VulScan-LT: A Lightweight Transformer-Based Software Vulnerability Scanning Tool for Resource-Constrained Edge Devices
摘要
Software vulnerabilities are security loopholes in software development phases that may turn into a backdoor for potential malicious actors to exploit and pose potent threats such as overflows, DDoS, and data breaches. Traditional vulnerability detection methods are largely computationally intensive and fail to detect these backdoors exploited during runtime. Moreover, edge devices are susceptible to such loopholes due to stringent resource constraints, which makes it difficult to deploy sophisticated security measures. In this work, we propose a novel transformer-based vulnerability scanning tool, VulScan-LT, that envelopes a redesigned state-of-the-art DistilBERT transformer model, customized to be lightweight by reducing the number of encoder layers and attention heads. The model is trained on four publicly available IoT Operating Systems and the SAR-Dataset, making it comprehensive in detecting vulnerabilities with a best-case accuracy of 93.57%, an F1-score of 91.96%, a recall of 93.45%, and a precision of 92.39%. Our tool performs better when compared to the state-of-the-art, with improvements in accuracy for both binary and multi-class classification by an average of 4%. Furthermore, the tool has also been deployed on the Jetson Orin Nano board, showcasing its compatibility with resource-constrained edge devices. We performed hardware-specific optimizations such as floating-point and layer fusions on the redesigned transformer that reduced its memory footprint by approximately 30%. The optimized model performed with an accuracy of 93.75%, an F1-score of 91.69%, a recall of 93.31%, and a precision of 92.74% on the hardware. VulScan-LT is an end-to-end, platform-independent tool that accepts any C/C++-based source code file as input and generates a comprehensive vulnerability analysis report.