Paper Info
Title
Semantic Learning Based Cross-Platform Binary Vulnerability Search For IoT Devices
Abstract
The rapid development of Internet of Things (IoT) has triggered more security requirements than ever, especially in detecting vulnerabilities in various IoT devices. The widely used clone-based vulnerability search methods are effective on source code; however, their performance is limited in IoT binary search. In this article, we present IoTSeeker, a function semantic learning based vulnerability search approach for cross-platform IoT binary. First, we construct the function semantic graph to capture both the data flow and control flow information and encode lightweight semantic features of each basic block within the semantic graph as numerical vectors. Then, the embedding vector of the whole binary function is generated by feeding the numerical vectors of basic blocks to our customized semantics aware neural network model. Finally, the cosine distance of two embedding vectors is calculated to determine whether a binary function contains a known vulnerability. The experiments show that IoTSeeker outperforms the state-of-the-art approaches for identifying cross-platform IoT binary vulnerabilities. For example, compared to Gemini, IoTSeeker finds 12.68% more vulnerabilities in the top-50 candidates, and improves the value of AUC for 8.23%.
Year
DOI
Venue
2021
10.1109/TII.2019.2947432
IEEE Transactions on Industrial Informatics
Keywords
DocType
Volume
Cross-platform binary,function semantic learning,Internet of Things (IoT) devices,neural network,vulnerability search
Journal
17
Issue
ISSN
Citations 
2
1551-3203
4
PageRank 
References 
Authors
0.41
10
6
Name
Order
Citations
PageRank
Jian Gao13412.13
Xin Yang2152.67
Yu Jiang334656.49
Houbing Song41771172.26
Kim-Kwang Raymond Choo54103362.49
Jia-guang Sun61807134.30