Automated Identification of Security-Relevant Configuration Settings Using NLP

Patrick Stöckle, Theresa Wasserer, Bernd Grobauer, Alexander Pretschner

To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.

Knowledge Graph

arrow_drop_up

Comments

Sign up or login to leave a comment