在金融業,資訊法規遵循對企業資訊安全和客戶敏感資料的保護至關重要。然而,金融資訊安全法規的分類需耗費大量人力,為企業帶來沉重負擔。機器學習提供了一種快速且準確的分類解決方案,使法規能夠高效對應至 ISO 27001控制項目。此外,由於一條法規可能涉及多個不同項目,採用多標籤分類方法能夠更精準地對應法規內容。然而,多標籤分類面臨標註資料成本高昂、類別不平衡等挑戰,這也是法遵領域應用中的重要限制。 本研究透過傳統過採樣及欠採樣技術 (如 SMOTE、 IPF、 ADASYN)與 GPT-4o擴增方法來緩解類別不平衡問題,並比較傳統與預訓練語言模型的特徵提取效果。接著,使用多種機器學習分類器 (K-Nearest Neighbor、 XGBoost、 Logistic Regression、 Naive Baye、Support Vector Machine)進行效能評估。實驗結果顯示, GPT-4o的取樣方法能有效模擬 法規文本,並在分類表現上達到最佳效果。;Regulatory compliance in the financial industry is crucial for ensuring information security and protecting customers′ sensitive data. However, classifying financial information security regulations requires significant human resources, placing a heavy burden on enterprises. Machine learning offers a fast and accurate classification solution, enabling efficient mapping of regulations to ISO 27001 control items. Moreover, since a single regulation may correspond to multiple control items, multi-label classification provides a more precise categorization approach. However, multi-label classification faces challenges such as high annotation costs and class imbalance, which remain significant limitations in regulatory compliance applications. This study addresses these issues by leveraging traditional oversampling techniques and GPT-4o-based data augmentation to mitigate class imbalance. We compare feature extraction methods from both traditional and pretrained language models and evaluate classification performance using various machine learning classifiers. The experimental results demonstrate that GPT-4o’s sampling approach effectively simulates regulatory texts and achieves the highest classification performance.
