在當代數位時代，資訊與通訊技術(Information and Communication Technologies，ICT)的普及已成為日常生活上不可或缺的部分。隨著人們的生活方式伴隨著大量的網路設備，包括軟體、硬體和韌體，增加了網路攻擊和濫用個人資料的機率，使個人和組織面臨重大的安全風險。為了解決這個問題，本研究進行了一項研究，開發一套用於預測安全功能需求(Security Functional Requirements，SFRs)和評估保證級別(Evaluation Assurance Level，EAL)的預測系統，該系統使用機器學習技術。該研究為基於ISO/IEC共同標準，即資訊科技安全認證的共同標準 (Common Criteria-based European Cybersecurity Certification Scheme，EUCC)國際框架，提供了評估和認證ICT產品的指導方針。
本研究將共同標準作為安全目標，使用一種XML解析器，即ElementTree，來解析XML數據。研究中分析了兩個資料集：一個與SFRs相關，另一個為EAL相關。SFR資料集包含300條條目，具有如設備類型和SFRs等屬性。EAL資料集包含1069條條目，其中包括保證級別、安全需求、產品複雜性、設備類型和EAL等級等屬性。研究中使用隨機森林算法創建了EAL和SFR預測模型，此兩模型的性能分析結果，EAL的準確率達到了100%，而SFRs的準確率為65%。SFR模型較低的準確率可以歸因於每種設備的資料不一致，這是由於不同製造商的需求和要求不同，以及資料集較小所致。
為了處理多種情況的變異性並預測EAL等級，本研究也建立了專家系統，實現了一個具有額外功能（如EAL和SFRs預測）的安全目標文件的生成。此設計係使用PySide6開發，允許將文檔生成為.docx文件。開發的預測系統和生成安全目標文檔的用戶界面可提高ICT產品的安全性，並提供了一個強大而實用的工具。此外，EAL預測模型的高準確性和SFR資料集的分析可為製造商和開發商提供了寶貴的產品安全參考。
在當代數位時代，資訊與通訊技術(Information and Communication Technologies，ICT)的普及已成為日常生活上不可或缺的部分。隨著人們的生活方式伴隨著大量的網路設備，包括軟體、硬體和韌體，增加了網路攻擊和濫用個人資料的機率，使個人和組織面臨重大的安全風險。為了解決這個問題，本研究進行了一項研究，開發一套用於預測安全功能需求(Security Functional Requirements，SFRs)和評估保證級別(Evaluation Assurance Level，EAL)的預測系統，該系統使用機器學習技術。該研究為基於ISO/IEC共同標準，即資訊科技安全認證的共同標準 (Common Criteria-based European Cybersecurity Certification Scheme，EUCC)國際框架，提供了評估和認證ICT產品的指導方針。
本研究將共同標準作為安全目標，使用一種XML解析器，即ElementTree，來解析XML數據。研究中分析了兩個資料集：一個與SFRs相關，另一個為EAL相關。SFR資料集包含300條條目，具有如設備類型和SFRs等屬性。EAL資料集包含1069條條目，其中包括保證級別、安全需求、產品複雜性、設備類型和EAL等級等屬性。研究中使用隨機森林算法創建了EAL和SFR預測模型，此兩模型的性能分析結果，EAL的準確率達到了100%，而SFRs的準確率為65%。SFR模型較低的準確率可以歸因於每種設備的資料不一致，這是由於不同製造商的需求和要求不同，以及資料集較小所致。
為了處理多種情況的變異性並預測EAL等級，本研究也建立了專家系統，實現了一個具有額外功能（如EAL和SFRs預測）的安全目標文件的生成。此設計係使用PySide6開發，允許將文檔生成為.docx文件。開發的預測系統和生成安全目標文檔的用戶界面可提高ICT產品的安全性，並提供了一個強大而實用的工具。此外，EAL預測模型的高準確性和SFR資料集的分析可為製造商和開發商提供了寶貴的產品安全參考。

In the contemporary digital age, the proliferation of Information and Communication Technologies (ICT) has become an integral part of daily lives. Online lifestyle also exposes individuals and organizations to significant security risks. The large number of network devices available, including software, hardware, and firmware, has increased the potential for cyber-attacks and the misuse of personal data.
A study has been conducted to develop and implement a prediction system for Security Functional Requirements (SFRs) and Evaluation Assurance Level (EAL) using machine learning techniques to address this issue. The study is based on the ISO/IEC Common Criteria for Information Technology Security Certification (EUCC), an international framework that provides guidelines for evaluating and certifying ICT products.
The study focuses on the Common Criteria as the security target, using an XML parser, ElementTree, for parsing XML data. Two datasets were analyzed: one for SFRs and another for EAL. The SFR dataset comprises 300 entries, with attributes such as device type and SFRs. The EAL dataset contains 1069 entries, with attributes including Assurance Level, Security Requirements, Product Complexity, Device Type, and EAL Level.
A random forest algorithm was used to create an EAL and SFR prediction model, demonstrating remarkable performance with 100% accuracy for the EAL and 65% for SFRs. The lower accuracy of the SFR model can be attributed to inconsistent data for each device due to the varying needs and requirements of different manufacturers and a small dataset size.
To handle multiple cases of variety and predict the EAL level, an Expert system was utilized. The study also implements the generation of a Security Target document with additional features such as EAL and SFRs prediction. This process is facilitated by a user interface developed using PySide6, allowing for the generation of the document as a .docx file.
The developed prediction system and the user interface for generating a Security Target document provide a robust and practical tool for enhancing the security of ICT products. In addition, the EAL prediction model's high accuracy and the SFR dataset's comprehensive analysis provide valuable insights for manufacturers and developers.

