In this study, we have presented an IoT vulnerability data extraction tool and machine learning methods to detect vulnerabilities in the C\C++ source code of IoT operating systems(OS) and applications. The source code of various IoT OSs and applications was used to create a binary and multi-class labeled dataset including both vulnerable and benign samples. The types of vulnerabilities in the presented dataset are linked to the Common Weakness Enumeration (CWE) records.
The proposed method for vulnerability data collection is as follows:
Follow the IoT vulnerability dataset extraction instruction here
The novel vulnerability detection approach in IoT OSs and applications:
Follow the vulnerability classification instruction here
- Python (3.7)
- pip 23.3.1
- FlawFinder 2.0.19
- Cppcheck 2.10.3
- Clang Static Analyzer 15.0.0
The code is written in python 3.7. The program requires the following python packages:
Follow requirements.txt to see the python APIs used in the repository to reproduce the result. Run the following command to create a virtual environment, activate it and install all thre required python dependencies.
conda create -n iotvul python==3.8
conda activate iotvul
pip install pip==23.3.1
pip install -r requirements.txt
Please cite this project work by referring to the paper:
Bhandari, G.P., Assres, G., Gavric, N. et al. IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-024-00848-6.
@article{Bhandari2024,
title={IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications},
author={Guru Prasad Bhandari, Gebremariam Assres, Nikola Gavric, Andrii Shalaginov & Tor-Morten Grønli},
journal={International Journal of Information Security},
doi={10.1007/s10207-024-00848-6}
year={2024},
publisher={Springer}
}
The research presented in this paper has benefited from the Experimental Infrastructure for Exploration of Exascale Computing (eX3), which is financially supported by the Research Council of Norway under contract 270053.