Cyber vulnerability intelligence for Internet of Things binary

Liu, Shigang, Dibaei, Mahdi, Tai, Yonghang, Chen, Chao, Zhang, Jun, and Xiang, Yang (2020) Cyber vulnerability intelligence for Internet of Things binary. IEEE Transactions on Industrial Informatics, 16 (3). pp. 2154-2163.

[img] PDF (Published Version) - Published Version
Restricted to Repository staff only

View at Publisher Website: https://doi-org.elibrary.jcu.edu.au/10.1...
 
1


Abstract

Internet of Things (IoT) integrates a variety of software (e.g., autonomous vehicles and military systems) in order to enable the advanced and intelligent services. These software increase the potential of cyber-attacks because an adversary can launch an attack using system vulnerabilities. Existing software vulnerability analysis methods used to be relying on human experts crafted features, which usually miss many vulnerabilities. It is important to develop an automatic vulnerability analysis system to improve the countermeasures. However, source code is not always available (e.g., most IoT related industry software are closed source). Therefore, vulnerability detection on binary code is a demanding task. This article addresses the automatic binary-level software vulnerability detection problem by proposing a deep learning-based approach. The proposed approach consists of two phases: binary function extraction, and model building. First, we extract binary functions from the cleaned binary instructions obtained by using IDA Pro. Then, we employ the attention mechanism on top of a bidirectional long short-term memory for building the predictive model. To show the effectiveness of the proposed approach, we have collected datasets from several different sources. We have compared our proposed approach with a series of baselines including source code-based techniques and binary code-based techniques. We have also applied the proposed approach to real-world IoT related software such as VLC media player and LibTIFF project that used on Autonomous Vehicles. Experimental results show that our proposed approach betters the baselines and is able to detect more vulnerabilities.

Item ID: 64431
Item Type: Article (Research - C1)
ISSN: 1941-0050
Keywords: binary code, deep learning, machine learning, software vulnerability
Copyright Information: © 2019 IEEE.
Date Deposited: 27 Sep 2020 19:41
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4612 Software engineering > 461207 Software quality, processes and metrics @ 100%
SEO Codes: 89 INFORMATION AND COMMUNICATION SERVICES > 8903 Information Services > 890399 Information Services not elsewhere classified @ 100%
Downloads: Total: 1
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page