Novel supply chain vulnerability detection based on heterogeneous-graph-driven hash similarity in IoT

Future Generation Computer Systems(2023)

Cited 0|Views45
No score
Supply chain vulnerability (SCV) exists in third-party components (operating systems, basic libraries, etc.). These vulnerabilities do not exist in code written by ordinary developers, who unknowingly introduce them due to the use of third-party components, resulting in the software they developed being affected by these vulnerabilities. Compared with traditional devices, IoT devices have various architectures, and the security issues introduced by code reuse are prominent. This paper proposes PhG-vNet, an effective and efficient SCV detection approach for IoT devices based on heterogeneous-graph-driven hash similarity. PhG-vNet uses customized graph embedding to feature the pseudo-code and uses the heterogeneous graph neural network to extract the graph structure to binary hash embeddings. Then, PhG-vNet detects SCVs based on self-designed bit similarity with Bayesian weighted. Experiments show that PhG-vNet does not need expensive hardware requirements and has impressive low overhead and acceptable detection performance.
Translated text
Key words
hash similarity,supply chain,iot,vulnerability,heterogeneous-graph-driven
AI Read Science
Must-Reading Tree
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined