Skip to main content
SpringerLink
Log in

Detecting Contradictions from CoAP RFC Based on Knowledge Graph

  • Conference paper
  • First Online:
Network and System Security (NSS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13787))

Included in the following conference series:

Abstract

Due to the boom of Internet of Things (IoT) in recent years, various IoT devices are connected to the internet and communicate with each other through web protocols such as the Constrained Application Protocol (CoAP). These web protocols are typically defined and described in the Request for Comments (RFC) documents, which are written in natural or semi-formal languages. Since developers largely follow the RFCs when implementing web protocols, the RFCs have become the de facto protocol specifications. Therefore, it is desirable to ensure that the technical details being described in the RFC are consistent, to avoid technological issues, incompatibility, security risks or even legal concerns. In this work, we propose RFCKG, a knowledge graph based contradictions detection tool for CoAP RFC. Our approach can automatically parse the RFC documents and construct knowledge graphs from them through entity extraction, relation extraction, and rule extraction. It then conducts an intra-entity and inter-entity consistency checking over the generated knowledge graph. We implement RFCKG and apply it to the main RFC (RFC7252) of CoAP, one of the most extensively used messaging protocols in IoT. Our evaluation shows that RFCKG manages to detect both direct contradiction and conditional contradictions from the RFC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Assessed on 11th August, 2022.

References

  1. Andow, B., et al.: \(\{\)PolicyLint\(\}\): investigating internal privacy policy contradictions on google play. In: 28th USENIX Security Symposium (USENIX security 19), pp. 585–602 (2019)

    Google Scholar 

  2. Bird, S., Klein, E., Loper, E.: Natural language processing with Python: analyzing text with the natural language toolkit. O’Reilly Media, Inc (2009)

    Google Scholar 

  3. Bradner, S.: Key words for use in RFCs to indicate requirement levels. http://datatracker.ietf.org/doc/html/rfc2119 (1997). Assessed 04 Aug 2022

  4. Brown, T., et al.: Language models are few-shot learners. Adv. Neural. Inf. Process. Syst. 33, 1877–1901 (2020)

    Google Scholar 

  5. Chegini, H., Naha, R.K., Mahanti, A., Thulasiraman, P.: Process automation in an IoT-fog-cloud ecosystem: a survey and taxonomy. IoT 2(1), 92–118 (2021)

    Article  Google Scholar 

  6. Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)

  7. Hagberg, A.A., Schult, D.A., Swart, P.J.: Exploring network structure, dynamics, and function using networkx. In: Varoquaux, G., Vaught, T., Millman, J. (eds.) Proceedings of the 7th Python in Science Conference, pp. 11–15. Pasadena, CA USA (2008)

    Google Scholar 

  8. Harabagiu, S., Hickl, A., Lacatusu, F.: Negation, contrast and contradiction in text processing. In: AAAI, vol. 6, pp. 755–762 (2006)

    Google Scholar 

  9. Honnibal, M., Montani, I.: spaCy 2: Natural language understanding with Bloom embeddings, convolutional neural networks and incremental parsing (2017)

    Google Scholar 

  10. Huh, S., Cho, S., Kim, S.: Managing IoT devices using blockchain platform. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 464–467. IEEE (2017)

    Google Scholar 

  11. Khan, L.U., Saad, W., Han, Z., Hossain, E., Hong, C.S.: Federated learning for internet of things: recent advances, taxonomy, and open challenges. IEEE Commun. Surv. Tutorials PP(99), 1 (2021)

    Google Scholar 

  12. Kraus, A.: californium. https://github.com/eclipse/californium (2016). Accessed 11 Aug 2022

  13. Le, D.P., Meng, H., Su, L., Yeo, S.L., Thing, V.: Biff: a blockchain-based IoT forensics framework with identity privacy. In: TENCON 2018–2018 IEEE region 10 conference, pp. 2372–2377. IEEE (2018)

    Google Scholar 

  14. Leiba, B.: Ambiguity of uppercase vs lowercase in RFC 2119 key words. https://datatracker.ietf.org/doc/html/rfc8174 (2017). Accessed 04 Aug 2022

  15. Li, H., et al.: Improving API caveats accessibility by mining API caveats knowledge graph. In: 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 183–193. IEEE (2018)

    Google Scholar 

  16. Lynggaard, P., Skouby, K.E.: Complex IoT systems as enablers for smart homes in a smart city vision. Sensors 16(11), 1840 (2016)

    Article  Google Scholar 

  17. Mahadewa, K., et al.: Scrutinizing implementations of smart home integrations. IEEE Trans. Softw. Eng. 47, 2667–2683 (2019)

    Google Scholar 

  18. Mahadewa, K., et al.: Identifying privacy weaknesses from multi-party trigger-action integration platforms. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 2–15 (2021)

    Google Scholar 

  19. Meng, M.H., et al.: Post-GDPR threat hunting on android phones: dissecting OS-level safeguards of user-unresettable identifiers. In: The Network and Distributed System Security Symposium (NDSS) (2023)

