EXVUL: Towards Effective and Explainable Vulnerability Detection for IoT Devices
Article
Article Title | EXVUL: Towards Effective and Explainable Vulnerability Detection for IoT Devices |
---|---|
ERA Journal ID | 210568 |
Article Category | Article |
Authors | Cao, Sicong, Sun, Xiaobing, Liu, Wei, Wu, Di, Zhang, Jiale, Li, Yan, Luan, Tom H. and Gao, Longxiang |
Journal Title | IEEE Internet of Things Journal |
Journal Citation | 11 (12), pp. 22385-22398 |
Number of Pages | 14 |
Year | 2024 |
Publisher | IEEE (Institute of Electrical and Electronics Engineers) |
Place of Publication | United States |
ISSN | 2327-4662 |
Digital Object Identifier (DOI) | https://doi.org/10.1109/JIOT.2024.3381641 |
Web Address (URL) | https://ieeexplore.ieee.org/document/10479158 |
Abstract | As with anything connected to the Internet, Internet of Things (IoT) devices are also subject to severe cybersecurity threats because an adversary could exploit vulnerabilities in their internal software to perform malicious attacks. Despite the promising results of deep learning (DL)-based approaches, the lack of well-labeled IoT vulnerability samples available for training and explainability pose a critical challenge to deploy them in practice. In this article, we propose EXVUL, a novel DL-based approach for Effective and eXplainable IoT VULnerability detection. Specifically, inspired by recent advances of self-supervised learning in label-expensive tasks, we propose a new combinatorial contrastive loss to combine the strengths of large-scale unlabeled code corpus and limited IoT vulnerability samples. Then, given a binary detection result, EXVUL provides a set of faithful and stable code statements positively contributing to the model’s predictions as understandable explanations. Experimental results indicate that EXVUL outperforms state-of-the-art baselines by 33.44%-72.91% and 19.52%-98.78% with respect to the accuracy and F1 score metrics, respectively. For vulnerability explanation, EXVUL improves over the best-performing baseline explainer PGExplainer by 22.97% in mean statement precision, 49.55% in mean statement recall, and 48.40% in mean intersection over union, demonstrating that the explanations provided by EXVUL can correctly point out the vulnerable statements relevant to the detected vulnerabilities. |
Keywords | IoT Devices |
Contains Sensitive Content | Does not contain sensitive content |
ANZSRC Field of Research 2020 | 461208. Software testing, verification and validation |
4604. Cybersecurity and privacy | |
Public Notes | Files associated with this item cannot be displayed due to copyright restrictions. |
Byline Affiliations | Yangzhou University, China |
School of Mathematics, Physics and Computing | |
Centre for Health Research | |
Xidian University, China | |
Qilu University of Technology, China | |
Shandong Fundamental Research Center for Computer Science, China |
https://research.usq.edu.au/item/z83y4/exvul-towards-effective-and-explainable-vulnerability-detection-for-iot-devices
61
total views0
total downloads1
views this month0
downloads this month