Future Internet (Jan 2025)

Explainable Security Requirements Classification Through Transformer Models

  • Luca Petrillo,
  • Fabio Martinelli,
  • Antonella Santone,
  • Francesco Mercaldo

DOI
https://doi.org/10.3390/fi17010015
Journal volume & issue
Vol. 17, no. 1
p. 15

Abstract

Read online

Security and non-security requirements are two critical issues in software development. Classifying requirements is crucial as it aids in recalling security needs during the early stages of development, ultimately leading to enhanced security in the final software solution. However, it remains a challenging task to classify requirements into security and non-security categories automatically. In this work, we propose a novel method for automatically classifying software requirements using transformer models to address these challenges. In this work, we fine-tuned four pre-trained transformers using four datasets (the original one and the three augmented versions). In addition, we employ few-shot learning techniques by leveraging transfer learning models, explicitly utilizing pre-trained architectures. The study demonstrates that these models can effectively classify security requirements with reasonable accuracy, precision, recall, and F1-score, demonstrating that the fine-tuning and SetFit can help smaller models generalize, making them suitable for enhancing security processes in the Software Development Cycle. Finally, we introduced the explainability of fine-tuned models to elucidate how each model extracts and interprets critical information from input sequences through attention visualization heatmaps.

Keywords