Detecting Vulnerabilities from Issue Reports for Internet-of-Things
Timely identification of issue reports reflecting software vulnerabilities is crucial, particularly for Internet-of-Things (IoT) where analysis is slower than non-IoT systems. While Machine Learning (ML) and Large Language Models (LLMs) detect vulnerability-indicating issues in non-IoT systems, their IoT use remains unexplored. We are the first to tackle this problem by proposing two approaches: (1) combining ML and LLMs with Natural Language Processing (NLP) techniques to detect vulnerability-indicating issues of 21 Eclipse IoT projects and (2) fine-tuning a pre-trained BERT masked language model on 11,000 GitHub issues for classifying \vul. Our best performance belongs to a Support Vector Machine (SVM) trained on BERT NLP features, achieving an Area Under the receiver operator characteristic Curve (AUC) of 0.65. Our fine-tuned BERT achieves 0.26 accuracy, emphasizing the importance of exposing all data during training. Our contributions set the stage for accurately detecting vulnerabilities of IoT systems from their issues, similar to non-IoT systems.
Wed 19 NovDisplayed time zone: Seoul change
11:00 - 12:30 | |||
11:00 15mTalk | Detecting Vulnerabilities from Issue Reports for Internet-of-Things Student Research Competition Sogol Masoumzadeh Mcgill University | ||
11:15 15mTalk | Dynamic Testing of GUI Exercises in Headless Environments Student Research Competition Benjamin Schmitz Technical University of Munich Pre-print | ||
11:30 15mTalk | First-Order Quantified Separator in Alloy Analyzer Student Research Competition | ||
11:45 15mTalk | Understanding Uncertainty In LLMs Student Research Competition Chandan Kumar Sah Beihang University | ||
12:00 15mTalk | Verification and Classification of Exploits for Node.js Vulnerabilities Student Research Competition Sungmin Park Korea University | ||
12:15 15mPanel | SRC Panel Discussion Student Research Competition | ||
