Mining Learner-friendly Security Patterns from Huge Published Histories of Software Applications for an Intelligent Tutoring System in Secure Coding.
Sayem Mohammad Imtiaz,Kazi Zakia Sultana,Aparna S. Varde +2 more
TL;DR: This study proposes an intelligent tutoring system for secure coding, leveraging association rule mining to discover learner-friendly security patterns from large-scale published vulnerability histories, enhancing training in secure software development.
read more
Abstract: Security patterns are proven solutions to recurring problems in software development. The growing importance of secure software development has introduced diverse research efforts on security patterns that mostly focused on classification schemes, evolution and evaluation of the patterns. Despite a huge mature history of research and popularity among researchers, security patterns have not fully penetrated software development practices. Besides, software security education has not been benefited by these patterns though a commonly stated motivation is the dissemination of expert knowledge and experience. This is because the patterns lack a simple embodiment to help students learn about vulnerable code, and to guide new developers on secure coding. In order to address this problem, we propose to conduct intelligent data mining in the context of software engineering to discover learner-friendly software security patterns. Our proposed model entails knowledge discovery from large scale published real-world vulnerability histories in software applications. We harness association rule mining for frequent pattern discovery to mine easily comprehensible and explainable learner-friendly rules, mainly of the type "flaw implies fix" and "attack type implies flaw", so as to enhance training in secure coding which in turn would augment secure software development. We propose to build a learner-friendly intelligent tutoring system (ITS) based on the newly discovered security patterns and rules explored. We present our proposed model based on association rule mining in secure software development with the goal of building this ITS. Our proposed model and prototype experiments are discussed in this paper along with challenges and ongoing work.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
References
Data-Driven Hint Generation in Vast Solution Spaces: a Self-Improving Python Programming Tutor
TL;DR: The results show that ITAP is capable of producing hints for almost any given state after being given only a single reference solution, and that it can improve its performance by collecting data over time.
A survey on security patterns
TL;DR: A survey of approaches to security patterns is provided and as a result of classifying these approaches, a direction for the integration and future research topics is illustrated.
220
Organizing Security Patterns
TL;DR: In this article, the authors proposed a method for retrofitting existing systems to introduce security and reliability on the Internet by replacing the old ways of ensuring software systems' security and reliable reliability.
131
Deep gesture interaction for augmented anatomy learning
TL;DR: It is shown that neural networks can be combined with augmented reality as a rising field, and the great potential of augmented reality and neural networks to be employed for medical learning and education systems is shown.
91
Study on emission and performance of diesel engine using castor biodiesel.
TL;DR: In this paper, the results of investigations carried out in studying the emission and performance of diesel engine using the castor biodiesel and its blend with diesel from 0% to 40% by volume.