Survey on automated vulnerability mining techniques for IoT device firmware

Survey on automated vulnerability mining techniques for IoT device firmware

With the wide application of IoT technology, IoT devices have exploded. In recent years, security incidents caused by IoT devices have occurred frequently, which makes the research of IoT device security become a hot spot. The security analysis of IoT device firmware has been conducted, with a focus...

Full description

Saved in:
Bibliographic Details
Main Authors: LIU Hangtian, GAN Shuitao, ZHANG Chao, ZHANG Hongqi, SUN Wenhou, GAO Zicong, ZHAO Min, BAI Xue
Format: Article
Language:English
Published: POSTS&TELECOM PRESS Co., LTD 2025-04-01
Series:网络与信息安全学报
Subjects:
IoT device
black-box fuzzing
gray-box fuzzing
static program analysis
firmware re-hosting
large language model
Online Access:http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025014
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the wide application of IoT technology, IoT devices have exploded. In recent years, security incidents caused by IoT devices have occurred frequently, which makes the research of IoT device security become a hot spot. The security analysis of IoT device firmware has been conducted, with a focus on its black-box nature, network characteristics, and customization features. Challenges to automated vulnerability mining have been highlighted, such as the closed-source firmware code, closed operating environment, complex network interactions, and highly customized hardware-software. Researchers have proposed a series of advanced technologies and methods to address these challenges. The existing literature was comprehensively analyzed, and the latest research progress in automated vulnerability mining technology for IoT device firmware was summarized from four aspects: black-box fuzzing, gray-box fuzzing, static program analysis, and firmware re-hosting. Based on the analysis of the current research status, existing challenges and deficiencies were pointed out, and future research directions and ideas were proposed, including the development trend of multi-technology organically combination, the application prospects of large language models in automated vulnerability mining, and the synchronous upgrade of vulnerability mining technology driven by the evolution of IoT technology. An in-depth analysis and summary of the current status and development trends of automated vulnerability mining technology for IoT device firmware were provided, offering valuable references for future research and applications in the industry.
ISSN:2096-109X

Similar Items