A deep learning based static taint analysis approach for IoT software vulnerability location. (February 2020)
- Record Type:
- Journal Article
- Title:
- A deep learning based static taint analysis approach for IoT software vulnerability location. (February 2020)
- Main Title:
- A deep learning based static taint analysis approach for IoT software vulnerability location
- Authors:
- Niu, Weina
Zhang, Xiaosong
Du, Xiaojiang
Zhao, Lingyuan
Cao, Rong
Guizani, Mohsen - Abstract:
- Graphical abstract: Highlights: Three taint selection principles are proposed to determine the original taints. The taint weight calculation method is put forward to select final taint with high weight. The deep learning-based IoT software vulnerability location system is developed. The effectiveness of our developed system is evaluated using the Code Gadget Database. Abstract: Computer system vulnerabilities, computer viruses, and cyber attacks are rooted in software vulnerabilities. Reducing software defects, improving software reliability and security are urgent problems in the development of software. The core content is the discovery and location of software vulnerability. However, traditional human experts-based approaches are labor-consuming and time-consuming. Thus, some automatic detection approaches are proposed to solve the problem. But, they have a high false negative rate. In this paper, a deep learning based static taint analysis approach is proposed to automatically locate Internet of Things (IoT) software vulnerability, which can relieve tedious manual analysis and improve detection accuracy. Deep learning is used to detect vulnerability since it considers the program context. Firstly, the taint from the difference file between the source program and its patched program selection rules are designed. Secondly, the taint propagation paths are got using static taint analysis. Finally, the detection model based on two-stage Bidirectional Long Short Term MemoryGraphical abstract: Highlights: Three taint selection principles are proposed to determine the original taints. The taint weight calculation method is put forward to select final taint with high weight. The deep learning-based IoT software vulnerability location system is developed. The effectiveness of our developed system is evaluated using the Code Gadget Database. Abstract: Computer system vulnerabilities, computer viruses, and cyber attacks are rooted in software vulnerabilities. Reducing software defects, improving software reliability and security are urgent problems in the development of software. The core content is the discovery and location of software vulnerability. However, traditional human experts-based approaches are labor-consuming and time-consuming. Thus, some automatic detection approaches are proposed to solve the problem. But, they have a high false negative rate. In this paper, a deep learning based static taint analysis approach is proposed to automatically locate Internet of Things (IoT) software vulnerability, which can relieve tedious manual analysis and improve detection accuracy. Deep learning is used to detect vulnerability since it considers the program context. Firstly, the taint from the difference file between the source program and its patched program selection rules are designed. Secondly, the taint propagation paths are got using static taint analysis. Finally, the detection model based on two-stage Bidirectional Long Short Term Memory (BLSTM) is applied to discover and locate software vulnerabilities. The Code Gadget Database is used to evaluate the proposed approach, which includes two types of vulnerabilities in C/C++ programs, buffer error vulnerability (CWE-119) and resource management error vulnerability (CWE-399). Experimental results show that our proposed approach can achieve an accuracy of 0.9732 for CWE-119 and 0.9721 for CWE-399, which is higher than that of the other three models (the accuracy of RNN, LSTM, and BLSTM is under than 0.97) and achieve a lower false negative rate and false positive rate than the other approaches. … (more)
- Is Part Of:
- Measurement. Volume 152(2020)
- Journal:
- Measurement
- Issue:
- Volume 152(2020)
- Issue Display:
- Volume 152, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 152
- Issue:
- 2020
- Issue Sort Value:
- 2020-0152-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-02
- Subjects:
- IoT software vulnerability location -- Deep learning -- Software patching -- Static taint analysis
00-01 -- 99-00
Weights and measures -- Periodicals
Measurement -- Periodicals
Measurement
Weights and measures
Periodicals
530.8 - Journal URLs:
- http://www.sciencedirect.com/science/journal/02632241 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.measurement.2019.107139 ↗
- Languages:
- English
- ISSNs:
- 0263-2241
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5413.544700
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 12656.xml