An Empirical Study of IoT Security Aspects at Sentence-Level in Developer Textual Discussions

• URL: http://arxiv.org/abs/2206.03079v1
• Date: Tue, 7 Jun 2022 07:54:35 GMT
• Title: An Empirical Study of IoT Security Aspects at Sentence-Level in Developer Textual Discussions
• Authors: Nibir Chandra Mandal and Gias Uddin
• Abstract summary: We develop a model that can automatically find security-related IoT discussions in Stack Overflow. We study the model output to learn about IoT developer security-related challenges.
• Score: 0.8029049649310213
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: IoT is a rapidly emerging paradigm that now encompasses almost every aspect of our modern life. As such, ensuring the security of IoT devices is crucial. IoT devices can differ from traditional computing, thereby the design and implementation of proper security measures can be challenging in IoT devices. We observed that IoT developers discuss their security-related challenges in developer forums like Stack Overflow(SO). However, we find that IoT security discussions can also be buried inside non-security discussions in SO. In this paper, we aim to understand the challenges IoT developers face while applying security practices and techniques to IoT devices. We have two goals: (1) Develop a model that can automatically find security-related IoT discussions in SO, and (2) Study the model output to learn about IoT developer security-related challenges. First, we download 53K posts from SO that contain discussions about IoT. Second, we manually labeled 5,919 sentences from 53K posts as 1 or 0. Third, we use this benchmark to investigate a suite of deep learning transformer models. The best performing model is called SecBot. Fourth, we apply SecBot on the entire posts and find around 30K security related sentences. Fifth, we apply topic modeling to the security-related sentences. Then we label and categorize the topics. Sixth, we analyze the evolution of the topics in SO. We found that (1) SecBot is based on the retraining of the deep learning model RoBERTa. SecBot offers the best F1-Score of 0.935, (2) there are six error categories in misclassified samples by SecBot. SecBot was mostly wrong when the keywords/contexts were ambiguous (e.g., gateway can be a security gateway or a simple gateway), (3) there are 9 security topics grouped into three categories: Software, Hardware, and Network, and (4) the highest number of topics belongs to software security, followed by network security.

Related papers

• Computational Safety for Generative AI: A Signal Processing Perspective [65.268245109828]
  computational safety is a mathematical framework that enables the quantitative assessment, formulation, and study of safety challenges in GenAI. We show how sensitivity analysis and loss landscape analysis can be used to detect malicious prompts with jailbreak attempts. We discuss key open research challenges, opportunities, and the essential role of signal processing in computational AI safety.
  arXiv  Detail & Related papers  (2025-02-18T02:26:50Z)
• ChatIoT: Large Language Model-based Security Assistant for Internet of Things with Retrieval-Augmented Generation [6.39666247062118]
  ChatIoT is a large language model (LLM)-based IoT security assistant designed to disseminate IoT security and threat intelligence. We develop an end-to-end data processing toolkit to handle heterogeneous datasets.
  arXiv  Detail & Related papers  (2025-02-14T04:00:18Z)
• SecCodePLT: A Unified Platform for Evaluating the Security of Code GenAI [47.11178028457252]
  We develop SecCodePLT, a unified and comprehensive evaluation platform for code GenAIs' risks. For insecure code, we introduce a new methodology for data creation that combines experts with automatic generation. For cyberattack helpfulness, we construct samples to prompt a model to generate actual attacks, along with dynamic metrics in our environment.
  arXiv  Detail & Related papers  (2024-10-14T21:17:22Z)
• IoT-LM: Large Multisensory Language Models for the Internet of Things [70.74131118309967]
  IoT ecosystem provides rich source of real-world modalities such as motion, thermal, geolocation, imaging, depth, sensors, and audio. Machine learning presents a rich opportunity to automatically process IoT data at scale. We introduce IoT-LM, an open-source large multisensory language model tailored for the IoT ecosystem.
  arXiv  Detail & Related papers  (2024-07-13T08:20:37Z)
• Realizing Open and Decentralized Marketplace for Exchanging Data of Expected IoT Behaviors [10.8289414098768]
  This paper proposes creating a special marketplace focused on IoT cybersecurity. The goal is to openly share knowledge about IoT devices' behavior, using structured data formats. We employ technologies like blockchain and smart contracts to build a practical and secure foundation.
  arXiv  Detail & Related papers  (2023-12-30T04:59:00Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• IoTScent: Enhancing Forensic Capabilities in Internet of Things Gateways [45.44831696628473]
  This paper presents IoTScent, an open-source forensic tool that enables IoT gateways and Home Automation platforms to perform IoT traffic capture and analysis. IoTScent is specifically designed to operate over IEEE5.4-based traffic, which is the basis for many IoT-specific protocols such as Zigbee, 6LoWPAN and Thread. This work provides a comprehensive description of the IoTScent tool, including a practical use case that demonstrates the use of the tool to perform device identification from Zigbee traffic.
  arXiv  Detail & Related papers  (2023-10-05T09:10:05Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• Navigating the IoT landscape: Unraveling forensics, security issues, applications, research challenges, and future [6.422895251217666]
  This paper reviews forensic and security issues associated with IoT in different fields. Most IoT devices are vulnerable to attacks due to a lack of standardized security measures. To fulfil the security-conscious needs of consumers, IoT can be used to develop a smart home system.
  arXiv  Detail & Related papers  (2023-09-06T04:41:48Z)
• Effectiveness of Transformer Models on IoT Security Detection in StackOverflow Discussions [0.0]
  "IoT Security dataset" is a domain-specific dataset of 7147 samples focused solely on IoT security discussions. We found that IoT security discussions are different and more complex than traditional security discussions.
  arXiv  Detail & Related papers  (2022-07-29T08:18:03Z)
• Reinforcement Learning for IoT Security: A Comprehensive Survey [4.0059435854780965]
  Security has been a long run challenge in the IoT systems which has many attack vectors, security flaws and vulnerabilities. In this paper, we present a comprehensive survey of different types of cyber-attacks against different IoT systems. We then present reinforcement learning and deep reinforcement learning based security solutions to combat those different types of attacks in different IoT systems.
  arXiv  Detail & Related papers  (2021-02-14T21:09:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.