Skip to main content
SpringerLink
Log in

The realist approach for evaluation of computational intelligence in software engineering

  • Original Article
  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

Secured software development must employ a security mindset across software engineering practices. Software security must be considered during the requirements phase so that it is included throughout the development phase. Do the requirements gathering team get the proper input from the technical team? This paper unearths some of the data sources buried within software development phases and describes the potential approaches to understand them. Concepts such as machine learning and deep learning are explored to understand the data sources and explore how these learnings can be provided to the requirements gathering team. This knowledge system will help bring objectivity in the conversations between the requirements gathering team and the customer's business team. A literature review is also done to secure requirements management and identify the possible gaps in providing future research direction to enhance our understanding. Feature engineering in the landscape of software development is explored to understand the data sources. Experts offer their insight on the root cause of the lack of security focus in requirements gathering practices. The core theme is statistical modeling of all the software artifacts that hold information related to the software development life cycle. Strengthening of some traditional methods like threat modeling is also a key area explored. Subjectivity involved in these approaches can be made more objective.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Othmane LB, Chehrazi G, Bodden E, Tsalovski P, Brucker AD (2016) Time for addressing software security issues: prediction models and impacting factors. Springer nature. Data Sci Eng 2:107–124

    Article  Google Scholar 

  2. Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker A, Miseldine P (2015) Factors impacting the effort required to x security vulnerabilities. In: Proceedings of information security conference (ISC 2015), Trondheim, Norway, pp 102–119

  3. Gray AR, MacDonell SG (1997) Comparison of techniques for developing predictive models of software metrics. Inf Softw Technol 39:425–437

    Article  Google Scholar 

  4. Wen J, Li S, Lin Z, Hu Y, Huang C (2012) Systematic literature review of machine learning based software development effort estimation models. Inf Softw Technol 54:41–59

    Article  Google Scholar 

  5. Zhang F, Khomh F, Zou Y, Hassan A (2012) An empirical study on factors impacting bug fixing time. In: 19th Researching conference on reverse engineering (WCRE), Kingston, Canada, pp 225–234

  6. Menzies T, Butcher A, Marcus A, Zimmermann T, Cok D (2011) Local versus global models for effort estimation and defect prediction. In: Proceedings of the 2011 26th IEEE/ACM international conference on automated software engineering. ASE '11, Washington, DC, pp 343–351

  7. Menzies T, Greenwald J, Frank A (2006) Data mining static code attributes to learn defect predictors. IEEE Trans Software Eng 33(1):2–13

    Article  Google Scholar 

  8. Hewett R, Kijsanayothin P (2009) On modeling software defect repair time. Empir Softw Eng 14(2):165

    Article  Google Scholar 

  9. Ben Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker AD, Miseldine P (2015) Factors impacting the effort required to fix security vulnerabilities. In: International conference on information security, Springer Cham, pp 102–119

  10. Bener A, Misirli A, Caglayan B, Kocaguneli E, Calikli G (2015) Lessons Learned from software analytics in practice. The art and science of analyzing software data, 1st edn. Elsevier, Waltham, pp 453–489

    Chapter  Google Scholar 

  11. Hamill M, Goseva-Popstojanova K (2014) Software faults fixing effort: analysis and prediction. Technical Report 20150001332, NASA Goddard Space Flight Center, Greenbelt, MD USA

  12. Menzies EKT, Mendes E (2015) Transfer learning in effort estimation, empirical software engineering. Empir Softw Eng 20:813–843

    Article  Google Scholar 

  13. Javier Lopez, Chris J. Mitchell (Eds.) (2015) Factors impacting the Effort required to fix security vulnerabilities an industrial case study. In: 18th international conference, ISC 2015 Trondheim, Norway, September 9–11, 2015 Proceedings

  14. Bener A, Misirli AT, Caglayan B, Kocaguneli E, Calikli G (2015) Lessons learned from software analytics in practice. Elsevier, The art and science of analyzing software data, pp 453–489

    Google Scholar 

  15. Misirli AT, Bener AB (2014) Bayesian networks for evidence-based decision-making in software engineering. IEEE Trans Software Eng 40(6):533–554

    Article  Google Scholar 

  16. Ghaffarian SM, Shahriari HR (2017) Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput Surv 50(4):1–36

    Article  Google Scholar 

  17. Shin Y, Williams L (2013) Can traditional fault prediction models be used for vulnerability prediction? Empir Softw Eng 18(1):25–59

    Article  Google Scholar 

  18. Shin Y, Williams L (2011) An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: Proceedings of the 7th international research shop on software engineering for secure systems (SESS'11). ACM, pp 1–7

  19. Bosu A, Carver JC, Hafiz M, Hilley P, Janni D (2014). Identifying the characteristics of vulnerable code changes: an empirical study. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering, pp 257–268

