Security Document Generation for Common Criteria Using Machine Learning and Rule-based Expert System

Abstract

In the digital era, internet reliance has transformed daily life, potentially exposing security vulnerabilities. In addition, the proliferation of network devices has increased the risk of cyber-attacks, posing threats to individuals and organizations. This study develops a predictive system for Security Functional Requirements (SFRs) and Evaluation Assurance Level (EAL) using machine learning based on the ISO/IEC15408 Common Criteria for Information Technology Security Certification (EUCC), a global ICT product evaluation framework. Utilizing an XML parser, ElementTree, the research focuses on the Common Criteria as the security target and analyzes two datasets: SFRs and EAL. The decision tree algorithm yields an EAL prediction model with 100% accuracy. A random forest algorithm generates an SFR prediction model with 65% accuracy. The lower accuracy is attributed to diverse device specifications. An Expert system manages multiple cases to predict the EAL level. The study also produces a Security Target document with EAL and SFRs predictions, facilitated by a PySide6-developed user interface that integrates the prediction system. This research significantly enhances ICT security, providing a robust tool for improving ICT product security and offering valuable insights for manufacturers and developers through the high accuracy of the EAL prediction model and comprehensive analysis of the SFR dataset