{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T17:50:43Z","timestamp":1769104243607,"version":"3.49.0"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030155377","type":"print"},{"value":"9783030155384","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-15538-4_1","type":"book-chapter","created":{"date-parts":[[2019,3,10]],"date-time":"2019-03-10T20:02:33Z","timestamp":1552248153000},"page":"3-20","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Decision Support for Security-Control Identification Using Machine Learning"],"prefix":"10.1007","author":[{"given":"Seifeddine","family":"Bettaieb","sequence":"first","affiliation":[]},{"given":"Seung Yeob","family":"Shin","sequence":"additional","affiliation":[]},{"given":"Mehrdad","family":"Sabetzadeh","sequence":"additional","affiliation":[]},{"given":"Lionel","family":"Briand","sequence":"additional","affiliation":[]},{"given":"Gr\u00e9gory","family":"Nou","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Garceau","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,3,8]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1145\/1007730.1007735","volume":"6","author":"GE Batista","year":"2004","unstructured":"Batista, G.E., et al.: A study of the behavior of several methods for balancingmachine learning training data. ACM SIGKDD Explor. Newslett. 6, 20\u201329 (2004)","journal-title":"ACM SIGKDD Explor. Newslett."},{"key":"1_CR2","volume-title":"Classification and Regression Trees","author":"L Breiman","year":"1984","unstructured":"Breiman, L., et al.: Classification and Regression Trees. Wadsworth International Group, Belmont (1984)"},{"issue":"4","key":"1_CR3","first-page":"436","volume":"52","author":"A Casamayor","year":"2010","unstructured":"Casamayor, A., et al.: Identification of non-functional requirements in textual specifications: a semi-supervised learning approach. IST 52(4), 436\u2013445 (2010)","journal-title":"IST"},{"key":"1_CR4","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla, N.V., et al.: SMOTE: synthetic minority over-sampling technique. JAIR 16, 321\u2013357 (2002)","journal-title":"JAIR"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Cohen, W.W.: Fast effective rule induction. In: ICML 1995 (1995)","DOI":"10.1016\/B978-1-55860-377-6.50023-2"},{"key":"1_CR6","volume-title":"Security Requirements Engineering: Designing Secure Socio-Technical Systems","author":"F Dalpiaz","year":"2016","unstructured":"Dalpiaz, F., Paja, E., Giorgini, P.: Security Requirements Engineering: Designing Secure Socio-Technical Systems. MIT Press, Cambridge (2016)"},{"key":"1_CR7","volume-title":"The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities","author":"M Dowd","year":"2006","unstructured":"Dowd, M., et al.: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Pearson Education, London (2006)"},{"key":"1_CR8","unstructured":"Elkan, C.: The foundations of cost-sensitive learning. In: IJCAI 2001 (2001)"},{"key":"1_CR9","unstructured":"Frank, E., Witten, I.H.: Generating accurate rule sets without global optimization. In: ICML 1998 (1998)"},{"key":"1_CR10","first-page":"6","volume":"2008","author":"S Furnell","year":"2008","unstructured":"Furnell, S.: End-user security culture: a lesson that will never be learnt? Comput. Fraud Secur. 2008, 6\u20139 (2008)","journal-title":"Comput. Fraud Secur."},{"key":"1_CR11","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M Hall","year":"2009","unstructured":"Hall, M., et al.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newslett. 11, 10\u201318 (2009)","journal-title":"ACM SIGKDD Explor. Newslett."},{"key":"1_CR12","unstructured":"Ionita, D., Wieringa, R.: Web-based collaborative security requirements elicitation. In: REFSQ Workshops (2016)"},{"key":"1_CR13","unstructured":"ISO\/IEC 27002:2005 Code of Practice for Information Security Controls. ISO Standard (2005)"},{"key":"1_CR14","unstructured":"ISO\/IEC 27000:2018 Information Security Management Systems. ISO Standard (2018)"},{"key":"1_CR15","unstructured":"John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: UAI 1995 (1995)"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Jufri, M.T., et al.: Risk-assessment based academic information system security policy using octave allegro and ISO 27002. In: ICIC 2017 (2017)","DOI":"10.1109\/IAC.2017.8280541"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Kurtanovi\u0107, Z., Maalej, W.: Mining user rationale from software reviews. In: RE 2017 (2017)","DOI":"10.1109\/RE.2017.86"},{"issue":"1","key":"1_CR18","doi-asserted-by":"crossref","first-page":"191","DOI":"10.2307\/2347628","volume":"41","author":"S Cessie le","year":"1992","unstructured":"le Cessie, S., van Houwelingen, J.C.: Ridge estimators in logistic regression. Appl. Stat. 41(1), 191\u2013201 (1992)","journal-title":"Appl. Stat."