Research And Implementation On Intelligent Dynamic Detection Technology For Unauthorized Vulnerabilities In IoT Device

With the widespread use of the internet and the advancement of 5G communication technology,the internet of things(IoT)has experienced rapid development.More and more devices are connected to the internet,constantly sharing and receiving data.However,security threats faced by IoT devices have become increasingly serious,especially the threat of unauthorized access.These vulnerabilities are easy to attack,but difficult to detect,posing a high risk to user privacy and data security.Currently,there are many problems to be solved in the implementation level of automated detection of unauthorized vulnerabilities,such as the lack of methods for detecting unauthorized vulnerabilities in multi-architecture binary programs,low quality test samples,and difficulties in monitoring unauthorized vulnerabilities.This article selects coding bypass and file unauthorized access two types of vulnerabilities representative of unauthorized vulnerabilities as research objects,and proposes an intelligent dynamic detection technology for unauthorized vulnerabilities in IoT devices,and designs and implements a prototype system called LogicDET.The main research contents include:(1)proposing a sensitive region localization and sample format extraction technology based on static analysis to improve the specificity and quality of vulnerability detection;(2)proposing a dynamic probe technology based on static information feedback and Ptrace to provide data support for unauthorized vulnerability detection by inserting probes at key locations;(3)proposing an unauthorized vulnerability detection technology based on structure perception and distance-oriented dangerous function,using the format information obtained in(1)to build a sample generation model,improving the quality of samples,and introducing distance-oriented optimization technology to increase the probability of samples contacting dangerous functions,and effectively monitor unauthorized vulnerabilities through the execution state information of dangerous functions.Through functional testing and experimental comparison,in the context of IoT vulnerability detection,the dynamic probe module of LogicDET is more efficient than dynamic insertion tools such as DynamoRIO and Valgrind,and has lower requirements for hardware and system.In the vulnerability mining testing,LogicDET successfully found 4 known and 3 unknown vulnerabilities in 3 real devices.The experimental results show that this system can be applied to actual scenarios,and has some theoretical and practical significance,helping to improve the automation detection level of unauthorized vulnerabilities in IoT devices.