Standard-compliant security requirement assessment with attention-based models
摘要
As the complexity of software increases, it is increasingly difficult to ensure that the security requirements are fully met. Manual evaluation is still common, but slow, prone to errors, and often fails to align with international standards. The primary focus of the study is on three key Common Criteria (CC) classes, FIA, FTP, and FCO, and introduces automated methods to evaluate the completeness of requirements using neural networks and attention mechanisms. The models were trained on two standard-aligned datasets, SecReq (CPN) and IoT-A. Among the trained models, BERT achieved the highest accuracy (96% in IoT-A and 85% in SecReq). The results show that transformer-based models effectively automate and improve the accuracy and scaling of security requirement assessments and offer a promising step towards more standards-based and intelligent security technology.