Jihyeon Yu¹, Juhwan Kim¹, Youngwoo Lee¹, Fayozbek Rustamov², Joobeom Yun^1,*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3291-3315, 2023, DOI:10.32604/cmc.2023.035835

Abstract Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation framework for multi-architecture (AEMA). In… More >

Yingchao Yu^*, Shuitao Gan, Xiaojun Qin

Journal on Internet of Things, Vol.4, No.1, pp. 1-20, 2022, DOI:10.32604/jiot.2022.019469

Abstract In recent years, with the development of the natural language processing (NLP) technologies, security analyst began to use NLP directly on assembly codes which were disassembled from binary executables in order to examine binary similarity, achieved great progress. However, we found that the existing frameworks often ignored the complex internal structure of instructions and didn’t fully consider the long-term dependencies of instructions. In this paper, we propose firmVulSeeker—a vulnerability search tool for embedded firmware images, based on BERT and Siamese network. It first builds a BERT MLM task to observe and learn the semantics of different instructions in their context… More >

Wenjing Wang¹, Tengteng Zhao¹, Xiaolong Li^1,*, Lei Huang¹, Wei Zhang¹, Hui Guo²

Journal of Cyber Security, Vol.4, No.1, pp. 1-15, 2022, DOI:10.32604/jcs.2022.026816

Abstract At present, the network security situation is becoming more and more serious. Malicious network attacks such as computer viruses, Trojans and hacker attacks are becoming more and more rampant. National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society. At the same time, with the rapid development of Internet of Things and the arrival of 5G era, IoT devices as an important part of industrial Internet system, have become an important target of infiltration attacks by hostile forces. This paper describes the challenges facing… More >

Xiaoyi Li, Xiaojun Pan, Yanbin Sun^*

Journal on Artificial Intelligence, Vol.3, No.1, pp. 21-31, 2021, DOI:10.32604/jai.2021.017328

Abstract The rise of the Internet of Things (IoT) exposes more and more important embedded devices to the network, which poses a serious threat to people’s lives and property. Therefore, ensuring the safety of embedded devices is a very important task. Fuzzing is currently the most effective technique for discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State Fuzz), a gray-box fuzzing technique based on protocol state orientation. By instrumenting the program that handles protocol fields in the firmware, the problem of lack of guidance information in common protocol fuzzing is solved. By recording and comparing state transition paths, the… More >