论文信息 - A Framework for Intelligent IoT Firmware Compliance Testing

A Framework for Intelligent IoT Firmware Compliance Testing

Abstract The recent mass production and usage of the Internet of Things (IoT) have posed serious concerns due to the unavoidable security complications. The firmware of IoT systems is a critical component of IoT security. Although multiple organizations have released security guidelines, few IoT vendors are following these guidelines properly, either due to a lack of accountability or the availability of appropriate resources. Some tools for this purpose can use static, dynamic, or fuzzing techniques to test the security of IoT firmware, which may result in false positives or failure to discover vulnerabilities. Furthermore, the vast majority of resources are devoted to a single subject, such as networking protocols, web interfaces, or Internet of Things computer applications. This paper aims to present a novel method for conducting compliance testing and vulnerability evaluation on IoT system firmware, communication interfaces, and networking services using static and dynamic analysis. The proposed system detects a broad range of security bugs across a wide range of platforms and hardware architectures. To test and validate our prototype, we ran tests on 4300 firmware images and discovered 13000+ compliance issues. This work, we believe, will be the first step toward developing a reliable automated compliance testing framework for the IoT manufacturing industry and other stakeholders.

Mohammed Kaosar | Mohan Krishna Kagita | Giridhar Reddy Bojja | M. Kaosar

[1] Paul A. Watters,et al. Zero-day Malware Detection based on Supervised Learning Algorithms of API call Signatures , 2011, AusDM.

[2] Mohan Krishna Kagita,et al. Machine Learning Techniques for Multi-media Communications in Business Marketing , 2021, J. Multiple Valued Log. Soft Comput..

[3] Ahthasham Sajid,et al. Intelligent Dynamic Malware Detection using Machine Learning in IP Reputation for Forensics Data Analytics , 2021, Future Gener. Comput. Syst..

[4] Peter Grabosky,et al. Organizations and Cybercrime , 2013 .

[5] Fernando Boavida,et al. Analysis of Student Academic Performance Using Human-in-the-Loop Cyber-Physical Systems , 2020 .

[6] Constantinos Marios Angelopoulos,et al. Addressing the Security Gap in IoT: Towards an IoT Cyber Range , 2020, Sensors.

[7] Abdul Kadir,et al. A Secured Frame Work for Searching and Sharing of Datain Cloud Based Services using IoT , 2019 .

[8] Peter Grabosky,et al. Organizations and Cyber crime: An Analysis of the Nature of Groups engaged in Cyber Crime , 2014 .

[9] Mohan Krishna Kagita,et al. The Role of the Internet of Things in Health Care: A Systematic and Comprehensive Study , 2020, International Journal of Engineering and Management Research.