IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i1p15-d1559779.html
   My bibliography  Save this article

Explainable Security Requirements Classification Through Transformer Models

Author

Listed:
  • Luca Petrillo

    (Institute for Informatics and Telematics, National Research Council of Italy (CNR), 56124 Pisa, Italy
    IMT School for Advanced Studies Lucca, 55100 Lucca, Italy)

  • Fabio Martinelli

    (Institute for High Performance Computing and Networking, National Research Council of Italy (CNR), 87036 Rende, Italy)

  • Antonella Santone

    (Department of Medicine and Health Sciences “Vincenzo Tiberio”, University of Molise, 86100 Campobasso, Italy)

  • Francesco Mercaldo

    (Institute for Informatics and Telematics, National Research Council of Italy (CNR), 56124 Pisa, Italy
    Department of Medicine and Health Sciences “Vincenzo Tiberio”, University of Molise, 86100 Campobasso, Italy)

Abstract

Security and non-security requirements are two critical issues in software development. Classifying requirements is crucial as it aids in recalling security needs during the early stages of development, ultimately leading to enhanced security in the final software solution. However, it remains a challenging task to classify requirements into security and non-security categories automatically. In this work, we propose a novel method for automatically classifying software requirements using transformer models to address these challenges. In this work, we fine-tuned four pre-trained transformers using four datasets (the original one and the three augmented versions). In addition, we employ few-shot learning techniques by leveraging transfer learning models, explicitly utilizing pre-trained architectures. The study demonstrates that these models can effectively classify security requirements with reasonable accuracy, precision, recall, and F1-score, demonstrating that the fine-tuning and SetFit can help smaller models generalize, making them suitable for enhancing security processes in the Software Development Cycle. Finally, we introduced the explainability of fine-tuned models to elucidate how each model extracts and interprets critical information from input sequences through attention visualization heatmaps.

Suggested Citation

  • Luca Petrillo & Fabio Martinelli & Antonella Santone & Francesco Mercaldo, 2025. "Explainable Security Requirements Classification Through Transformer Models," Future Internet, MDPI, vol. 17(1), pages 1-27, January.
    • Handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:15-:d:1559779
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/17/1/15/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/17/1/15/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:15-:d:1559779. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.