引用本文
  • 卢昊良,邹燕燕,彭跃,谭凌霄,张禹,刘龙权,霍玮.基于物联网设备局部仿真的反馈式模糊测试技术[J].信息安全学报,2023,8(1):78-92    [点击复制]
  • LU Haoliang,ZOU Yanyan,PENG Yue,TAN Lingxiao,ZHANG Yu,LIU Longquan,HUO Wei.Feedback-driven Fuzzing Technology Based on Partial Simulation of IoT Devices[J].Journal of Cyber Security,2023,8(1):78-92   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 2805次   下载 1854 本文二维码信息
码上扫一扫!
基于物联网设备局部仿真的反馈式模糊测试技术
卢昊良1,2,3,4, 邹燕燕1,2,3,4, 彭跃1,2,3,4, 谭凌霄1,2,3,4, 张禹1,2,3,4, 刘龙权1,2,3,4, 霍玮1,2,3,4
0
(1.中国科学院信息工程研究所 北京 中国 100093;2.中国科学院网络测评技术重点实验室 北京 中国 100195;3.网络安全防护技术北京市重点实验室 北京 中国 100195;4.中国科学院大学 北京 中国 100049)
摘要:
近几年物联网设备数量飞速增长, 随着物联网的普及, 物联网设备所面临的安全问题越来越多。与物联网设备相关的安全攻击事件中, 危害最大的是利用设备漏洞获得设备最高权限, 进而窃取用户敏感数据、传播恶意代码等。对物联网设备进行漏洞挖掘, 及时发现物联网设备中存在的安全漏洞, 是解决上述安全问题的重要方法之一。通过模糊测试可有效发现物联网设备中的安全漏洞, 该方法通过向被测试目标发送大量非预期的输入, 并监控其状态来发现潜在的漏洞。然而由于物联网设备动态执行信息难获取以及模糊测试固有的测试深度问题, 使得当前流行的反馈式模糊测试技术在应用到物联网设备中面临困难。本文提出了一种基于物联网设备局部仿真的反馈式模糊测试技术。为了获取程序动态执行信息又保持一定的普适性, 本文仅对于不直接与设备硬件交互的网络服务程序进行局部仿真和测试。该方法首先在物联网设备的固件代码中自动识别普遍存在并易存在漏洞的网络数据解析函数, 针对以该类函数为入口的网络服务组件, 生成高质量的组件级种子样本集合。然后对网络服务组件进行局部仿真, 获取目标程序代码覆盖信息, 实现反馈式模糊测试。针对 6 个厂商的 9 款物联网设备的实验表明, 本文方法相比 FirmAFL 多支持 4 款物联网设备的测试, 平均可以达到 83.4%的函数识别精确率和 90.1%的召回率, 针对识别得到的 364个目标函数对应的网络服务组件共触发 294 个程序异常并发现 8 个零日漏洞。实验结果证明了我们方法的有效性和实用性。
关键词:  物联网设备  模糊测试  机器学习
DOI:10.19363/J.cnki.cn10-1380/tn.2023.01.06
投稿时间:2020-01-26修订日期:2020-04-13
基金项目:本课题得到自然科学基金项目(No. U1836209, No. 61802394), 中科院先导项目(No. XDC02040100), 国家重点研发计划(No.2016QY071405)资助。
Feedback-driven Fuzzing Technology Based on Partial Simulation of IoT Devices
LU Haoliang1,2,3,4, ZOU Yanyan1,2,3,4, PENG Yue1,2,3,4, TAN Lingxiao1,2,3,4, ZHANG Yu1,2,3,4, LIU Longquan1,2,3,4, HUO Wei1,2,3,4
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences, Beijing 100195, China;3.Beijing Key Laboratory of Network Security and Protection Technology, Beijing 100195, China;4.University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
In recent years, the number of IoT devices has grown rapidly. With the popularity of the IoT, the security issues of IoT devices are increasing. In the related security attack incidents, the main attack method is to use device vulnerabilities to obtain the highest authority of the device, and then steal the user's sensitive data and spread malicious code. Mining vulnerabilities in IoT devices and discovering security vulnerabilities in IoT devices in time is one of the important ways to solve the above security problems. Vulnerabilities in IoT devices can be effectively discovered by fuzzing. Fuzzing discovers potential vulnerabilities by sending a large number of unexpected inputs to the target being tested and monitoring its status. However, due to the difficulties of obtaining dynamic execution information of IoT devices and the inherent depth of fuzzing tests, the current popular feedback-driven fuzzing technology is difficult to apply to IoT devices. This paper proposes a feedback-driven fuzzing technology for IoT devices based on partial simulation. In order to obtain program dynamic execution information and maintain a certain universality, this paper only performs partial simulation and testing on network service programs that do not directly interact with device hardware. The method automatically identifies a certain type of function, i.e., network data analysis functions, and generates a set of high-quality component-level seed samples for network service components that take such functions as the entrance. It performs partial simulation, and obtains code coverage information. Experiments on 9 IoT devices from 6 manufacturers show that the method is able to support 4 more IoT devices than FirmAFL does. It achieves an average function recognition accuracy of 83.4% and a recall rate of 90.1%, and triggers a total of 294 crashes for objective components corresponding to the identified 364 objective functions. We have discovered 8 0-day vulnerabilities finally. Experimental results show the effectiveness and practicability of our method.
Key words:  IoT Devices  fuzzing  machine learning