{"id":"https://openalex.org/W4411058561","doi":"https://doi.org/10.1145/3727582.3728687","title":"Designing and Optimizing Alignment Datasets for IoT Security: A Synergistic Approach with Static Analysis Insights","display_name":"Designing and Optimizing Alignment Datasets for IoT Security: A Synergistic Approach with Static Analysis Insights","publication_year":2025,"publication_date":"2025-06-05","ids":{"openalex":"https://openalex.org/W4411058561","doi":"https://doi.org/10.1145/3727582.3728687"},"language":"en","primary_location":{"id":"doi:10.1145/3727582.3728687","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727582.3728687","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st International Conference on Predictive Models and Data Analytics in Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3727582.3728687","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5116498916","display_name":"Ahmad Al-Zuraiqi","orcid":null},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Ahmad Al-Zuraiqi","raw_affiliation_strings":["Queen's University Belfast, Belfast, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0001-3850-2976","affiliations":[{"raw_affiliation_string":"Queen's University Belfast, Belfast, United Kingdom","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5005179962","display_name":"Des Greer","orcid":"https://orcid.org/0000-0001-6367-9274"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Des Greer","raw_affiliation_strings":["Queen's University Belfast, Belfast, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-6367-9274","affiliations":[{"raw_affiliation_string":"Queen's University Belfast, Belfast, United Kingdom","institution_ids":["https://openalex.org/I126231945"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5116498916"],"corresponding_institution_ids":["https://openalex.org/I126231945"],"apc_list":null,"apc_paid":null,"fwci":1.3517,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.82240771,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"55","last_page":"64"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7787755131721497},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6198697686195374},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5414772629737854},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.5010828971862793},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.32471054792404175},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.26509493589401245},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.156793475151062}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7787755131721497},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6198697686195374},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5414772629737854},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.5010828971862793},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32471054792404175},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.26509493589401245},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.156793475151062}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3727582.3728687","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727582.3728687","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st International Conference on Predictive Models and Data Analytics in Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.qub.ac.uk/portal:openaire/afb595ee-cc2d-41f3-944b-7ad8a32afd07","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/afb595ee-cc2d-41f3-944b-7ad8a32afd07","pdf_url":null,"source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Al-Zuraiqi, A & Greer, D 2025, Designing and optimizing alignment datasets for IoT security: a synergistic approach with static analysis insights. in PROMISE '25: Proceedings of the 21st International Conference on Predictive Models and Data Analytics in Software Engineering. Association for Computing Machinery, pp. 55-64, PROMISE 2025: The 21st International Conference on Predictive Models and Data Analytics in Software Engineering, Trondheim, Norway, 23/06/2025. https://doi.org/10.1145/3727582.3728687","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"doi:10.1145/3727582.3728687","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727582.3728687","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st International Conference on Predictive Models and Data Analytics in Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2104927807","https://openalex.org/W2119812052","https://openalex.org/W2602809880","https://openalex.org/W3134260321","https://openalex.org/W3192414357","https://openalex.org/W4378771755","https://openalex.org/W4390963024","https://openalex.org/W4391555989","https://openalex.org/W4394595165","https://openalex.org/W4408146308","https://openalex.org/W4411271863"],"related_works":["https://openalex.org/W2521930763","https://openalex.org/W2079146453","https://openalex.org/W2380031640","https://openalex.org/W2295858576","https://openalex.org/W2069098678","https://openalex.org/W3106007553","https://openalex.org/W2058305829","https://openalex.org/W2392272505","https://openalex.org/W2057373006","https://openalex.org/W2941677765"],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"show":[4],"great":[5],"promise":[6],"for":[7,118,157,205],"automating":[8],"critical":[9],"IoT":[10,54,62,89,97,142,207,230],"security":[11,55,143,190,225],"tasks,":[12],"yet":[13],"they":[14],"often":[15],"fail":[16],"to":[17,32,78,133,220],"address":[18],"high-stakes":[19,189],"vulnerabilities":[20,90,158,212],"without":[21],"domain-focused":[22],"datasets.":[23],"In":[24],"this":[25],"paper,":[26],"we":[27,217],"present":[28],"a":[29,177],"structured":[30],"methodology":[31],"design":[33],"and":[34,52,68,91,101,114,126,155,169,235],"optimize":[35],"IoT-specific":[36,119],"alignment":[37,150,179],"datasets":[38,151],"informed":[39],"by":[40],"static":[41,162],"analysis":[42,64,201],"insights,":[43],"thereby":[44],"bridging":[45],"the":[46,182,195],"gap":[47],"between":[48],"generic":[49],"language":[50],"models":[51],"specialized":[53],"requirements.":[56],"Our":[57],"approach":[58],"integrates":[59],"findings":[60],"from":[61,98,130],"firmware":[63],"tools":[65],"(e.g.":[66],"FACT":[67],"Binwalk)":[69],"with":[70],"authoritative":[71],"vulnerability":[72],"repositories":[73],"(MITRE":[74],"CVE,":[75],"CWE,":[76],"CAPEC)":[77],"construct":[79],"three":[80],"key":[81],"dataset":[82],"types:":[83],"(1)":[84],"Base":[85],"Datasets,":[86,95],"capturing":[87],"essential":[88],"configurations,":[92],"(2)":[93],"Classification":[94],"discerning":[96],"non-IoT":[99],"prompts,":[100],"(3)":[102],"Alignment":[103],"Datasets":[104],"employing":[105],"Contrastive":[106],"Preference":[107,111],"Optimization":[108,112,116,175],"(CPO),":[109],"Direct":[110],"(DPO),":[113],"Kahneman-Tversky":[115,174],"(KTO)":[117],"fine-tuning.":[120],"We":[121],"further":[122],"incorporate":[123],"secure-by-design":[124],"principles":[125],"bias":[127],"mitigation":[128],"strategies---ranging":[129],"device-type":[131],"diversity":[132],"synthetic":[134],"data":[135],"augmentation---to":[136],"ensure":[137],"fair,":[138],"high-fidelity":[139],"representations":[140],"of":[141,184,197],"scenarios.":[144],"Experimental":[145],"results":[146],"demonstrate":[147],"that":[148],"our":[149],"improve":[152],"LLM":[153,203],"responsiveness":[154],"correctness":[156],"discovered":[159],"via":[160],"offline":[161],"analysis,":[163],"including":[164],"outdated":[165],"libraries,":[166],"hard-coded":[167],"credentials,":[168],"insecure":[170],"default":[171],"services.":[172],"Notably,":[173],"achieves":[176],"97%":[178],"accuracy,":[180],"reflecting":[181],"impact":[183],"clear":[185],"binary":[186],"classifications":[187],"in":[188,213,232],"tasks.":[191],"This":[192],"work":[193],"underscores":[194],"significance":[196],"dual-system":[198],"integration":[199],"(static":[200],"plus":[202],"alignment)":[204],"proactive":[206],"defense.":[208],"By":[209],"foregrounding":[210],"domain-specific":[211],"carefully":[214],"curated":[215],"datasets,":[216],"enable":[218],"LLMs":[219],"generate":[221],"more":[222],"actionable,":[223],"context-aware":[224],"recommendations,":[226],"thus":[227],"advancing":[228],"state-of-the-art":[229],"protections":[231],"both":[233],"research":[234],"industry":[236],"deployments.":[237]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}