IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications-Reference-Cited by-同舟云学术

IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications

Published:2024-05-09 Issue:4 Volume:23 Page:2677-2690
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Bhandari Guru Prasad,Assres Gebremariam,Gavric Nikola,Shalaginov Andrii,Grønli Tor-Morten

Abstract

AbstractThe proliferation of the Internet of Things (IoT) paradigm has ushered in a new era of connectivity and convenience. Consequently, rapid IoT expansion has introduced unprecedented security challenges , among which source code vulnerabilities present a significant risk. Recently, machine learning (ML) has been increasingly used to detect source code vulnerabilities. However, there has been a lack of attention to IoT-specific frameworks regarding both tools and datasets. This paper addresses potential source code vulnerabilities in some of the most commonly used IoT frameworks. Hence, we introduce IoTvulCode - a novel framework consisting of a dataset-generating tool and ML-enabled methods for detecting source code vulnerabilities and weaknesses as well as the initial release of an IoT vulnerability dataset. Our framework contributes to improving the existing coding practices, leading to a more secure IoT infrastructure. Additionally, IoTvulCode provides a solid basis for the IoT research community to further explore the topic.

Funder

Kristiania University College

Publisher

Springer Science and Business Media LLC

Link

https://link.springer.com/content/pdf/10.1007/s10207-024-00848-6.pdf

Reference39 articles.

1. Akula, B.S.: Vulnerability Management in DevSecOps.(2023) https://dzone.com/articles/vulnerability-management-in-devsecops

2. Al-Boghdady, A., El-Ramly, M., Wassif, K.: iDetect for vulnerability detection in internet of things operating systems using machine learning. Sci. Rep. 12(1), 17086 (2022). https://doi.org/10.1038/s41598-022-21325-x

3. Alnaeli, S.M., Sarnowski, M., Aman, M.S., Abdelgawad, A., Yelamarthi, K.: Source code vulnerabilities in IoT software systems. Adv. Sci. Technol. Eng. Syst. J. 2(3), 1502–1507 (2017). https://doi.org/10.25046/aj0203188

4. Bhandari, G., Lyth, A., Shalaginov, A., Grønli, T.M.: Distributed deep neural-network-based middleware for cyber-attacks detection in smart IoT Ecosystem: a novel framework and performance evaluation approach. Electronics 12(2), 298 (2023). https://doi.org/10.3390/electronics12020298

5. Bhandari, G., Naseer, A., Moonen, L.: CVEfixes: automated collection of vulnerabilities and their fixes from open-source software. In: Proceedings of the 17th international conference on predictive models and data analytics in software engineering, PROMISE 2021, pp. 30–39. Association for Computing Machinery, New York, NY, USA (2021). https://doi.org/10.1145/3475960.3475985