Vulnerability Detection In Firmware Based On Clone Selection Algorithm

The rapid development of IoT(Internet of Things)devices brings a lot of security risks while facilitating people's life,in recent years,more and more IoT security incidents have attracted researchers' attention to the security of IoT devices.Security analysis of firmware is an important domain of IoT security research.In related works,researchers extracted numerical features and structural features of the vulnerability functions and then use machine learning algorithm to construct the detection model,a vulnerability library also need to be constructed and then the function to be detected is associated analysis with the vulnerability function,they have got good results on the real firmware vulnerability detection.However,this kind of detection model builds a common detector for all vulnerability functions and it lacks adaptability to the update of the vulnerability library.Therefore,we can have a certain improvement in the accuracy of detection.The artificial immune algorithm is an efficient learning and optimization algorithm proposed by the biological immune system.Compared with the machine learning algorithm,the artificial immune algorithm can establish a specific detector for every single vulnerability and the detector set can automatically update with the change of vulnerability library.So,it may have a better effect on some detection or classification scenarios than machine learning algorithms.Based on the related research,this thesis applies Clone Selection Algorithm(CSA)to the firmware vulnerability association detection,the major works and contributions of this thesis are as follows:1)Firstly,the data set was built by collecting the real firmware vulnerability function,then we extracted numerical and structural features and created CSA detector for every single vulnerability and analysis of the vulnerability function was carried out,we established the firmware vulnerability detection framework based on CSA and validated the effectiveness of the framework by experiments.2)Then,to improve the detection rate,this thesis further analyzed the features used in the experiment.The numerical features and structural features applied in the vulnerability association detection were analyzed with feature selection algorithms,the salient features were filtered out and validated with experiments.3)Finally,considering the updating of the firmware vulnerability library in the detection process and the defect of fixed radius detector of CSA,we applied dynamic clonal selection algorithm combined with the variable radius detector of CAS to improve the original algorithm.By collecting more than 300 firmware of D-Link routers and TP-Link routers to build data sets for experiments,compared with the related work which use the detection algorithm of neural network,the final detection result of accuracy rate increased from 83% to 92%.The research in this thesis shows that it is effective to apply the CSA to the association detection of firmware vulnerability.The accuracy rate of detection can be effectively improved by creating a specific detector for every vulnerability.In addition,through the feature analysis and applying variable radius detector of CSA in vulnerability association detection,the accuracy rate finally reached 92%.Although the accuracy rate was improved at some cost of efficiency,the application and improvement of the CSA in vulnerability association detection has achieved relatively good results.