Identifying Vulnerable Third-party Components in IoT Firmware Using Deep Learning

Chen, Chia-Mei; Lin, Sheng-Hao; Cai, Zheng-Xun; Lai, Gu-Hsin; Ou, Ya-Hui

Home // IoTAI 2024, The First International Conference on IoT-AI // View article

Identifying Vulnerable Third-party Components in IoT Firmware Using Deep Learning

Authors:
Chia-Mei Chen
Sheng-Hao Lin
Zheng-Xun Cai
Gu-Hsin Lai
Ya-Hui Ou

Keywords: IoT attacks; vulnerability detection; deep learning

Abstract:
To reduce the development time and the cost of Internet of Thing (IoT) products, vendors leverage Third-Party Components (TPCs) to manufacture various types of IoT products. However, such third-party software might not be validated with proper software testing or might contain vulnerabilities. Furthermore, existing research rarely proposed a cross-architecture solution for detecting both top IoT vulnerabilities. Therefore, this study proposes a cross-architecture IoT vulnerability detection method that identifies vulnerable third-party components used in IoT firmware. This study leverages a Siamese Neural Network (SNN) architecture and designs a similarity algorithm to identify vulnerable functions on different processor architectures. The evaluation results demonstrate that the proposed method can identify vulnerable TPCs effectively.

Pages: 1 to 4

Copyright: Copyright (c) IARIA, 2024

Publication date: June 30, 2024

Published in: conference

ISBN: 978-1-68558-183-1

Location: Porto, Portugal

Dates: from June 30, 2024 to July 4, 2024