| With the introduction of the concept of Internet of Things(IoT),IoT devices have been widely used in various fields,and various emerging technologies such as smart robots,drones and autonomous driving are inseparable from the participation of IoT devices.At the same time,with the full development of digital economy,IoT devices have gained larger scale attention in the national and social scope,and the attacks against IoT devices are increasing day by day.Firmware as an important part of IoT devices,between software and hardware,plays a significant role in controlling the underlying software and file system.Therefore,attacks against IoT device firmware can often cause the paralysis of the whole IoT system.IoT device security research is of great significance in protecting national security,maintaining social production and living order as well as safeguarding people’s life and property.Research on firmware security for IoT devices can be divided into fuzzing,symbolic execution,taint analysis and homology detection,while homology detection technology is the only firmware vulnerability detection method that can analyze known vulnerabilities efficiently on a large scale.Due to the special nature of the firmware file system and the complex compilation of firmware binaries,many vendors reuse previously existing code when developing or using firmware,which results in the prevalence of the same vulnerabilities in IoT firmware of different models,versions and even different vendors.For these homologous vulnerabilities,using conventional vulnerability analysis methods is time-consuming and laborious,which will cause unnecessary losses in terms of time and economy.The homology analysis technology can efficiently and simply search out the homologous vulnerabilities in a large number of firmware devices,effectively improving efficiency and reducing losses.This paper focuses on the homology detection technology for firmware vulnerability detection of IoT devices,proposes a homology detection method for firmware binary file vulnerability based on fuzzy hashing and genetic algorithm as well as a homology detection method for firmware function control flow graph based on locality sensitive hash,and verifies through experiments that the method has a great improvement in efficiency,precision and recall rate compared with known techniques.The details of this paper are as follows.1.Fuzzy hashing is one of the important tools for homology detection.In this paper,we study and analyze the most authoritative,widely used and highly evaluated fuzzy hashing tools for large-scale firmware security vulnerability analysis.This paper categorizes and summarizes the existing popular fuzzy hashing tools,and based on this,we make an exhaustive classification and theoretical and experimental analysis of different kinds of fuzzy hashing tools,and compare the advantages and disadvantages of these tools and the optimization for these tools.In this paper,a complete framework for firmware binary homology analysis is established,and firmware extraction,unpacking,fuzzy hash extraction and matching are implemented.Several of the most used fuzzy hashing tools are experimentally evaluated on real firmware datasets,and various fuzzy hashing algorithms are investigated in depth based on the experimental results.2.In the research,most of the fuzzy hashing tools generally have problems such as unsuitable for large-scale IoT device firmware vulnerability homology detection and low recall and precision rate.To address these problems,this paper proposes and implements a new fuzzy hashing-based homology detection framework for IoT device firmware.The framework uses randomness test to filter lowinformation features and generate fuzzy hashing values to achieve higher recall rate.In addition,this paper uses a genetic algorithm to calculate and compare the similarity of firmware binaries,which effectively improves the analysis efficiency of this framework.The experimental results show that the method outperforms other current fuzzy hashinging tools in terms of precision and recall.3.Most of the current fuzzy hashing algorithms for firmware homology detection are based on file level,and their granularity is too coarse,which is not so ideal when facing real firmware datasets.At the same time,the file-level homology detection does not cover the semantic information of the code,which makes it difficult to achieve the requirements for cross-platform and cross-architecture firmware homology detection for large-scale IoT devices.To address the above problems,this paper applies locality sensitive hash to the comparison of firmware binary file functions,performs reverse analysis for different firmware files,obtains the control flow graph of functions,and signs the basic blocks of the control flow graph.The experiments show that the traditional fuzzy hashing algorithm can only be applied to one-to-one comparisons between two files while it has good performance in terms of precision.Therefore,this paper introduces a locality sensitive hash,which can perform large-scale firmware homology detection at high speed and effectively by calculating the Sim Hash value of the basic block of the vulnerability function and generating the signature of the vulnerability function.Finally,it is experimentally concluded that the method has a good recall as well as efficiency. |
PDF Full Text Request