    Google Scholar 

  20. Meurer, A., et al.: SymPy: symbolic computing in python. Peer. J. Comput. Sci. 3, e103 (2017)

    Google Scholar 

  21. Mondal, I., Hou, Y., Jochim, C.: End-to-end NLP knowledge graph construction. arXiv preprint arXiv:2106.01167 (2021)

  22. Pacheco, M.L., von Hippel, M., Weintraub, B., Goldwasser, D., Nita-Rotaru, C.: Automated attack synthesis by extracting finite state machines from protocol specification documents. arXiv preprint arXiv:2202.09470 (2022)

  23. Shanthamallu, U.S., Spanias, A., Tepedelenlioglu, C., Stanley, M.: A brief survey of machine learning methods and their sensor and IoT applications. In: 2017 8th International Conference on Information, Intelligence, Systems & Applications (IISA), pp. 1–8. IEEE (2017)

    Google Scholar 

  24. Shelby, Z., Hartke, K., Bormann, C.: The constrained application protocol (CoAP). http://datatracker.ietf.org/doc/html/rfc7252 (2014). Accessed 04 Aug 2022

  25. Singh, A.K.: We will be surrounded by 500 billion connected devices by 2030, says anter virk of subcom. https://opportunityindia.franchiseindia.com/article/we-will-be-surrounded-by-500-billion-connected-devices-by-2030-says-anter-virk-of-subcom-35012 (2022). Accessed 28 Aug 2022

  26. Soares, L.B., FitzGerald, N., Ling, J., Kwiatkowski, T.: Matching the blanks: distributional similarity for relation learning. arXiv preprint arXiv:1906.03158 (2019)

  27. Tian, C., Chen, C., Duan, Z., Zhao, L.: Differential testing of certificate validation in SSL/TLS implementations: an RFC-guided approach. ACM. Trans. Softw. Eng. Methodol. 28(4), 1–37 (2019).https://doi.org/10.1145/3355048

  28. Uddin, H., et al.: IoT for 5g/b5g applications in smart homes, smart cities, wearables and connected cars. In: 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1–5. IEEE (2019)

    Google Scholar 

  29. Wang, K., Bai, G., Dong, N., Dong, J.S.: A framework for formal analysis of privacy on SSO protocols. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 763–777. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_41

    Chapter  Google Scholar 

  30. Wang, Q., et al.: \(\{\)MPInspector\(\}\): A systematic and automatic approach for evaluating the security of \(\{\)IoT\(\}\) messaging protocols. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 4205–4222 (2021)

    Google Scholar 

  31. Wang, Q., Mao, Z., Wang, B., Guo, L.: Knowledge graph embedding: a survey of approaches and applications. IEEE Trans. Knowl. Data Eng. 29(12), 2724–2743 (2017)

    Article  Google Scholar 

  32. Xiao, L., Wan, X., Lu, X., Zhang, Y., Wu, D.: IoT security techniques based on machine learning: how do IoT devices use AI to enhance security? IEEE Signal Process. Mag. 35(5), 41–49 (2018)

    Article  Google Scholar 

  33. Xie, D., et al.: DocTer: documentation-guided fuzzing for testing deep learning API functions. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 176–188 (2022)

    Google Scholar 

  34. Xie, F., et al.: Scrutinizing privacy policy compliance of virtual personal assistant apps. In: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2022)

    Google Scholar 

  35. Zhang, B., Xu, Y., Li, J., Wang, S., Ren, B., Gao, S.: SMDM: tackling zero-shot relation extraction with semantic max-divergence metric learning. Appl. Intell. 1–16 (2022). https://doi.org/10.1007/s10489-022-03596-z

  36. Zhang, C., et al.: Towards better generalization for neural network-based sat solvers. In: Gama, J., Li, T., Yu, Y., Chen, E., Zheng, Y., Teng, F. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2022. LNCS, vol. 13281. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-05936-0_16

Download references

Author information

Authors and Affiliations

  1. The University of Queensland, St. Lucia, Australia

    Xinguo Feng

  2. Cyber Security Research and Innovation (CSRI), Deakin University, Geelong, Australia

    Yanjun Zhang

  3. Institute for Infocomm Research, A*STAR, Singapore, Singapore

    Mark Huasong Meng & Sin G. Teo

  4. National University of Singapore, Singapore, Singapore

    Mark Huasong Meng

Authors
  1. Xinguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanjun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark Huasong Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sin G. Teo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xinguo Feng .

Editor information

Editors and Affiliations

  1. Monash University, Clayton, VIC, Australia

    Xingliang Yuan

  2. The University of Queensland, Queensland, QLD, Australia

    Guangdong Bai

  3. University of Malaga, Málaga, Spain

    Cristina Alcaraz

  4. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

Appendices

Appendix A Table for Predefined Entities and Relations

Table 5. Predefined entities and relations
Full size table

Appendix B Algorithms for Extracting Rule Statements and Detecting Contradictions

figure a
figure b

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Feng, X., Zhang, Y., Meng, M.H., Teo, S.G. (2022). Detecting Contradictions from CoAP RFC Based on Knowledge Graph. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds) Network and System Security. NSS 2022. Lecture Notes in Computer Science, vol 13787. Springer, Cham. https://doi.org/10.1007/978-3-031-23020-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-23020-2_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-23019-6

  • Online ISBN: 978-3-031-23020-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation