Automating the Assessment of Japanese Cyber-Security Technical Assessment Requirements Using Large Language Models

Kento Hasegawa; Yuka Ikegami; Seira Hidano; Kazuhide Fukushima; Kazuo Hashimoto; Nozomu Togawa

doi:10.5220/0013345300003944

Automating the Assessment of Japanese Cyber-Security Technical Assessment Requirements Using Large Language Models

Kento Hasegawa, Yuka Ikegami, Seira Hidano, Kazuhide Fukushima, Kazuo Hashimoto, Nozomu Togawa

2025

Abstract

Several countries, including the U.S. and European nations, are implementing security assessment programs for IoT devices. Reducing human effort in security assessment has great importance in terms of increasing the efficiency of the assessment process. In this paper, we propose a method of automating the conformance assessment of security requirements based on Japanese program called JC-STAR. The proposed method performs document analysis and device testing. In document analysis, the use of rewrite-retrieve-read and chain of thought within retrieval-augmented generation (RAG) increases the assessment accuracy for documents that have limited detailed descriptions related to security requirements. In device testing, conformance with security requirements is assessed by applying tools and interpreting the results with a large language model. The experimental results show that the proposed method assesses conformance with security requirements with an accuracy of 95% in the best case.

Download

Paper Citation

in Harvard Style

Hasegawa K., Ikegami Y., Hidano S., Fukushima K., Hashimoto K. and Togawa N. (2025). Automating the Assessment of Japanese Cyber-Security Technical Assessment Requirements Using Large Language Models. In Proceedings of the 10th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS; ISBN 978-989-758-750-4, SciTePress, pages 305-312. DOI: 10.5220/0013345300003944

in Bibtex Style

@conference{iotbds25,
author={Kento Hasegawa and Yuka Ikegami and Seira Hidano and Kazuhide Fukushima and Kazuo Hashimoto and Nozomu Togawa},
title={Automating the Assessment of Japanese Cyber-Security Technical Assessment Requirements Using Large Language Models},
booktitle={Proceedings of the 10th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS},
year={2025},
pages={305-312},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013345300003944},
isbn={978-989-758-750-4},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS
TI - Automating the Assessment of Japanese Cyber-Security Technical Assessment Requirements Using Large Language Models
SN - 978-989-758-750-4
AU - Hasegawa K.
AU - Ikegami Y.
AU - Hidano S.
AU - Fukushima K.
AU - Hashimoto K.
AU - Togawa N.
PY - 2025
SP - 305
EP - 312
DO - 10.5220/0013345300003944
PB - SciTePress