IDetect for vulnerability detection in internet of things operating systems using machine learning

Abstract

Internet of Things (IoT) 's devices are ubiquitous and operate in a heterogonous environment with potential security breaches. IoT Operating Systems (IoT OSs) are the backbone software for running such devices. If IoT OSs are vulnerable to security breaches, higher-level security measures may not help. This paper aims to use Machine Learning (ML) to create a tool called iDetect for detecting vulnerabilities in C/C++ source code of IoT OSs. The source code for 16 releases of IoT OSs (RIOT, Contiki, FreeRTOS, Amazon FreeRTOS) and the Software Assurance Reference Dataset (SARD) were used to create a labeled dataset of vulnerable and benign code with the reference being the Common Weakness Enumeration (CWE) vulnerabilities present in IoT OSs. Studies showed that only a subset of CWEs is present in the C/C++ source code of low-end IoT OSs.The labeled dataset was used to train three ML models for vulnerability detection: Random Forest (RF), Convolutional Neural Network (CNN), and Recurrent Neural Network (RNN). The three models were used independently and RF; compared to CNN and RNN, gave the highest accuracy during the testing phase for binary and multiclass classification. RF was chosen as iDetect's ML classifier. Further evaluation was done on an unseen dataset of 322 code snippets taken from TinyOS. iDetect achieved a macro-averaged F1 score (mF1) of 98.5% and weighted-average F1 score (wF1) of 98% for multiclass classification, F1 score (F1) of 97.8% for binary classification, and superior results compared to all three Static Analysis Tools (SATs) used to collect the training dataset.