TY - GEN
T1 - Automating the Assessment of Japanese Cyber-Security Technical Assessment Requirements Using Large Language Models
AU - Hasegawa, Kento
AU - Ikegami, Yuka
AU - Hidano, Seira
AU - Fukushima, Kazuhide
AU - Hashimoto, Kazuo
AU - Togawa, Nozomu
N1 - Publisher Copyright:
Copyright © 2025 by SCITEPRESS - Science and Technology Publications, Lda.
PY - 2025
Y1 - 2025
N2 - Several countries, including the U.S. and European nations, are implementing security assessment programs for IoT devices. Reducing human effort in security assessment has great importance in terms of increasing the efficiency of the assessment process. In this paper, we propose a method of automating the conformance assessment of security requirements based on Japanese program called JC-STAR. The proposed method performs document analysis and device testing. In document analysis, the use of rewrite-retrieve-read and chain of thought within retrieval-augmented generation (RAG) increases the assessment accuracy for documents that have limited detailed descriptions related to security requirements. In device testing, conformance with security requirements is assessed by applying tools and interpreting the results with a large language model. The experimental results show that the proposed method assesses conformance with security requirements with an accuracy of 95% in the best case.
AB - Several countries, including the U.S. and European nations, are implementing security assessment programs for IoT devices. Reducing human effort in security assessment has great importance in terms of increasing the efficiency of the assessment process. In this paper, we propose a method of automating the conformance assessment of security requirements based on Japanese program called JC-STAR. The proposed method performs document analysis and device testing. In document analysis, the use of rewrite-retrieve-read and chain of thought within retrieval-augmented generation (RAG) increases the assessment accuracy for documents that have limited detailed descriptions related to security requirements. In device testing, conformance with security requirements is assessed by applying tools and interpreting the results with a large language model. The experimental results show that the proposed method assesses conformance with security requirements with an accuracy of 95% in the best case.
KW - Internet of Things
KW - JC-STAR
KW - Large Language Models
KW - Retrieval-Augmented Generation
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=105003723039&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=105003723039&partnerID=8YFLogxK
U2 - 10.5220/0013345300003944
DO - 10.5220/0013345300003944
M3 - Conference contribution
AN - SCOPUS:105003723039
T3 - International Conference on Internet of Things, Big Data and Security, IoTBDS - Proceedings
SP - 305
EP - 312
BT - Proceedings of the 10th International Conference on Internet of Things, Big Data and Security, IoTBDS 2025
A2 - Emrouznejad, Ali
A2 - Hung, Patrick
A2 - Jacobsson, Andreas
PB - Science and Technology Publications, Lda
T2 - 10th International Conference on Internet of Things, Big Data and Security, IoTBDS 2025
Y2 - 6 April 2025 through 8 April 2025
ER -