Metric Recommender System and the use of Natural Language Processing

This whitepaper provides an overview of the Metric Recommender system, which has been designed and implemented in the framework of the EU MEDINA project. This document highlights its role as a crucial component of the Cloud Security Certification Language toolchain and describes how Natural Language Processing (NLP) techniques are exploited to reach the scope. 

The MEDINA project aims to establish a framework for continuous audit-based certification of Cloud Service Providers (CSPs) based on cybersecurity certification schemes. The Metric Recommender plays a pivotal role in automatically associating metrics with security requirements.

This report initially introduces the motivations behind the realisation of this system. Then, it presents the architecture and workflow of the Metric Recommender, explains its role in the MEDINA project, and discusses the data and features it utilizes. Furthermore, the document outlines the proposed solution, focusing on the k-dimensional tree approach, and discusses the performance indicators used to evaluate its effectiveness. Initial validation results, visual analysis, and performance metrics are also provided, demonstrating the system's capability to efficiently recommend metrics for security requirements.