两阶段二进制物联网固件漏洞检测方法研究
作者:
作者单位:

作者简介:

于璐(1985—),女,博士,讲师,研究方向为软件与系统安全

通讯作者:

中图分类号:

TP393

基金项目:


A two-staged binary IoT firmware vulnerability detection method
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    物联网(internet of things, IoT )设备漏洞带来的安全问题引发了研究人员的广泛关注,出于系统稳定性的考虑,设备厂商往往不会及时更新IoT固件中的补丁,导致漏洞对设备安全性影响时间更长;同时,大部分IoT固件文件源码未知,对其进行漏洞检测的难度更大。基于机器学习的代码比较技术可以有效应用于IoT设备的漏洞检测,但是这些技术存在因代码特征提取粒度粗、提取的语义特征不充分和代码比较范围未进行约束而导致的高误报问题。针对这些问题,提出一种基于神经网络的两阶段IoT固件漏洞检测方法。基于代码的多维特征缩小代码比较范围,提高比较的效率和精确度;再基于代码特征,用神经网络模型对代码相似程度进行学习,从而判断二进制IoT固件的代码与漏洞代码的相似程度,以检测IoT固件中是否存在漏洞,最后实验证明了所提方法在IoT固件检测中的有效性。

    Abstract:

    Internet of things(IoT) device security has drawn much attention with its wide application in various fields. Researchers have realized that the vulnerabilities of IoT files have brought severe threat to the IoT security. IoT manufactures usually do not fix the patch in IoT devices considering the system stability, resulting in a longer impact of vulnerabilities. Besides, the source codes of most IoT devices are not available, so it is more difficult to detect the vulnerabilities. Currently, binary program vulnerability detection technologies combining machine learning and code comparison technology can be effectively applied to the vulnerability detection of IoT devices. However, these technologies face the problems of high false positives caused by coarse feature extraction granularity, insufficient semantic features and too wide code comparison scope. Aiming to solve these problems, we propose a two-staged binary function similarity comparison method based on neural network to detect IoT vulnerabilities effectively without reducing efficiency too much. Before applying neural network to extract fine-granularity features, an attributed call graph was constructed based on multidimensional features to filter candidate functions in IoT file that are more likely to correspond to vulnerability function, narrowing down the comparison scope. In the second stage, the fine-grained feature extraction and representation method is applied to locate the functions that behavior similarly to vulnerability function. Neural network model is applied to extract the code feature and make comparison between the code of binary IoT firmware and the vulnerability, detecting whether there are vulnerabilities in the IoT firmware. Experiments show the effectiveness of the proposed two-staged method in the detection of IoT firmware vulnerabilities.

    参考文献
    相似文献
    引证文献
引用本文
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2023-03-23
  • 出版日期: