To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
翻译:为了确保计算机基础设施的安全,我们需要配置所有与安全相关的环境。我们需要安全专家来识别与安全相关的环境,但这一过程耗时费钱。我们提议的解决方案使用最先进的自然语言处理方法,根据环境的描述将环境归类为与安全相关的。我们的评估表明,我们受过培训的分类人员的表现并不够好,无法取代人的安全专家,但可以帮助他们对环境进行分类。通过公布我们的标签数据集和我们经过培训的模式代码,我们想帮助安全专家分析配置设置,从而能够在这一领域开展进一步研究。