TY  - EJOU
AU  - Wang, Wenjing 
AU  - Zhao, Tengteng 
AU  - Li, Xiaolong 
AU  - Huang, Lei 
AU  - Zhang, Wei 
AU  - Guo, Hui 

TI  - Research on Known Vulnerability Detection Method Based on Firmware Analysis
T2  - Journal of Cyber Security

PY  - 2022
VL  - 4
IS  - 1
SN  - 2579-0064

AB  - At present, the network security situation is becoming more and more serious. Malicious network attacks such as computer viruses, Trojans and hacker attacks are becoming more and more rampant. National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society. At the same time, with the rapid development of Internet of Things and the arrival of 5G era, IoT devices as an important part of industrial Internet system, have become an important target of infiltration attacks by hostile forces. This paper describes the challenges facing firmware vulnerability detection at this stage, and introduces four automatic detection and utilization technologies in detail: based on patch comparison, based on control flow, based on data flow and ROP attack against buffer vulnerabilities. On the basis of clarifying its core idea, main steps and experimental results, the limitations of its method are proposed. Finally, combined with four automatic detection methods, this paper summarizes the known vulnerability detection steps based on firmware analysis, and looks forward to the follow-up work.
KW  - IoT devices; vulnerability mining; automatic detection; static analysis

DO  - 10.32604/jcs.2022.026816