Predicting Sensitive Information Leakage in IoT Applications Using Flows-Aware Machine Learning Approach

This thesis presents techniques for identification of vulnerable IoT applications. The techniques focus on a category of vulnerabilities that leads to sensitive information leakage which can be identified by using taint flow analysis. We analyze the source code of applications to recover tokens along their frequencies. We have developed a tool called Token2Vec, which transforms the source code tokens into vectors. If these tokens have a sink, we search for tainted flows. The tainted flows search is implemented as a tool called FlowsMiner. The tool takes far less time than static analysis counterparts. Our tool called Flow2Vec transforms the tainted flows into vectors. The machine learning algorithms are used to build models. The experiments show that the proposed approach has improved the accuracy of the prediction models for all algorithms and the best case for Corpus1 dataset is improved from 87.88% to 93.94% and for Corpus2 from 66.29% to 92.7%.