FirmAEHF: A Dynamic Analysis Method for Embedded IoT Firmware Based on Simulation and Hybrid Fuzzing

FirmAEHF: A Dynamic Analysis Method for Embedded IoT Firmware Based on Simulation and Hybrid Fuzzing

연구 분야: Analysis

학회: 2025 6th International Conference on Computer Science, Engineering, and Education (CSEE)

With the development of the Internet of Things, the security of IoT devices is becoming more and more important. Dynamic analysis is an important method to evaluate the security of embedded IoT(Internet of Things) devices. However, due to the complexity of firmware and the heterogeneity of hardware, the dynamic analysis of firmware faces great difficulties. To this end, we propose FirmAEHF (Firmware arbitration emulation with Hybridfuzz), a dynamic analysis method for embedded IoT firmware based on simulation and hybrid fuzz testing. By combining the advantages of simulation technology and hybrid fuzzing test, this method can detect the dynamic vulnerability of embedded device firmware more efficiently and comprehensively. FirmAEHF not only enables testers to simulate the real operating environment of embedded devices without relying on actual hardware, so as to accurately reproduce the operating behavior of firmware, but also greatly reduces the testing cost, especially in the case of multi-platform testing and integrated debugging, FirmAEHF has irreplaceable advantages. At the same time, hybrid fuzzing is able to mine vulnerabilities in a wider input space by combining multiple testing strategies such as symbolic execution, random testing and mutation testing. FirmAEHF combines the advantages of traditional fuzzing, symbolic execution and other technologies, which can explore more execution paths, thus significantly improving the effect and efficiency of vulnerability detection. This hybrid approach makes FirmAEHF better able to deal with complex input spaces, especially when facing firmware program paths that are difficult to be covered by a single fuzz test. Symbolic execution can provide additional precision and coverage, and find deep security issues. The experimental results show that FirmAEHF effectively improves the detection ability of embedded IoT firmware security, and can adapt to the evolving IoT technology ecology to meet the increasingly complex secu... Show More