Novel supply chain vulnerability detection based on heterogeneous-graph-driven hash similarity in IoT

被引:0
作者
Ye, Guodong [1 ]
Liu, Xin [1 ]
Fan, Siqi [1 ]
Tan, Yuan [1 ]
Zhou, Qingguo [1 ]
Zhou, Rui [1 ]
Zhou, Xiaokang [2 ,3 ]
机构
[1] Lanzhou Univ, Sch Informat Sci & Engn, Lanzhou 730000, Peoples R China
[2] Shiga Univ, Fac Data Sci, Hikone 5220069, Japan
[3] RIKEN Ctr Adv Intelligence Project, Tokyo 3510198, Japan
来源
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2023年 / 148卷
关键词
Binary code similarity; Supply chain vulnerability; Heterogeneous graph; Vulnerability detection;
D O I
10.1016/j.future.2023.06.006
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Supply chain vulnerability (SCV) exists in third-party components (operating systems, basic libraries, etc.). These vulnerabilities do not exist in code written by ordinary developers, who unknowingly introduce them due to the use of third-party components, resulting in the software they developed being affected by these vulnerabilities. Compared with traditional devices, IoT devices have various architectures, and the security issues introduced by code reuse are prominent. This paper proposes PhG-vNet, an effective and efficient SCV detection approach for IoT devices based on heterogeneous -graph-driven hash similarity. PhG-vNet uses customized graph embedding to feature the pseudo-code and uses the heterogeneous graph neural network to extract the graph structure to binary hash em-beddings. Then, PhG-vNet detects SCVs based on self-designed bit similarity with Bayesian weighted. Experiments show that PhG-vNet does not need expensive hardware requirements and has impressive low overhead and acceptable detection performance.& COPY; 2023 Elsevier B.V. All rights reserved.
引用
收藏
页码:201 / 210
页数:10
相关论文
共 52 条
  • [51] Heterogeneous Graph Neural Network
    Zhang, Chuxu
    Song, Dongjin
    Huang, Chao
    Swami, Ananthram
    Chawla, Nitesh V.
    [J]. KDD'19: PROCEEDINGS OF THE 25TH ACM SIGKDD INTERNATIONAL CONFERENCCE ON KNOWLEDGE DISCOVERY AND DATA MINING, 2019, : 793 - 803
  • [52] Zuo F, 2018, Arxiv, DOI arXiv:1808.04706