Hard-coded backdoor detection method based on semantic conflict
The current router security issues focus on the mining and utilization of memory-type vulnerabilities, but there is low interest in detecting backdoors.Hard-coded backdoor is one of the most common backdoors, which is simple and convenient to set up and can be implemented with only a small amount of...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023015 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529597591552000 |
|---|---|
| author | Anxiang HU Da XIAO Shichen GUO Shengli LIU |
| author_facet | Anxiang HU Da XIAO Shichen GUO Shengli LIU |
| author_sort | Anxiang HU |
| collection | DOAJ |
| description | The current router security issues focus on the mining and utilization of memory-type vulnerabilities, but there is low interest in detecting backdoors.Hard-coded backdoor is one of the most common backdoors, which is simple and convenient to set up and can be implemented with only a small amount of code.However, it is difficult to be discovered and often causes serious safety hazard and economic loss.The triggering process of hard-coded backdoor is inseparable from string comparison functions.Therefore, the detection of hard-coded backdoors relies on string comparison functions, which are mainly divided into static analysis method and symbolic execution method.The former has a high degree of automation, but has a high false positive rate and poor detection results.The latter has a high accuracy rate, but cannot automate large-scale detection of firmware, and faces the problem of path explosion or even unable to constrain solution.Aiming at the above problems, a hard-coded backdoor detection algorithm based on string text semantic conflict (Stect) was proposed since static analysis and the think of stain analysis.Stect started from the commonly used string comparison functions, combined with the characteristics of MIPS and ARM architectures, and extracted a set of paths with the same start and end nodes using function call relationships, control flow graphs, and branching selection dependent strings.If the strings in the successfully verified set of paths have semantic conflict, it means that there is a hard-coded backdoor in the router firmware.In order to evaluate the detection effect of Stect, 1 074 collected device images were tested and compared with other backdoor detection methods.Experimental results show that Stect has a better detection effect compared with existing backdoor detection methods including Costin and Stringer: 8 hard-coded backdoor images detected from image data set, and the recall rate reached 88.89%. |
| format | Article |
| id | doaj-art-32cf3ee5297a47939aaa8eba5a50a798 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-32cf3ee5297a47939aaa8eba5a50a7982025-01-15T03:16:31ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-02-01915015759577459Hard-coded backdoor detection method based on semantic conflictAnxiang HUDa XIAOShichen GUOShengli LIUThe current router security issues focus on the mining and utilization of memory-type vulnerabilities, but there is low interest in detecting backdoors.Hard-coded backdoor is one of the most common backdoors, which is simple and convenient to set up and can be implemented with only a small amount of code.However, it is difficult to be discovered and often causes serious safety hazard and economic loss.The triggering process of hard-coded backdoor is inseparable from string comparison functions.Therefore, the detection of hard-coded backdoors relies on string comparison functions, which are mainly divided into static analysis method and symbolic execution method.The former has a high degree of automation, but has a high false positive rate and poor detection results.The latter has a high accuracy rate, but cannot automate large-scale detection of firmware, and faces the problem of path explosion or even unable to constrain solution.Aiming at the above problems, a hard-coded backdoor detection algorithm based on string text semantic conflict (Stect) was proposed since static analysis and the think of stain analysis.Stect started from the commonly used string comparison functions, combined with the characteristics of MIPS and ARM architectures, and extracted a set of paths with the same start and end nodes using function call relationships, control flow graphs, and branching selection dependent strings.If the strings in the successfully verified set of paths have semantic conflict, it means that there is a hard-coded backdoor in the router firmware.In order to evaluate the detection effect of Stect, 1 074 collected device images were tested and compared with other backdoor detection methods.Experimental results show that Stect has a better detection effect compared with existing backdoor detection methods including Costin and Stringer: 8 hard-coded backdoor images detected from image data set, and the recall rate reached 88.89%.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023015router firmwarehard-coded backdoorstring comparison functionssemantic conflict |
| spellingShingle | Anxiang HU Da XIAO Shichen GUO Shengli LIU Hard-coded backdoor detection method based on semantic conflict 网络与信息安全学报 router firmware hard-coded backdoor string comparison functions semantic conflict |
| title | Hard-coded backdoor detection method based on semantic conflict |
| title_full | Hard-coded backdoor detection method based on semantic conflict |
| title_fullStr | Hard-coded backdoor detection method based on semantic conflict |
| title_full_unstemmed | Hard-coded backdoor detection method based on semantic conflict |
| title_short | Hard-coded backdoor detection method based on semantic conflict |
| title_sort | hard coded backdoor detection method based on semantic conflict |
| topic | router firmware hard-coded backdoor string comparison functions semantic conflict |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023015 |
| work_keys_str_mv | AT anxianghu hardcodedbackdoordetectionmethodbasedonsemanticconflict AT daxiao hardcodedbackdoordetectionmethodbasedonsemanticconflict AT shichenguo hardcodedbackdoordetectionmethodbasedonsemanticconflict AT shengliliu hardcodedbackdoordetectionmethodbasedonsemanticconflict |