Title | Identifying Vulnerable IoT Applications Using Deep Learning |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Naeem, Hajra, Alalfi, Manar H. |
Conference Name | 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER) |
Keywords | codes, composability, Deep Learning, Metrics, Predictive models, pubcrawl, Software algorithms, taint analysis, Tools, Training, Transforms |
Abstract | This paper presents an approach for the identification of vulnerable IoT applications using deep learning algorithms. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified using taint flow analysis. First, we analyze the source code of IoT apps in order to recover tokens along their frequencies and tainted flows. Second, we develop, Token2Vec, which transforms the source code tokens into vectors. We have also developed Flow2Vec, which transforms the identified tainted flows into vectors. Third, we use the recovered vectors to train a deep learning algorithm to build a model for the identification of tainted apps. We have evaluated the approach on two datasets and the experiments show that the proposed approach of combining tainted flows features with the base benchmark that uses token frequencies only, has improved the accuracy of the prediction models from 77.78% to 92.59% for Corpus1 and 61.11% to 87.03% for Corpus2. |
DOI | 10.1109/SANER48275.2020.9054817 |
Citation Key | naeem_identifying_2020 |