IoTSim: Internet of Things-Oriented Binary Code Similarity Detection with Multiple Block Relations-Reference-Cited by-同舟云学术

IoTSim: Internet of Things-Oriented Binary Code Similarity Detection with Multiple Block Relations

Published:2023-09-11 Issue:18 Volume:23 Page:7789
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Luo Zhenhao¹,Wang Pengfei¹,Xie Wei¹,Zhou Xu¹^ORCID,Wang Baosheng¹

Affiliation:

1. College of Computer, National University of Defense Technology, Changsha 410073, China

Abstract

Binary code similarity detection (BCSD) plays a crucial role in various computer security applications, including vulnerability detection, malware detection, and software component analysis. With the development of the Internet of Things (IoT), there are many binaries from different instruction architecture sets, which require BCSD approaches robust against different architectures. In this study, we propose a novel IoT-oriented binary code similarity detection approach. Our approach leverages a customized transformer-based language model with disentangled attention to capture relative position information. To mitigate out-of-vocabulary (OOV) challenges in the language model, we introduce a base-token prediction pre-training task aimed at capturing basic semantics for unseen tokens. During function embedding generation, we integrate directed jumps, data dependency, and address adjacency to capture multiple block relations. We then assign different weights to different relations and use multi-layer Graph Convolutional Networks (GCN) to generate function embeddings. We implemented the prototype of IoTSim. Our experimental results show that our proposed block relation matrix improves IoTSim with large margins. With a pool size of 103, IoTSim achieves a recall@1 of 0.903 across architectures, outperforming the state-of-the-art approaches Trex, SAFE, and PalmTree.

Funder

National University of Defense Technology Research Project

National Natural Science Foundation China

HUNAN Province Natural Science Foundation

National Key Research and Development Program of China

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/18/7789/pdf

Reference63 articles.

1. Lionel Sujay Vailshery (2023, March 03). IoT Connected Devices Worldwide 2019–2023. Available online: https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening/.

2. A large-scale empirical study on the vulnerability of deployed iot devices;Zhao;IEEE Trans. Dependable Secur. Comput.,2020

3. Wang, Q., Ji, S., Tian, Y., Zhang, X., Zhao, B., Kan, Y., Lin, Z., Lin, C., Deng, S., and Liu, A.X. (2021, January 11–13). MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Virtual.

4. Iot malware: Comprehensive survey, analysis framework and case studies;Costin;BlackHat USA,2018

5. Luo, Z., Wang, B., Tang, Y., and Xie, W. (2019). Semantic-based representation binary clone detection for cross-architectures in the internet of things. Appl. Sci., 9.