Novel supply chain vulnerability detection based on heterogeneous-graph-driven hash similarity in IoT
被引:0
作者:
Ye, Guodong
论文数: 0引用数: 0
h-index: 0
机构:
Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R ChinaLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Ye, Guodong
[1
]
Liu, Xin
论文数: 0引用数: 0
h-index: 0
机构:
Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R ChinaLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Liu, Xin
[1
]
Fan, Siqi
论文数: 0引用数: 0
h-index: 0
机构:
Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R ChinaLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Fan, Siqi
[1
]
Tan, Yuan
论文数: 0引用数: 0
h-index: 0
机构:
Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R ChinaLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Tan, Yuan
[1
]
Zhou, Qingguo
论文数: 0引用数: 0
h-index: 0
机构:
Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R ChinaLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Zhou, Qingguo
[1
]
Zhou, Rui
论文数: 0引用数: 0
h-index: 0
机构:
Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R ChinaLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Zhou, Rui
[1
]
Zhou, Xiaokang
论文数: 0引用数: 0
h-index: 0
机构:
Shiga Univ, Fac Data Sci, Hikone 5220069, Japan
RIKEN Ctr Adv Intelligence Project, Tokyo 3510198, JapanLanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
Zhou, Xiaokang
[2
,3
]
机构:
[1] Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
[2] Shiga Univ, Fac Data Sci, Hikone 5220069, Japan
[3] RIKEN Ctr Adv Intelligence Project, Tokyo 3510198, Japan
来源:
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE
|
2023年
/
148卷
Supply chain vulnerability (SCV) exists in third-party components (operating systems, basic libraries, etc.). These vulnerabilities do not exist in code written by ordinary developers, who unknowingly introduce them due to the use of third-party components, resulting in the software they developed being affected by these vulnerabilities. Compared with traditional devices, IoT devices have various architectures, and the security issues introduced by code reuse are prominent. This paper proposes PhG-vNet, an effective and efficient SCV detection approach for IoT devices based on heterogeneous -graph-driven hash similarity. PhG-vNet uses customized graph embedding to feature the pseudo-code and uses the heterogeneous graph neural network to extract the graph structure to binary hash em-beddings. Then, PhG-vNet detects SCVs based on self-designed bit similarity with Bayesian weighted. Experiments show that PhG-vNet does not need expensive hardware requirements and has impressive low overhead and acceptable detection performance.& COPY; 2023 Elsevier B.V. All rights reserved.