Security on Software Life Cycle using Intrusion Detection System

In software development process, many engineering disciplines rely on engineering failure data to improve their designs. We expect that security analysts can use this approach to document and identify commonly occurring attack patterns and that the information system designer and analysts can use these patterns to develop more survivable information systems. A formal approach to security in the software life cycle is essential to protect corporate resources. Software security has been treated as an afterthought leading to a cycle of software development. Due to its criticality, security should be integrated as a formal approach in the software life cycle. It includes the critical areas of requirements analysis and specification, design and code issues, and maintenance and decommissioning of software and systems. We propose an attack detection method based on clustering technique that provide network intrusion detection systems to identify attacks with a high detection rate and a low false alarm rate in analysis and design phase of the software development life cycle. We critically focus on the analysis of security and classification of attack pattern for the software life cycle