Classification of Security Checklist Items based on Machine Learning to Manage Security Checklists Efficiently

Abstract

NIST in the United States has developed SCAP, a protocol that enables automated inspection and management of security vulnerability using existing standards such as CVE and CPE. SCAP operates by creating a checklist using the XCCDF and OVAL languages and running the prepared checklist with the SCAP tool such as the SCAP Workbench made by OpenSCAP to return the check result. SCAP checklist files for various operating systems are shared through the NCP community, and the checklist files include ID, title, description, and inspection method for each item. However, since the inspection items are simply listed in the order in which they are written, so it is necessary to classify and manage the items by type so that the security manager can systematically manage them using the SCAP checklist file. In this study, we propose a method of extracting the description of each inspection item from the SCAP checklist file written in OVAL language, classifying the categories through a machine learning model, and outputting the SCAP check results for each classified item.