智慧电力物联网固件多粒度漏洞检测方法OA
Multi-granularity vulnerability detection method for smart power IoT firmware
[目的]电力物联网设备固件的安全性对保障关键基础设施稳定运行至关重要.然而,固件特征复杂且分析维度单一,导致现有漏洞检测方法存在精度低、适应性差的问题.为此,研究一种适用于泛在物联背景下的智慧电力物联网固件多粒度漏洞检测方法,以提升漏洞检测的全面性与准确性.[方法]本文设计了 i2vBi模型,将地址空间操作数映射为8类控制装载基址,从而精确生成指令词向量;利用Softmax函数计算上下文词概率,训练极大似然估计模型,并通过双向长短期记忆网络(bidirectional long short-term memory,BiLSTM)聚合指令向量,得到蕴含前后向语义信息的基本块嵌入向量.利用基本块嵌入向量构建属性控制流图,以提取函数内部的细粒度结构特征;采用主邻域聚合(principal neighbourhood aggregation,PNA)算法,并结合多种聚合器与基于节点度的缩放器,自适应地聚合节点邻域信息,生成表达力更强的图嵌入向量,完成函数级别的中观粒度特征提取.随后,利用卷积神经网络(convolutional neural network,CNN)与自注意力机制从图嵌入向量中提取函数执行顺序的局部模式特征,并将该顺序特征与基本块嵌入向量构建的属性控制流图特征输入多层感知机进行融合,形成最终的综合特征向量.引入语义分析维度,将已知漏洞函数转化为自然语言文本,通过基于双向编码器(bidirectional encoder representations from trans-formers,BERT)表示的语义嵌入模型进行掩码建模与均值池化,生成语义向量;计算其与目标函数综合特征向量的余弦相似度,通过设定阈值实现基于语义相似度的多粒度漏洞判定.[结果]为验证本文方法的有效性,在包含真实电力物联网固件镜像的数据集上进行了测试.实验结果表明:本文方法的曲线下面积(area under the curve,AUC)值稳定在0.85~0.95之间,显著高于对比方法,证明了其优异的整体分类性能;Kappa系数位于0.85~0.95的高位区间,表明检测结果与真实情况具有高度一致性;海明距离值始终保持较低水平,说明本文方法的误报率与漏报率得到了有效控制,预测结果更为精确.[结论]本文方法通过融合指令、基本块、函数控制流及语义等多个层次的特征,有效克服了特征维度单一的局限.该方法不仅显著提升了漏洞检测的精度与鲁棒性,而且因其对代码语义的理解而具备更好的环境适应性.研究成果为实现智慧电力物联网固件的自动化、智能化安全分析提供了可靠的技术途径,对增强电力物联网系统的整体安全性与稳定性具有积极意义.
[Objective]Firmware security in power Internet of Things(IoT)devices is crucial for ensuring the stable operation of critical infrastructure.However,existing vulnerability detection methods suffer from limited accuracy and adaptability due to complex firmware characteristics and reliance on a single analysis dimension.To address these issues,a multi-granularity vulnerability detection method for smart power IoT firmware suitable for the ubiquitous IoT background was proposed to improve the comprehensiveness and accuracy of vulnerability detection.[Methods]First,an i2vBi model was designed to map address space operands into eight classes to control the loading base address range,thus accurately generating instruction word vectors.The Softmax function was used to calculate contextual word probabilities,a maximum likelihood estimation model was trained,and instruction vectors were aggregated through a bidirectional long short-term memory(BiLSTM)network to obtain basic block embedding vectors containing forward and backward semantic information.Second,basic block embeddings were used to construct attribute control flow graphs to extract fine-grained structural features within functions.Furthermore,the principal neighborhood aggregation(PNA)algorithm was adopted,combining multiple aggregators and node-degree-based scalers to adaptively aggregate node neighbourhood information,generating more expressive graph embedding vectors and achieving function-level meso-granularity feature extraction.Subsequently,a convolutional neural network(CNN)and a self-attention mechanism were used to extract local pattern features of function execution order from graph embedding vectors,and these sequential features,together with attribute control flow graph features constructed from basic block embeddings,were input into a multilayer perceptron for fusion to form the final comprehensive feature vector.Finally,a semantic analysis dimension was introduced,in which known vulnerable functions were transformed into natural language text.A semantic embedding model based on bidirectional encoder representations from transformers(BERT)was used for masked modeling and mean pooling to generate semantic vectors.The cosine similarity between the semantic vectors and the comprehensive feature vectors of target functions was computed,and multi-granularity vulnerability detection based on semantic similarity was achieved by setting a threshold.[Results]To verify the effectiveness of the proposed method,experiments were conducted on a dataset containing real power IoT firmware images.The experimental results show that the AUC value of the proposed method remains stable between 0.85 and 0.95,which is significantly higher than that of comparative methods,demonstrating excellent overall classification performance.The Kappa coefficient lies in the high range of 0.85-0.95,indicating a high degree of consistency between detection results and actual conditions.The Hamming distance remains at a low level,indicating that false positive and false negative rates are effectively controlled,and prediction results are more accurate.[Conclusions]The proposed method effectively overcomes the limitation of a single feature dimension by integrating multiple levels of features,including instructions,basic blocks,function control flow,and semantics.This method not only significantly improves the accuracy and robustness of vulnerability detection but also exhibits better environmental adaptability due to its understanding of code semantics.The research results provide a reliable technical approach for automated and intelligent security analysis of smart power IoT firmware and have positive significance for enhancing the overall security and stability of power IoT systems.
王蓓;苑宁萍;李秀芬;韩俊飞;潘涛
内蒙古电力科学研究院信息通信技术研究所,内蒙古呼和浩特 010020内蒙古医科大学计算机信息学院,内蒙古呼和浩特 010110内蒙古电力科学研究院信息通信技术研究所,内蒙古呼和浩特 010020内蒙古电力科学研究院信息通信技术研究所,内蒙古呼和浩特 010020内蒙古电力科学研究院信息通信技术研究所,内蒙古呼和浩特 010020
信息技术与安全科学
泛在物联智慧电力物联网固件漏洞检测多粒度卷积神经网络主邻域聚合语义嵌入模型BERT模型
ubiquitous Internet of Thingssmart power Internet of Thingsfirmware vulnerability detectionmulti-granularityconvolutional neural networkprincipal neighbourhood aggregationsemantic embedding modelBERT model
《沈阳工业大学学报》 2026 (3)
48-55,8
内蒙古自治区规划课题(NGJGH2022250)内蒙古电力(集团)有限责任公司科技项目(内电科技[2021]3号).
评论