Vulnerability Detection For IoT Device Firmware Based On Function Similarity

With the rapid development of IoT technology,smart devices are gradually integrated into people’s life and work,which has played a huge role in promoting the development of society.In recent years,the number of IoT devices has surged industry competition is fierce,IoT vendors in order to shorten the development cycle to quickly seize the market,a large number of reuse of third-party open source components,if the open source components are defective,then reuse the program of the component will also introduce security risks.On the other hand,there are some limitations in the current research on the security detection of IoT devices.First,IoT devices are commercial products,for copyright protection and other factors,manufacturers usually do not disclose the device source code,researchers can only obtain the firmware of IoT devices for reverse analysis.Second,the variety of IoT devices with different functions and nonuniform operation architectures increases the technical difficulty of IoT device security analysis.In this context,the research of vulnerability detection technology for firmware of cross-architecture IoT devices has become an important direction in the field of IoT security.In IoT device firmware vulnerability detection research,binary function similarity detection is a common technique used to measure the similarity between two binary functions and is an important method to detect the presence of known vulnerabilities in firmware.Existing detection methods usually rely on manually selecting the attribute features of the binary function and the control flow graph,and then comparing the function similarity based on these features.On the one hand,manual selection of attribute statistical features of binary functions relies too much on expert experience and causes a lot of semantic loss;on the other hand,the function control flow graph changes significantly with different compilation configurations,and the process of extracting the function control flow graph has a large overhead.Considering the security of IoT devices and the importance and challenge of firmware vulnerability detection,this thesis designs and implements a function similaritybased firmware vulnerability detection scheme for IoT devices.The main contributions of this thesis are as follows:1.A text-semantic based similarity detection method for binary functions is proposed to address the problems of difficulty in detecting similarity across architectures,costly extraction of function control flow graphs and large variation under different configurations,and dependence of function feature selection on expert knowledge.First,the method preprocesses the binary functions with assembly instructions to transform them into function texts;then,it uses a natural language processing model to learn the function texts autonomously to obtain the semantic embedding vectors;finally,it measures the similarity between functions by calculating the cosine distance between two function embedding vectors.The experimental results show that the proposed detection method can identify the similarity of binary functions across architectures,and its detection accuracy can reach 99.1%.2.The system consists of four components,namely,firmware parsing module,function pre-screening module,function similarity matching model and function vulnerability library.Experimental results in real firmware image sets and CVE vulnerability sets show that the SBFS system can effectively detect vulnerabilities in the firmware of IoT devices in real environments,and its average detection accuracy reaches 93.5%.