An Improved Hybrid Deep Learning Approach for Security Requirements Classification  

作　　者：Shoaib Hassan QianmuLi Muhammad Zubair Rakan AAlsowail Muhammad Umair 

机构地区：[1]School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing,210094,China [2]Faculty of Information Technology and Computer Science,University of Central Punjab,Lahore,5400,Pakistan [3]Computer Skills,Self-Development Skills Development,Deanship of Common First Year,King Saud University,Riyadh,11362,Saudia Arabia

出　　处：《Computers, Materials & Continua》2025年第3期4041-4067,共27页计算机、材料和连续体(英文)

基　　金：The authors of this study extend their appreciation to the Researchers Supporting Project number(RSPD2025R544),King Saud University,Riyadh,Saudia Arabia.

摘　　要：As the trend to use the latestmachine learning models to automate requirements engineering processes continues,security requirements classification is tuning into the most researched field in the software engineering community.Previous literature studies have proposed numerousmodels for the classification of security requirements.However,adopting those models is constrained due to the lack of essential datasets permitting the repetition and generalization of studies employing more advanced machine learning algorithms.Moreover,most of the researchers focus only on the classification of requirements with security keywords.They did not consider other nonfunctional requirements(NFR)directly or indirectly related to security.This has been identified as a significant research gap in security requirements engineering.The major objective of this study is to propose a security requirements classification model that categorizes security and other relevant security requirements.We use PROMISE_exp and DOSSPRE,the two most commonly used datasets in the software engineering community.The proposed methodology consists of two steps.In the first step,we analyze all the nonfunctional requirements and their relation with security requirements.We found 10 NFRs that have a strong relationship with security requirements.In the second step,we categorize those NFRs in the security requirements category.Our proposedmethodology is a hybridmodel based on the ConvolutionalNeural Network(CNN)and Extreme Gradient Boosting(XGBoost)models.Moreover,we evaluate the model by updating the requirement type column with a binary classification column in the dataset to classify the requirements into security and non-security categories.The performance is evaluated using four metrics:recall,precision,accuracy,and F1 Score with 20 and 28 epochs number and batch size of 32 for PROMISE_exp and DOSSPRE datasets and achieved 87.3%and 85.3%accuracy,respectively.The proposed study shows an enhancement in metrics values compared to the previous literature studi

关 键 词：Requirements engineering security requirements deep learning CNN XGBoost CLASSIFICATION 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]