IoT is a rapidly emerging paradigm that now encompasses almost every aspect of our modern life. As such, ensuring the security of IoT devices is crucial. IoT devices can differ from traditional computing, thereby the design and implementation of proper security measures can be challenging in IoT devices. We observed that IoT developers discuss their security-related challenges in developer forums like Stack Overflow(SO). However, we find that IoT security discussions can also be buried inside non-security discussions in SO. In this paper, we aim to understand the challenges IoT developers face while applying security practices and techniques to IoT devices. We have two goals: (1) Develop a model that can automatically find security-related IoT discussions in SO, and (2) Study the model output to learn about IoT developer security-related challenges. First, we download 53K posts from SO that contain discussions about IoT. Second, we manually labeled 5,919 sentences from 53K posts as 1 or 0. Third, we use this benchmark to investigate a suite of deep learning transformer models. The best performing model is called SecBot. Fourth, we apply SecBot on the entire posts and find around 30K security related sentences. Fifth, we apply topic modeling to the security-related sentences. Then we label and categorize the topics. Sixth, we analyze the evolution of the topics in SO. We found that (1) SecBot is based on the retraining of the deep learning model RoBERTa. SecBot offers the best F1-Score of 0.935, (2) there are six error categories in misclassified samples by SecBot. SecBot was mostly wrong when the keywords/contexts were ambiguous (e.g., gateway can be a security gateway or a simple gateway), (3) there are 9 security topics grouped into three categories: Software, Hardware, and Network, and (4) the highest number of topics belongs to software security, followed by network security.
翻译:Iot是一个迅速出现的范例,它现在几乎涵盖了我们现代再培训生活的每一个方面。 因此, 确保 Iot 设备的安全性至关重要。 Iot 设备可能不同于传统的计算, 因而适当的安全措施的设计和实施在 Iot 设备中可能具有挑战性。 我们观察到, Iot 开发者在像 Stack Overflow (SO) 这样的开发者论坛中讨论其与安全相关的挑战。 然而, 我们发现, Iot 安全讨论也可以被隐藏在SO的非安全讨论中。 在本文中, 我们的目标是理解 IoT 开发者在对 Iot 设备应用安全做法和技术时所面临的挑战。 我们有两个目标:(1) 开发一个能够自动找到与安全有关的 IoT 相关讨论的模型, 从而在SoT 网络中, 我们把5 919 个判决标在53 modec 的模型中, 我们用这个标准来调查一个软件变异的模型。 Sec Bot 的模型和Sec 数据库在Sec 后, 我们用Sec 的Sec 标 。