Static vulnerability mining of IoT devices based on control flow graph construction and graph embedding network

Automatic static vulnerability analysis for IoT devices is always an important and challenging research problem. Traditional vulnerability finding methods are primarily based on manually built structures, which have limitations in accuracy and lack consideration of environmental information. In this paper, we propose a new approach that generates an ACFG (attributed control flow graph) that combines ambient information with binary code information, which aims to discover vulnerabilities from binaries deeply and accurately. The graph is then transformed by a graph-embedding algorithm and analyzed by a deep neural network. This approach has scalability on IoT devices when cross-architecture and cross-system binaries are considered. Ambient information makes this model able to detect environment-aware vulnerabilities. Experiment shows that this method has outperformed the state-of-the-art methods in terms of accuracy, efficiency, and scalability, with an average accuracy of over 80% on real-world vulnerability datasets.