Static vulnerability mining of IoT devices based on control flow graph construction and graph embedding network

Yuan Cheng, Baojiang Cui, Chen Chen, Thar Baker, Tao Qi

Research output: Contribution to journalArticlepeer-review

Abstract

Automatic static vulnerability analysis for IoT devices is always an important and challenging research problem. Traditional vulnerability finding methods are primarily based on manually built structures, which have limitations in accuracy and lack consideration of environmental information. In this paper, we propose a new approach that generates an ACFG (attributed control flow graph) that combines ambient information with binary code information, which aims to discover vulnerabilities from binaries deeply and accurately. The graph is then transformed by a graph-embedding algorithm and analyzed by a deep neural network. This approach has scalability on IoT devices when cross-architecture and cross-system binaries are considered. Ambient information makes this model able to detect environment-aware vulnerabilities. Experiment shows that this method has outperformed the state-of-the-art methods in terms of accuracy, efficiency, and scalability, with an average accuracy of over 80% on real-world vulnerability datasets.

Original languageEnglish
Pages (from-to)267-275
Number of pages9
JournalComputer Communications
Volume197
DOIs
Publication statusPublished - 2 Nov 2022

Keywords

  • Ambient information
  • Binary analysis
  • Firmware vulnerability
  • Graph embedding network
  • Graph encoding
  • Internet of Things
  • IoT security
  • Software vulnerability

Cite this