Skip to main content

Siavvas M, Xanthopoulou G, Kalouptsoglou I, Kehagias D, Tzovaras D. 2024. Digital Transformation of Security Standards: Requirements Extraction using Large Language Models. DSA 2024.

By October 28, 2024October 31st, 2024Publications
Download

Conference:
11th International Conference on Dependable Systems and Their Applications (DSA2024), 2-3. November 2024, Taicang, Suzhou, China

Authors:
Siavvas M, Xanthopoulou G, Kalouptsoglou I, Kehagias D, Tzovaras D.

Abstract:
Compliance with international security standards is essential for ensuring the security of information systems, and thereby their dependability and trustworthiness. Compliance evaluation is performed by experts who check whether critical security requirements (i.e., criteria), which have been extracted from standard documents, are met by the system. The extraction of security requirements from the standards documents is a tedious and labor-intensive task that is typically performed manually by experts. In order to facilitate the process, in the present paper we propose an approach utilizing Transformer-based models, specifically Large Language Models (LLMs), to automate the identification and extraction of these requirements, effectively transforming security standards into a comprehensive list of requirements. In particular, the proposed approach is based on fine-tuning pre-trained LLMs, including BERT, T5, and BART, on a domain-specific dataset constructed from real security standards in the downstream task of requirements identification and extraction. The capabilities of the approach are illustrated through representative examples.

Leave a Reply