Predicting sensitive information leakage in IoT applications using flows-aware machine learning approach

01/07/2022
by   Hajra Naeem, et al.
0

This paper presents an approach for identification of vulnerable IoT applications. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified by using taint flow analysis. Tainted flows vulnerability is very much impacted by the structure of the program and the order of the statements in the code, designing an approach to detect such vulnerability needs to take into consideration such information in order to provide precise results. In this paper, we propose and develop an approach, FlowsMiner, that mines features from the code related to program structure such as control statements and methods, in addition to program's statement order. FlowsMiner, generates features in the form of tainted flows. We developed, Flows2Vec, a tool that transform the features recovered by FlowsMiner into vectors, which are then used to aid the process of machine learning by providing a flow's aware model building process. The resulting model is capable of accurately classify applications as vulnerable if the vulnerability is exhibited by changes in the order of statements in source code. When compared to a base Bag of Words (BoW) approach, the experiments show that the proposed approach has improved the AUC of the prediction models for all algorithms and the best case for Corpus1 dataset is improved from 0.91 to 0.94 and for Corpus2 from 0.56 to 0.96

READ FULL TEXT
research
03/13/2023

VMCDL: Vulnerability Mining Based on Cascaded Deep Learning Under Source Control Flow

With the rapid development of the computer industry and computer softwar...
research
06/19/2021

Vulnerability Detection with Fine-grained Interpretations

Despite the successes of machine learning (ML) and deep learning (DL) ba...
research
09/20/2022

An Information-Theoretic and Contrastive Learning-based Approach for Identifying Code Statements Causing Software Vulnerability

Software vulnerabilities existing in a program or function of computer s...
research
09/30/2010

Mantis: Predicting System Performance through Program Analysis and Modeling

We present Mantis, a new framework that automatically predicts program p...
research
11/29/2022

DCDetector: An IoT terminal vulnerability mining system based on distributed deep ensemble learning under source code representation

Context: The IoT system infrastructure platform facility vulnerability a...
research
03/16/2022

On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models

Many studies have developed Machine Learning (ML) approaches to detect S...
research
02/07/2022

An Automated Approach for Privacy Leakage Identification in IoT Apps

This paper presents a fully automated static analysis approach and a too...

Please sign up or login with your details

Forgot password? Click here to reset