingquan
A2 - Hu, Xiaohua Tony
A2 - Byna, Suren
A2 - Liu, Xiong
A2 - Zhang, Jianping
A2 - Pan, Shirui
A2 - Papalexakis, Vagelis
A2 - Wang, Jianwu
A2 - Cuzzocrea, Alfredo
A2 - Ordonez, Carlos
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE International Conference on Big Data, Big Data 2021
Y2 - 15 December 2021 through 18 December 2021
ER -