Machine Learning-Based Efficient Discovery of Software Vulnerability for Internet of Things  

作　　者：So-Eun Jeon Sun-Jin Lee Il-Gu Lee 

机构地区：[1]Department of Future Convergence Technology Engineering,Sungshin Women’s University,Seoul,02844,Korea

出　　处：《Intelligent Automation & Soft Computing》2023年第8期2407-2419,共13页智能自动化与软计算（英文）

基　　金：supported by a National Research Foundation of Korea (NRF)grant funded by the Ministry of Science and ICT (MSIT) (No.2020R1F1A1061107);the Korea Institute for Advancement of Technology (KIAT)grant funded by the Korean Government (MOTIE) (P0008703,The Competency Development Program for Industry Specialists);the MSIT under the ICAN (ICT Challenge and Advanced Network of HRD)program (No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning and Evaluation (IITP).

摘　　要：With the development of the 5th generation of mobile communi-cation(5G)networks and artificial intelligence(AI)technologies,the use of the Internet of Things(IoT)has expanded throughout industry.Although IoT networks have improved industrial productivity and convenience,they are highly dependent on nonstandard protocol stacks and open-source-based,poorly validated software,resulting in several security vulnerabilities.How-ever,conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and com-puting power.This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy.Experimental results using a software vulnerability classification dataset showed that different optimal data sizes did not affect the learning performance of the learning models.Moreover,the minimal data size required to train a model without performance degradation could be determined in advance.For example,the random forest model saved 85.18%of memory and improved latency by 97.82%while maintaining a learning accuracy similar to that achieved when using 100%of data,despite using only 1%.

关 键 词：Lightweight devices machine learning deep learning software vulnerability detection common weakness enumeration 

分 类 号：TN91[电子电信—通信与信息系统] TP181[电子电信—信息与通信工程]