HMFuzzer:A Human-Machine Collaboration-Based Firmware Vulnerability Mining Scheme for IoT Devices
The popularity of infrastructure such as 5G has greatly facilitated the development of the Internet of Things(IoT),which has become an integral part of our lives.However,with the widespread adoption of IoT technologies in many areas,the security risks of its architecture have also increased and the attack surface for IoT is becoming more diverse.In recent years,malicious attacks and security incidents related to the IoT have been frequent,which are often caused by exploitable security vulnerabilities in IoT devices.In this context,fuzzing currently becomes the mainstream approach for IoT device firmware vulnerability mining,which can improve the security of IoT devices by detecting security threats ahead of attackers.However,most of the existing research works on IoT device firmware vulnerability mining have overly focused on automated vulnerability mining.Although automated vulnerability mining reduces the labor cost,it limits the flexibility and scalability of the solutions and ignores the benefits of expert experience.Expert experience can greatly enhance the compatibility of automated fuzzers,improve the efficiency of test seed evolution,and also help automated tools to discern anomalous program states that are difficult to resolve,which in turn improves the ability of vulnerability mining.Therefore,in order to effectively combine expert experience and automated vulnerability mining and improve the efficiency of IoT device firmware vulnerability mining,this paper proposes a human-machine collaborative firmware vulnerability mining scheme for IoT device,named HMFuzzer.HMFuzzer obtains the target device firmware information through various methods and designs a device firmware key information extraction method based on the interaction between the front and back ends of the device firmware.The method simulates the three-party interaction mode among the device firmware,the management interface,and the user,which can effectively obtain the target device's potential firmware key information.Besides,HMFuzzer obtains firmware key functions through binary file location and function analysis for guiding the subsequent fuzzing seed generation.In addition,HMFuzzer introduces expert experience into the pre-processing,testing,and result analysis phases,optimizing the seed variation and fuzzing process based on the key information obtained in the previous phase.Furthermore,it combines with the reinforcement learning algorithm,which significantly improves the coverage rate and efficiency of fuzzing as well as the vulnerability mining capability of target device firmware.To verify the effectiveness and detection capability of HMFuzzer,we conduct three parts of experiments,including reinforcement learning algorithm experiments,vulnerability detection capability comparison experiments,and 0-day vulnerability mining experiments.The reinforcement learning algorithm experiments demonstrate that compared to existing vulnerability mining solutions for IoT devices,the reinforcement learning algorithm is able to significantly improve the coverage of target programs by improving the efficiency of seed screening.The vulnerability detection capability comparison experiments collect 110 vulnerabilities in 37 different devices from 7 vendors.The results show that HMFuzzer is able to improve vulnerability identification success rate by more than 10%compared to existing methods,providing a stronger vulnerability detection capability.The 0-day vulnerability mining experiments analyze three real vendor's IoT devices.Finally,HMFuzzer finds multiple 0-day vulnerabilities,including 4 CVE/CNVD high-risk vulnerabilities.
Internet of Thingsvulnerability miningfuzzinghuman machine collaborationdevice firmwarereinforcement learning
万方数据
维普
