Tackling the term-mismatch problem in automated trace retrieval

Software systems operating in any type of safety or security critical domains must comply with an increasingly large and complex set of regulatory standards. Compliance is partially demonstrated through establishing trace links between requirements and regulatory codes. Such links can be constructed manually or through semi-automated techniques in which the text in the regulatory code is used to formulate an information retrieval query. However, trace retrieval solutions are not effective when significant vocabulary mismatches exist between regulatory codes and product level requirements. This paper describes and compares three query augmentation techniques for addressing the term mismatch problem and improving the quality of trace links generated between regulatory codes and requirements. The first trains a classifier to replace the original query with terms learned from a training set of regulation-to-requirements trace links. The second, replaces the original query with terms learned through web-mining; and the third utilizes a domain ontology to augment query terms. The ontology is constructed manually using a guided approach that leverages existing traceability knowledge. All three techniques were evaluated against security regulations from the USA government's Health Insurance Privacy and Portability Act (HIPAA) traced against ten healthcare related requirements specifications. The classification approach returned the best results; however, improvements were observed with both the classification and ontology based solutions. The web-mining technique showed improvements in only a subset of queries. The three query augmentation techniques offer tradeoffs in terms of performance, cost and effort, and usage viability within a specific project context.