With more IoT devices entering the consumer market, it becomes imperative to detect their security vulnerabilities before an attacker does. Existing binary analysis based approaches only work on firmware, which is less accessible except for those equipped with special tools for extracting the code from the device. To address this challenge in IoT security analysis, we present in this paper a novel automatic fuzzing framework, called IOTFUZZER, which aims at finding memory corruption vulnerabilities in IoT devices without access to their firmware images. The key idea is based upon the observation that most IoT devices are controlled through their official mobile apps, and such an app often contains rich information about the protocol it uses to communicate with its device. Therefore, by identifying and reusing program-specific logic (e.g., encryption) to mutate the test case (particularly message fields), we are able to effectively probe IoT targets without relying on any knowledge about its protocol specifications. In our research, we implemented IOTFUZZER and evaluated 17 real-world IoT devices running on different protocols, and our approach successfully identified 15 memory corruption vulnerabilities (including 8 previously unknown ones).
Abstract-In this paper, parameter estimation of a two-dimensional (2-D) single damped real/complex tone in the presence of additive white Gaussian noise is addressed. By utilizing the rank-one property of the 2-D noise-free data matrix, the damping factor and frequency for each dimension are estimated in a separable manner from the principal left and right singular vectors according to an iterative weighted least squares procedure. The remaining parameters are then obtained straightforwardly using standard least squares. The biases as well as variances of the damping factor and frequency estimates are also derived, which show that they are approximately unbiased and their performance achieves Cramér-Rao lower bound (CRLB) at sufficiently large signal-to-noise ratio (SNR) and/or data size conditions. We refer the proposed approach to as principal-singular-vector utilization for modal analysis (PUMA) which performs estimation in a fast and accurate manner. The development and analysis can easily be adapted for a tone which is undamped in at least one dimension. Furthermore, comparative simulation results with several conventional 2-D estimators and CRLB are included to corroborate the theoretical development of the PUMA approach as well as to demonstrate its superiority.
Recently, lip image analysis has received much attention because its visual information is shown to provide improvement for speech recognition and speaker authentication. Lip image segmentation plays an important role in lip image analysis. In this paper, a new fuzzy clustering method for lip image segmentation is presented. This clustering method takes both the color information and the spatial distance into account while most of the current clustering methods only deal with the former. In this method, a new dissimilarity measure, which integrates the color dissimilarity and the spatial distance in terms of an elliptic shape function, is introduced. Because of the presence of the elliptic shape function, the new measure is able to differentiate the pixels having similar color information but located in different regions. A new iterative algorithm for the determination of the membership and centroid for each class is derived, which is shown to provide good differentiation between the lip region and the nonlip region. Experimental results show that the new algorithm yields better membership distribution and lip shape than the standard fuzzy c-means algorithm and four other methods investigated in the paper.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.