  20. Long F, Rinard M (2016) Automatic patch generation by learning correct code. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 298–312

  21. Yamaguchi F, Lottmann M, Rieck K (2012) Generalized vulnerability extrapolation using abstract syntax trees. In: Proceedings of the 28th annual computer security applications conference, pp 359–368

  22. Charu CA, Wang H (2010) A survey of clustering algorithms for graph data. In: Managing and mining graph data. Springer, pp 275–301

  23. Cheng H, Yan X, Han J (2014) Mining graph patterns. Frequent pattern mining. Springer, Cham, pp 307–338

    Google Scholar 

  24. Foggia P, Percannella G, Vento M (2014) Graph matching and learning in pattern recognition in the last 10 years. Int J Pattern Recognit Artif Intell 28(01):1450001

    Article  MathSciNet  Google Scholar 

  25. Peng H, Mou L, Li G, Liu Y, Zhang L, Jin Z (2015) Building program vector representations for deep learning. In: International conference on knowledge science, engineering and management, Springer, Cham, pp 547–553

  26. Younis A, Malaiya Y, Anderson C, Ray I. (2016) To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: Proceedings of the sixth ACM conference on data and application security and privacy, pp 97–104

  27. Shar LK, Briand LC, Tan HBK (2014) Web application vulnerability prediction using hybrid program analysis and machine learning. IEEE Trans Dependable Secure Comput 12(6):688–707

    Article  Google Scholar 

  28. Chorowski J (2012) Learning understandable classier models. Ph.D., Dissertation, University of Louisville. Codenomicon

  29. Freitas AA (2014) Comprehensible classification models: a position paper. ACM SIGKDD Explor Newsl 15(1):1–10

    Article  Google Scholar 

  30. Van Assche A, Blockeel H (2007) Seeing the forest through the trees: Learning a comprehensible model from an ensemble. European Conference on machine learning. Springer, Berlin, pp 418–429

    Google Scholar 

  31. Riaz M, King J, Slankas J, Williams L (2014) Hidden in plain sight: Automatically identifying security requirements from natural language artifacts. In: 2014 IEEE 22nd international requirements engineering conference (RE). IEEE, pp 183–192

  32. Thushan G (2018) Intuitive guide to latent Dirichlet allocation. https://towardsdatascience.com/light-on-math-machine-learning-intuitive-guide-to-latent-dirichlet-allocation-437c81220158. Accessed 10 Dec 2020

  33. Deb R, Roy S (2020) Dynamic vulnerability assessments of software-defined networks. Innov Syst Softw Eng 16:45–51. https://doi.org/10.1007/s11334-019-00337-3

    Article  Google Scholar 

  34. Kassab M, Mazzara M, Lee J et al (2018) Software architectural patterns in practice: an empirical study. Innov Syst Softw Eng 14:263–271. https://doi.org/10.1007/s11334-018-0319-4

    Article  Google Scholar 

  35. Althar RR, Samanta D (2020) Building Intelligent Integrated Development Environment for IoT in the Context of Statistical Modeling for Software Source Code. In: Kumar R, Sharma R, Pattnaik PK (eds) Multimedia technologies in the Internet of Things environment Studies in big data, vol 79. Springer, Singapore. https://doi.org/10.1007/978-981-15-7965-3-7

    Chapter  Google Scholar 

  36. Gomathy V, Padhy N, Samanta D et al (2020) Malicious node detection using heterogeneous cluster based secure routing protocol (HCBS) in wireless adhoc sensor net researches. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-01797-3

    Article  Google Scholar 

  37. Idani A, Ledru Y, Vega G (2020) Alliance of model-driven engineering with a proof-based formal approach. Innov Syst Softw Eng 16:289–307. https://doi.org/10.1007/s11334-020-00366-3

    Article  Google Scholar 

  38. Given-Wilson T, Jafri N, Legay A (2020) Combined software and hardware fault injection vulnerability detection. Innov Syst Softw Eng 16:101–120. https://doi.org/10.1007/s11334-020-00364-5

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Data Science Department, CHRIST (Deemed To Be University) and Specialist-QMS, American India Private Ltd, First, Bangalore, India

    Raghavendra Rao Althar

  2. Computer Science Department, CHRIST (Deemed To Be University), Bangalore, India

    Debabrata Samanta

Authors
  1. Raghavendra Rao Althar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debabrata Samanta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debabrata Samanta.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Althar, R.R., Samanta, D. The realist approach for evaluation of computational intelligence in software engineering. Innovations Syst Softw Eng 17, 17–27 (2021). https://doi.org/10.1007/s11334-020-00383-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11334-020-00383-2

Keywords

Search

Navigation