With the development of the IoT technology, an unprecedented number of IoT terminals are connected to various networks. Commercial-off-the-shelf (COTS) technology is widely used in the IoT terminal firmware, which results in high code reuse rates. Such firmware is always heterogeneous and closedsource. It is so difficult to detect and investigate the security risks at the firmware level that their impacts are faster and broader. In recent years, some firmware security detection technologies based on similarity are gradually becoming a research hotspot. However, in these studies, the basic issue regarding whether these foundations comprise an essential basis for comparison and their utility as similarity measures has not been addressed theoretically. Inspired by biological genes, this paper attempts to supplement a foundation for cross-platform firmware binary code homology and similarity analysis by mining firmware code genes that can essentially identify code and exhibit stability, antivariability and heritability. The firmware code gene extract system(FCGES) is designed and implemented in this paper. FCGES first extracts the features of firmware code, then numericizes and normalizes them, and finally sublimates them to firmware code genes by the hypothesis margin. The experimental results show that the firmware code gene extracted by FCGES has essentiality, stability, antivariability and heritability on different platforms.
Internet of Things (IoT) terminals have firmware with heterogeneous, closed-source, and heavy business but light security characteristics, whereas on the edge, there are limited resources and a high code reuse rate. Once there are security risks at the firmware level, these risks are difficult to detect and discover, and the resulting impact quickly spreads over a wide range. Therefore, a similarity and homology analysis of firmware codes in an IoT terminal will be helpful for further research on firmware malicious code detection, vulnerability mining, backdoor discovery and copyright protection. Inspired by biological genes, this paper attempts to break away from the traditional feature-centered approach and focuses on code classification and the qualitative description of code features to discuss the idea of code similarity and homology analysis. Additionally, the proposed approach is information-centric, focusing on the informativeness (essentiality, stability, antivariability, and heritability) of the firmware code genes and the quantitative analysis of firmware code similarity and homology by discussing common methods and mechanisms. This paper presents security detection technology for IoT terminal firmware by measuring the gene distance between the codes. A prototype firmware security detection system (FSDS) for IoT terminals based on firmware code genes is designed and implemented. The experimental results show that this method has a good search matching effect and has certain advantages over traditional firmware security detection methods based on similarity theory.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.