Novel supply chain vulnerability detection based on heterogeneous-graph-driven hash similarity in IoT

被引：0

作者：

Ye, Guodong ^{[1
]}

Liu, Xin ^{[1
]}

Fan, Siqi ^{[1
]}

Tan, Yuan ^{[1
]}

Zhou, Qingguo ^{[1
]}

Zhou, Rui ^{[1
]}

Zhou, Xiaokang ^{[2
,3
]}

机构：

[1] Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China

[2] Shiga Univ, Fac Data Sci, Hikone 5220069, Japan

[3] RIKEN Ctr Adv Intelligence Project, Tokyo 3510198, Japan

来源：

FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2023年 / 148卷

关键词：

Binary code similarity; Supply chain vulnerability; Heterogeneous graph; Vulnerability detection;

D O I：

10.1016/j.future.2023.06.006

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Supply chain vulnerability (SCV) exists in third-party components (operating systems, basic libraries, etc.). These vulnerabilities do not exist in code written by ordinary developers, who unknowingly introduce them due to the use of third-party components, resulting in the software they developed being affected by these vulnerabilities. Compared with traditional devices, IoT devices have various architectures, and the security issues introduced by code reuse are prominent. This paper proposes PhG-vNet, an effective and efficient SCV detection approach for IoT devices based on heterogeneous -graph-driven hash similarity. PhG-vNet uses customized graph embedding to feature the pseudo-code and uses the heterogeneous graph neural network to extract the graph structure to binary hash em-beddings. Then, PhG-vNet detects SCVs based on self-designed bit similarity with Bayesian weighted. Experiments show that PhG-vNet does not need expensive hardware requirements and has impressive low overhead and acceptable detection performance.& COPY; 2023 Elsevier B.V. All rights reserved.

引用

页码：201 / 210

页数：10

共 52 条

[1] Alam T., 2018, CSEIT1835111- Received, V10, P450, DOI [DOI 10.36227/TECHRXIV.12657158.V1, 10.36227/techrxiv.12657158.v1]
[2] Allen Frances E., 1970, ACM SIGPLAN NOTICES, V5, P1, DOI DOI 10.1145/390013.808479
[3] Bourquin M., 2013, P 2 ACM SIGPLAN PROG, P1, DOI [DOI 10.1145/2430553.2430557, 10.1145/2430553.2430557]
[4] Geometric Deep Learning Going beyond Euclidean data
Bronstein, Michael M.
Bruna, Joan
LeCun, Yann
Szlam, Arthur
Vandergheynst, Pierre
[J]. IEEE SIGNAL PROCESSING MAGAZINE, 2017, 34 (04) : 18 - 42
[5] Bruna J, 2014, Arxiv, DOI arXiv:1312.6203
[6] Cancho RFI, 2004, PHYS REV E, V70, DOI 10.1103/PhysRevE.70.056135
[7] BinGo: Cross-Architecture Cross-OS Binary Search
Chandramohan, Mahinthan
Xue, Yinxing
Xu, Zhengzi
Liu, Yang
Cho, Chia Yuan
Kuan, Tan Hee Beng
[J]. FSE'16: PROCEEDINGS OF THE 2016 24TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON FOUNDATIONS OF SOFTWARE ENGINEERING, 2016, : 678 - 689
[8] Chen JF, 2018, Arxiv, DOI arXiv:1710.10568
[9] Dai HJ, 2016, PR MACH LEARN RES, V48
[10] David Y, 2014, ACM SIGPLAN NOTICES, V49, P349, DOI [10.1145/2666356.2594343, 10.1145/2594291.2594343]

← 1 2 3 4 5 6 →