[1] a. Privalov, v. Lukicheva, i. Kotenko, and i. Saenko, increasing the sensitivity of the method of early detection of cyber-attacks in telecommunication networks based on traffic analysis by extreme filtering, energies (basel), vol. 13, no. 11, jun. 2020.
[2] n. Sun, h. Chan, b. Dung le, m. Islam, l. Zhang, and w. Armstrong, defining security requirements with the common criteria: applications, adoptions, and challenges, ieee access, vol. 10, pp. 4475644777, 2022.
[3] a. Stamou, p. Pantazopoulos, s. Haddad, and a. Amditis, enabling efficient common criteria security evaluation for connected vehicles, proceedings of the 2021 ieee international conference on cyber security and resilience, pp. 234240, jul. 2021.
[4] european union agency for cybersecurity (enisa), eucc, a candidate cybersecurity certification scheme to serve as a successor to the existing sog-is, europa,. Available: https: //www. Enisa. Europa. Eu/topics/standards/adhoc_wg_calls/ahwg01/ahwg01_members, may 2021.
[5] a. Bialas, vulnerability assessment of sensor systems, sensors, vol. 19, no. 11, jun. 2019.
[6] d. Bao, y. Goto, and j. Cheng, a supporting tool for it system security specification evaluation based on iso/iec 15408 and iso/iec 18045, lecture notes in computer science, springer verlag, pp. 314, 2019.
[7] d. Bao, w. Sun, y. Goto, and j. Cheng, development of supporting environment for it system security evaluation based on iso/iec 15408 and iso/iec 18045, 2018 proceedings of ieee smartworld, ubiquitous intelligence & computing, advanced & trusted computing, scalable computing & communications, cloud & big data computing, internet of people and smart city innovation, oct. 2018
[8] j. -l. Chen, j-c hsu, c. Ahmadi, b. T. Atmaja, c-c lin, s-h wang and s-y lin, development of security target for router based on enisa common criteria framework, 2023 25th international conference on advanced communication technology (icact), ieee, pp. 117121, feb. 2023.
[9] collaborative protection profile for network devices collaborative protection profile for network devices collaborative protection profile for network devices, 2020.
[10] o. Mbaabu, introduction to random forest in machine learning, https: //www. Section. Io/engineering-education/introduction-to-random-forest-in-machine-learning/, 2022.
[11] t. Sam, entropy: how decision trees make decisions, https: //towardsdatascience. Com/entropy-how-decision-trees-make-decisions-2946b9c18c8, 2019.
[12] n. N. Qomariyah, e. Heriyanni, a. N. Fajar and d. Kazakov, "comparative analysis of decision tree algorithm for learning ordinal data expressed as pairwise comparisons, " 2020 8th international conference on information and communication technology (icoict), yogyakarta, indonesia, pp. 1-4, 2020.
[13] kandimalla gopi, goli sushma, and srinivasa rao vallepu, classification of large documents using machine learning techniques, international journal of engineering technology and management sciences, vol. 6, no. 5, pp. 898904, sep. 2022.
[14] t. Senthil kumar, data mining based marketing decision support system using hybrid machine learning algorithm, journal of artificial intelligence and capsule networks, vol. 2, no. 3, pp. 185193, aug 2020.
[15] y. Manzali, m. Chahhou, and m. El mohajir, classification algorithm using branches importance neural process lett, vol. 54, no. 2, pp. 891907, apr. 2022.
[16] s. K. Sharma, n. K. Sharma, and p. P. Potter, fusion approach for document classification using random forest and svm, proceedings of the 2020 9th international conference on system modeling and advancement in research trends, smart 2020, pp. 231234, dec. 2020.
[17] y. Li, h. Zhao, and x. Zhang, research on fines of dangerous driving crime based on random forest and deep learning, proceedings of 2021 international symposium on computer science and intelligent controls, iscsic 2021, pp. 24224, 2021.
[18] x. Wu, application of rule-based expert system in atc simulator evaluation system, proceedings of the - 2020 international conference on virtual reality and intelligent systems, pp. 226229, jul. 2020.
[19] g. Aguilera-venegas, e. Roanes-lozano, g. Rojo-martinez, and j. L. Galan-garcia, a proposal of a mixed diagnostic system based on decision trees and probabilistic experts rules, journal of computational and applied mathematics, vol. 427, aug. 2023.
[20] r. N. E. Anggraini, n. F. Ariyani, a. F. Septiyanto, r. Sarno, z. D. Meilani, and t. Soendoro, a decision tree knowledge-based system for reviewing research ethics protocol, proceedings of the - ieee international conference on communication, networks and satellite, pp. 5055, 2022.
[21] f. Agnerdahl erdem garip richard lovgren johan svard lukas linden thoming isaac westerman, developing software for commercial battery analytics spring 2023, civilingenjorsprogrammeti informationsteknologi master programme in computer and information engineering, 2023.
[22] j. Holm and m. Gustavsson, xml parsers - a comparative study with respect to adaptability, dissertation, 2018.
[23] zhu ruisha and zhao linjun, research and application of face mask detection algorithm based on yolov4-tiny, academic journal of computing & information science, vol. 5, no. 1, 2022.
[24] mastersindatascience, decision tree, https: //www. Mastersindatascience. Org/learning/machine-learning-algorithms/decision-tree/, 2023.
[25] k. K. Dutta, s. A. Sunny, a. Victor, a. G. Nathu, m. Ayman habib, and d. Parashar, kannada alphabets recognition using decision tree and random forest models, proceedings of the 3rd international conference on intelligent sustainable systems, pp. 534541, dec. 2020.
[26] s. Raja and e. Fokoue, multi-stage fault warning for large electric grids using anomaly detection and machine learning, mar. 2019