| Like the Internet,Internet of Things(IoT)is an interconnected network.However,different from the Internet,IoT connects ordinary physical hardware through RFID,NFC,Zig Bee and other long-distance or short-distance communication technologies to construct an interconnected network.The physical network can realize the information interaction between people,machines and things at any time and any place.Iot assets,like other assets on the Internet,have their own vulnerabilities,which can be exploited by hackers or malicious users.The complexity of the Internet of Things architecture,as well as its sheer scale,makes it possible for hackers to find the ontology and exploit its vulnerabilities.Deep learning is an algorithm used to drive the computer to automatically learn feature patterns.The core idea is to input the learned features into the established model,so as to reduce the artificial design of incomplete features.The essence of vulnerability mining is to discover and repair in advance by enumerating hacker attacks.Traditional automatic mining methods are characterized by the incompleteness of manual design,and deep learning can just fill this deficiency.In the Internet of Things,due to the closed characteristics of the devices themselves,this thesis starts from the method of vulnerability mining without source code and with high execution efficiency.From the IoT device communication protocol and binary program vulnerability mining to introduce the idea of deep learning algorithm to do the following work:(1)Exploit communication vulnerabilities of IoT devices.In this thesis,aiming at the vulnerability mining rules used in IoT protocol,which are not conducive to model learning protocol,this thesis proposes a method to guide Peach tool mutation by constructing mutation order,which is beneficial to reduce the coupling between model and protocol vulnerability mining by using mutation order as the input of model.After model training,temperature coefficient sampling for variation sequence is proposed in this thesis.Finally,through experimental verification,it can be concluded that the mutation order based on model generation used to guide use case generation can significantly improve the test effect of the use case mutation strategy with strong randomness.(2)As for the research on vulnerability mining of executable binary programs in IoT devices,this thesis considers that the existing schemes(Gemini,CSSVA)used in the vulnerability detection environment of executable binary programs in IoT devices ignore the directional characteristics of program execution flow.Therefore,a sample modeling method based on state theory is proposed.Each basic block in CFG graph of program is regarded as the vertex of network graph,and the data flow out of normal basic block is regarded as a positive relation.The basic block for triggering vulnerability is negative.(3)For the IoT device executable binary program vulnerability mining research,there are different compiler impact vulnerability detection results,this thesis by using convolutional neural network graph translation invariant feature processing CFG graph adjacency matrix.Finally,the accuracy and F value of the proposed model are verified to be better than Gemini and CSSVA schemes. |
