Large-scale Firmware Vulnerability Analysis Based on Code Similarity

Large-scale Firmware Vulnerability Analysis Based on Code Similarity

연구 분야: Analysis

학회: 2021 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS)

In recent years, the popularity of the Internet of Things has led to a sharp increase in the number of IoT devices. However, device vendors develop firmware using a large number of open source libraries that contain many known and unknown vulnerabilities. What’s more, users rarely update firmware version actively, which leads to the firmware bugs existence persistently. Because of the particularity of hardware architecture and the weak of performance, it’s difficult to implement strong security protection measures. Traditional vulnerability analysis methods rely on manual analysis and are not suitable for large-scale vulnerability analysis. In this paper, we analyze the raw feature of firmware functions and graph embedding network, and calculate the similarity among functions by using features’ embedded vector. We design and implement an effective large-scale firmware vulnerability analysis technology, which can realize large-scale security analysis of device firmware. The test results show that the technology can effectively extract function features and find the known vulnerabilities in the firmware.