一种基于同源性检测的轻量级物联网固件漏洞检测方案

IF 0.7 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of High Speed Networks Pub Date : 2022-11-03 DOI:10.3233/jhs-222027

Donglan Liu, Haotong Zhang, Rui Wang, Fang Zhang, Lili Sun, Xin Liu, L. Ma

{"title":"一种基于同源性检测的轻量级物联网固件漏洞检测方案","authors":"Donglan Liu, Haotong Zhang, Rui Wang, Fang Zhang, Lili Sun, Xin Liu, L. Ma","doi":"10.3233/jhs-222027","DOIUrl":null,"url":null,"abstract":"In recent years, with the rapid development of IoT technology, hundreds of millions of IoT devices have been manufactured and applied, and the subsequent IoT attacks have become more and more severe. The complex and diverse architecture of IoT devices, coupled with the lack of security development specifications by IoT device manufacturers, and the widespread misuse and abuse of code, lead to the proliferation of IoT vulnerabilities. The conventional IoT vulnerability detection scheme is expensive to operate, and the implementation technology is complex, which is difficult to be fully promoted. This paper proposes a lightweight IoT firmware vulnerability detection scheme based on homology detection. The processing is converted into a feature vector, which effectively reduces the platform dependence. Combined with the database technology, the storage and retrieval efficiency is increased, and the same-origin vulnerability detection is realized by calculating the cosine similarity of the vector. The experimental results show that this scheme can effectively identify the vulnerabilities in firmware.","PeriodicalId":54809,"journal":{"name":"Journal of High Speed Networks","volume":"48 1","pages":"287-297"},"PeriodicalIF":0.7000,"publicationDate":"2022-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A lightweight IoT firmware vulnerability detection scheme based on homology detection\",\"authors\":\"Donglan Liu, Haotong Zhang, Rui Wang, Fang Zhang, Lili Sun, Xin Liu, L. Ma\",\"doi\":\"10.3233/jhs-222027\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, with the rapid development of IoT technology, hundreds of millions of IoT devices have been manufactured and applied, and the subsequent IoT attacks have become more and more severe. The complex and diverse architecture of IoT devices, coupled with the lack of security development specifications by IoT device manufacturers, and the widespread misuse and abuse of code, lead to the proliferation of IoT vulnerabilities. The conventional IoT vulnerability detection scheme is expensive to operate, and the implementation technology is complex, which is difficult to be fully promoted. This paper proposes a lightweight IoT firmware vulnerability detection scheme based on homology detection. The processing is converted into a feature vector, which effectively reduces the platform dependence. Combined with the database technology, the storage and retrieval efficiency is increased, and the same-origin vulnerability detection is realized by calculating the cosine similarity of the vector. The experimental results show that this scheme can effectively identify the vulnerabilities in firmware.\",\"PeriodicalId\":54809,\"journal\":{\"name\":\"Journal of High Speed Networks\",\"volume\":\"48 1\",\"pages\":\"287-297\"},\"PeriodicalIF\":0.7000,\"publicationDate\":\"2022-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of High Speed Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3233/jhs-222027\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of High Speed Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jhs-222027","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

近年来，随着物联网技术的飞速发展，数以亿计的物联网设备被制造和应用，随之而来的物联网攻击也越来越严重。物联网设备复杂多样的架构，加上物联网设备制造商缺乏安全开发规范，以及代码的普遍误用和滥用，导致物联网漏洞泛滥。传统的物联网漏洞检测方案操作成本高，实施技术复杂，难以全面推广。提出了一种基于同源性检测的轻量级物联网固件漏洞检测方案。将处理过程转化为特征向量，有效降低了平台依赖性。结合数据库技术，提高了存储检索效率，并通过计算向量的余弦相似度实现同源漏洞检测。实验结果表明，该方案能够有效地识别固件中的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A lightweight IoT firmware vulnerability detection scheme based on homology detection

In recent years, with the rapid development of IoT technology, hundreds of millions of IoT devices have been manufactured and applied, and the subsequent IoT attacks have become more and more severe. The complex and diverse architecture of IoT devices, coupled with the lack of security development specifications by IoT device manufacturers, and the widespread misuse and abuse of code, lead to the proliferation of IoT vulnerabilities. The conventional IoT vulnerability detection scheme is expensive to operate, and the implementation technology is complex, which is difficult to be fully promoted. This paper proposes a lightweight IoT firmware vulnerability detection scheme based on homology detection. The processing is converted into a feature vector, which effectively reduces the platform dependence. Combined with the database technology, the storage and retrieval efficiency is increased, and the same-origin vulnerability detection is realized by calculating the cosine similarity of the vector. The experimental results show that this scheme can effectively identify the vulnerabilities in firmware.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of High Speed Networks Computer Science-Computer Networks and Communications

CiteScore

1.80

自引率

11.10%

发文量

期刊介绍： The Journal of High Speed Networks is an international archival journal, active since 1992, providing a publication vehicle for covering a large number of topics of interest in the high performance networking and communication area. Its audience includes researchers, managers as well as network designers and operators. The main goal will be to provide timely dissemination of information and scientific knowledge. The journal will publish contributed papers on novel research, survey and position papers on topics of current interest, technical notes, and short communications to report progress on long-term projects. Submissions to the Journal will be refereed consistently with the review process of leading technical journals, based on originality, significance, quality, and clarity. The journal will publish papers on a number of topics ranging from design to practical experiences with operational high performance/speed networks.