《A deep learning based static taint analysis approach for IoT software vulnerability location》
之前一直在搜静态污点分析的论文,偶然看到这篇深度学习的论文,正好导师最近让我们看神经网络相关的论文,于是点开了这篇论文浏览。话不多说,进入正题。
In this paper, a deep learning based static taint analysis approach is proposed to automatically locate Internet of Things (IoT) software vulnerability, which can relieve tedious manual analysis and improve detection accuracy. Deep learning is used to detect vulnerability since it considers the program context.
大概是说可以自动定位物联网软件漏洞的位置并且提高检测精度。使用深度学习是因为它考虑程序上下文。
此时我就提出了一个小问题:这个方法如何定位到漏洞位置?
带着这个小问题,继续往下读。
论文贡献
- First, we propose three taint selection principles to determine the original taints. 作者提出三种污点选择原则来确定原始污点。
- Second, we propose the taint weight calculation method to select taint with high weight. 作者提出了污点权重计算方法来选择高权重的污点。
- Third, we develop the deep learning-based IoT software vulnerability location system and evaluate its effectiveness using the Code Gadget Data