We found a way to stay ahead of the hackers

SCIENCE NEWS FROM KRISTIANIA: Cyber security

In a world where the Internet of Things (IoT) shapes the backbone of critical infrastructures, securing IoT software is crucial. Cars, traffic control systems, and medical equipment – these can all be hacked, potentially leading to fatal consequences.  

A new system detects vulnerabilities earlier 

So how do we stay ahead of the hackers? 

One of the problems we face is that existing methods for detecting threats, like network monitoring and sensor-based solutions, do not identify vulnerabilities in the source code. This makes it difficult to identify weaknesses until an attack actually takes place.  

Through the ENViSEC research project at Kristiania we developed a method which makes it easier for software developers to identify and fix vulnerabilities at an early stage.  

In application-level software, poor coding practices can make the code confusing, introduce weaknesses, and create potential vulnerabilities.

To do this, we use machine learning, a type of artificial intelligence (AI) in which the system learns through trial and error with large amounts of data. When the AI system analyzes code in the software, it looks for weaknesses and classifies them as different types of security threats. By recognizing patterns and anomalies, the system detects potential security issues. 

Assessing words and commands in context 

We named the method IoTvulCode. It combines machine learning and natural language processing (NLP) to analyze source code and identify weaknesses and vulnerabilities. By using NLP, the system can interpret and understand the language used in the code by analyzing sentence structure as well as the meaning of words and phrases in the code.  

This means the system can assess not only the words and commands used but also the context in which they are used. 

This allows us to identify flaws and weaknesses we might otherwise not have detected. We have also collected various types of vulnerabilities in the extracted dataset.  

There is a standardized list, the CWE (Common Weakness Enumeration), of known weaknesses in software coding and design. It describes and classifies common security issues in software, allowing developers to recognize and avoid them.  

Each weakness is assigned a unique CWE number and a description, which can help developers and security analysts understand what each weakness entails and how it might affect the software's security. 

IoTvulCode collects source code from popular IoT projects and classifies both safe and unsafe code examples as well as known and unknown vulnerabilities. 

Applications of IoTvulCode

In application-level software, poor coding practices can make the code confusing, introduce weaknesses, and create potential vulnerabilities. Detecting these vulnerabilities early in the software development lifecycle can significantly reduce maintenance costs while enhancing the program’s security and resilience.  

The proposed IoTvulCode extraction tool and the initial dataset version offer valuable resources for evaluating IoT vulnerabilities within source code: 

• Adaptability: The IoTvulCode extraction tool can be easily extended for various applications beyond IoT, applying to general software as well. 

• Vulnerability Detection: The initial release of the IoTvulCode dataset supports vulnerability detection, enabling users to identify specific vulnerabilities within IoT software source code. 

• Multi-Class Labeling: By categorizing vulnerabilities based on Common Weakness Enumeration (CWE) types, the dataset supports multi-class vulnerability prediction, helping identify both the presence and category of vulnerabilities. 

• Multi-Granularity Analysis: The dataset includes source code snippets at different levels of granularity—statement-level and function-level—allowing for a detailed, multi-layered vulnerability assessment. 

• Open-Source Availability: Licensed as open-source, the dataset and extraction tool are accessible for users to replicate, extend, and share, encouraging broader application and improvement. 

This tool, along with the initial dataset and machine learning models, paves the way for research in applying NLP and ML techniques to detect security flaws in IoT source code at both the statement and function levels. 

References: 

Bhandari, G. P., Assres, G., Gavric, N., Shalaginov, A., & Grønli, T. M. (2024). IoTvulCode: AI-enabled vulnerability detection in software products designed for IoT applications. International Journal of Information Security, 1-14. 

Bhandari, G., Gavric, N., & Shalaginov (2024),VulnMiner: A Comprehensive Framework for Vulnerability Collection from C/C++ Source Code Projects, Software Impacts (accepted for publication), Elsevier.  

Bhandari, G., Gavric, N. & Shalaginov, A. (2024). VulnMiner: A comprehensive framework for vulnerability collection from C/C++ Source Code, GitHub.  

Text: Guru Bhandari, system engineer and HPC coordinator, School of Economics, Innovation and Technology, Kristiania University of Applied Sciences.

We love hearing from you!

Send your comments and questions regarding this article by e-mail to kunnskap@kristiania.no.