},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Li, T.: Identifying security requirements based on linguistic analysis and machine learning. In: APSEC 2017 (2017)","DOI":"10.1109\/APSEC.2017.45"},{"key":"1_CR20","unstructured":"Meier, J.D., et al.: Improving web application security: threats and countermeasures. Technical report, Microsoft (2012)"},{"issue":"11","key":"1_CR21","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1145\/319382.319388","volume":"42","author":"TM Mitchell","year":"1999","unstructured":"Mitchell, T.M.: Machine learning and data mining. Commun. ACM 42(11), 30 (1999)","journal-title":"Commun. ACM"},{"key":"1_CR22","unstructured":"Myagmar, S., et al.: Threat modeling as a basis for security requirements. In: SREIS 2005 (2005)"},{"issue":"4","key":"1_CR23","doi-asserted-by":"crossref","first-page":"049901","DOI":"10.1117\/1.2819119","volume":"16","author":"NM Nasrabadi","year":"2007","unstructured":"Nasrabadi, N.M.: Pattern recognition and machine learning. J. Electron. Imaging 16(4), 049901 (2007)","journal-title":"J. Electron. Imaging"},{"key":"1_CR24","unstructured":"NIST Special Publication 800\u201330: Guide for Conducting Risk Assessments. NIST Standard (2012)"},{"key":"1_CR25","unstructured":"OSA: Open Security Architecture. \n                      http:\/\/www.opensecurityarchitecture.org\n                      \n                    . Accessed Sep 2018"},{"issue":"1","key":"1_CR26","first-page":"81","volume":"1","author":"JR Quinlan","year":"1986","unstructured":"Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81\u2013106 (1986)","journal-title":"Mach. Learn."},{"key":"1_CR27","volume-title":"C4.5: Programs for Machine Learning","author":"R Quinlan","year":"1993","unstructured":"Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann, Burlington (1993)"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Rodeghero, P., et al.: Detecting user story information in developer-client conversations to generate extractive summaries. In: ICSE 2017 (2017)","DOI":"10.1109\/ICSE.2017.13"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Schmitt, C., Liggesmeyer, P.: A model for structuring and reusing security requirements sources and security requirements. In: REFSQ Workshops (2015)","DOI":"10.1109\/ESPRE.2015.7330164"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Sihwi, S.W., et al.: An expert system for risk assessment of information system security based on ISO 27002. In: ICKEA 2016 (2016)","DOI":"10.1109\/ICKEA.2016.7802992"},{"key":"1_CR31","first-page":"34","volume":"10","author":"G Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. REJ 10, 34\u201344 (2005)","journal-title":"REJ"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"T\u00fcrpe, S.: The trouble with security requirements. In: RE 2017 (2017)","DOI":"10.1109\/RE.2017.13"}],"container-title":["Lecture Notes in Computer Science","Requirements Engineering: Foundation for Software Quality"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-15538-4_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T08:36:49Z","timestamp":1558341409000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-15538-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030155377","9783030155384"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-15538-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"8 March 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"REFSQ","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Working Conference on Requirements Engineering: Foundation for Software Quality","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Essen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 March 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 March 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"refsq2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/refsq.org\/2019\/welcome\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}