BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model.
In the field of firmware security analysis for Internet of Things (IoT) devices, border binary detection has become an important research focus. However, the existing methods for border binary detection have problems such as insufficient feature characterization, high false-negative rates, and low i...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Public Library of Science (PLoS)
2025-01-01
|
| Series: | PLoS ONE |
| Online Access: | https://doi.org/10.1371/journal.pone.0329469 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849228177213227008 |
|---|---|
| author | Shudan Yue Guimin Zhang Qingbao Li Wenbo Zhang Xiaonan Li Weihua Jiao |
| author_facet | Shudan Yue Guimin Zhang Qingbao Li Wenbo Zhang Xiaonan Li Weihua Jiao |
| author_sort | Shudan Yue |
| collection | DOAJ |
| description | In the field of firmware security analysis for Internet of Things (IoT) devices, border binary detection has become an important research focus. However, the existing methods for border binary detection have problems such as insufficient feature characterization, high false-negative rates, and low intelligence levels. To mitigate these issues, we introduce BBDetector, a border binary detection method based on a multidimensional feature model. First, we constructed the first known set of border binaries at a certain scale by collecting and analyzing a diverse set of real-world firmware. To characterize the features of border binaries comprehensively, we proposed a multidimensional feature model (MDFM). Next, we extracted the feature vectors of binaries via the MDFM and designed a novel stacking method to achieve border binary detection. This method involves ensemble learning, combining extreme gradient boosting, light gradient boosting machine, and categorical boosting as base learners with random forest as the meta-learner. Finally, a border binary detection model (XLC-R) was obtained by training with feature vectors. We tested and evaluated BBDetector on two datasets. The experimental results showed that XLC-R achieved a precision of 94.98%, a recall of 91.02%, and an F1 score of 92.84% for the constructed representative Dataset I. Additionally, BBDetector detected 3.25 times and 2.23 times more border binaries in Dataset II than did the state-of-the-art tools Karonte and SaTC, respectively. BBDetector provides an accurate method for border binary detection in IoT firmware security analysis, significantly enhancing the pertinence of vulnerability detection, dramatically reducing the complexity of firmware security analysis, and providing essential technical support for improving IoT device security. |
| format | Article |
| id | doaj-art-ba935eb21f354ed397bf17338c657f4e |
| institution | Kabale University |
| issn | 1932-6203 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Public Library of Science (PLoS) |
| record_format | Article |
| series | PLoS ONE |
| spelling | doaj-art-ba935eb21f354ed397bf17338c657f4e2025-08-23T05:31:59ZengPublic Library of Science (PLoS)PLoS ONE1932-62032025-01-01208e032946910.1371/journal.pone.0329469BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model.Shudan YueGuimin ZhangQingbao LiWenbo ZhangXiaonan LiWeihua JiaoIn the field of firmware security analysis for Internet of Things (IoT) devices, border binary detection has become an important research focus. However, the existing methods for border binary detection have problems such as insufficient feature characterization, high false-negative rates, and low intelligence levels. To mitigate these issues, we introduce BBDetector, a border binary detection method based on a multidimensional feature model. First, we constructed the first known set of border binaries at a certain scale by collecting and analyzing a diverse set of real-world firmware. To characterize the features of border binaries comprehensively, we proposed a multidimensional feature model (MDFM). Next, we extracted the feature vectors of binaries via the MDFM and designed a novel stacking method to achieve border binary detection. This method involves ensemble learning, combining extreme gradient boosting, light gradient boosting machine, and categorical boosting as base learners with random forest as the meta-learner. Finally, a border binary detection model (XLC-R) was obtained by training with feature vectors. We tested and evaluated BBDetector on two datasets. The experimental results showed that XLC-R achieved a precision of 94.98%, a recall of 91.02%, and an F1 score of 92.84% for the constructed representative Dataset I. Additionally, BBDetector detected 3.25 times and 2.23 times more border binaries in Dataset II than did the state-of-the-art tools Karonte and SaTC, respectively. BBDetector provides an accurate method for border binary detection in IoT firmware security analysis, significantly enhancing the pertinence of vulnerability detection, dramatically reducing the complexity of firmware security analysis, and providing essential technical support for improving IoT device security.https://doi.org/10.1371/journal.pone.0329469 |
| spellingShingle | Shudan Yue Guimin Zhang Qingbao Li Wenbo Zhang Xiaonan Li Weihua Jiao BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model. PLoS ONE |
| title | BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model. |
| title_full | BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model. |
| title_fullStr | BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model. |
| title_full_unstemmed | BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model. |
| title_short | BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model. |
| title_sort | bbdetector intelligent border binary detection in iot device firmware based on a multidimensional feature model |
| url | https://doi.org/10.1371/journal.pone.0329469 |
| work_keys_str_mv | AT shudanyue bbdetectorintelligentborderbinarydetectioniniotdevicefirmwarebasedonamultidimensionalfeaturemodel AT guiminzhang bbdetectorintelligentborderbinarydetectioniniotdevicefirmwarebasedonamultidimensionalfeaturemodel AT qingbaoli bbdetectorintelligentborderbinarydetectioniniotdevicefirmwarebasedonamultidimensionalfeaturemodel AT wenbozhang bbdetectorintelligentborderbinarydetectioniniotdevicefirmwarebasedonamultidimensionalfeaturemodel AT xiaonanli bbdetectorintelligentborderbinarydetectioniniotdevicefirmwarebasedonamultidimensionalfeaturemodel AT weihuajiao bbdetectorintelligentborderbinarydetectioniniotdevicefirmwarebasedonamultidimensionalfeaturemodel |