Survey on automated vulnerability mining techniques for IoT device firmware
With the wide application of IoT technology, IoT devices have exploded. In recent years, security incidents caused by IoT devices have occurred frequently, which makes the research of IoT device security become a hot spot. The security analysis of IoT device firmware has been conducted, with a focus...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2025-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025014 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850132870115360768 |
|---|---|
| author | LIU Hangtian GAN Shuitao ZHANG Chao ZHANG Hongqi SUN Wenhou GAO Zicong ZHAO Min BAI Xue |
| author_facet | LIU Hangtian GAN Shuitao ZHANG Chao ZHANG Hongqi SUN Wenhou GAO Zicong ZHAO Min BAI Xue |
| author_sort | LIU Hangtian |
| collection | DOAJ |
| description | With the wide application of IoT technology, IoT devices have exploded. In recent years, security incidents caused by IoT devices have occurred frequently, which makes the research of IoT device security become a hot spot. The security analysis of IoT device firmware has been conducted, with a focus on its black-box nature, network characteristics, and customization features. Challenges to automated vulnerability mining have been highlighted, such as the closed-source firmware code, closed operating environment, complex network interactions, and highly customized hardware-software. Researchers have proposed a series of advanced technologies and methods to address these challenges. The existing literature was comprehensively analyzed, and the latest research progress in automated vulnerability mining technology for IoT device firmware was summarized from four aspects: black-box fuzzing, gray-box fuzzing, static program analysis, and firmware re-hosting. Based on the analysis of the current research status, existing challenges and deficiencies were pointed out, and future research directions and ideas were proposed, including the development trend of multi-technology organically combination, the application prospects of large language models in automated vulnerability mining, and the synchronous upgrade of vulnerability mining technology driven by the evolution of IoT technology. An in-depth analysis and summary of the current status and development trends of automated vulnerability mining technology for IoT device firmware were provided, offering valuable references for future research and applications in the industry. |
| format | Article |
| id | doaj-art-bb36a05d44304fb3a40a700b262bc833 |
| institution | OA Journals |
| issn | 2096-109X |
| language | English |
| publishDate | 2025-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-bb36a05d44304fb3a40a700b262bc8332025-08-20T02:32:07ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2025-04-0111264999195860Survey on automated vulnerability mining techniques for IoT device firmwareLIU HangtianGAN ShuitaoZHANG ChaoZHANG HongqiSUN WenhouGAO ZicongZHAO MinBAI XueWith the wide application of IoT technology, IoT devices have exploded. In recent years, security incidents caused by IoT devices have occurred frequently, which makes the research of IoT device security become a hot spot. The security analysis of IoT device firmware has been conducted, with a focus on its black-box nature, network characteristics, and customization features. Challenges to automated vulnerability mining have been highlighted, such as the closed-source firmware code, closed operating environment, complex network interactions, and highly customized hardware-software. Researchers have proposed a series of advanced technologies and methods to address these challenges. The existing literature was comprehensively analyzed, and the latest research progress in automated vulnerability mining technology for IoT device firmware was summarized from four aspects: black-box fuzzing, gray-box fuzzing, static program analysis, and firmware re-hosting. Based on the analysis of the current research status, existing challenges and deficiencies were pointed out, and future research directions and ideas were proposed, including the development trend of multi-technology organically combination, the application prospects of large language models in automated vulnerability mining, and the synchronous upgrade of vulnerability mining technology driven by the evolution of IoT technology. An in-depth analysis and summary of the current status and development trends of automated vulnerability mining technology for IoT device firmware were provided, offering valuable references for future research and applications in the industry.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025014IoT deviceblack-box fuzzinggray-box fuzzingstatic program analysisfirmware re-hostinglarge language model |
| spellingShingle | LIU Hangtian GAN Shuitao ZHANG Chao ZHANG Hongqi SUN Wenhou GAO Zicong ZHAO Min BAI Xue Survey on automated vulnerability mining techniques for IoT device firmware 网络与信息安全学报 IoT device black-box fuzzing gray-box fuzzing static program analysis firmware re-hosting large language model |
| title | Survey on automated vulnerability mining techniques for IoT device firmware |
| title_full | Survey on automated vulnerability mining techniques for IoT device firmware |
| title_fullStr | Survey on automated vulnerability mining techniques for IoT device firmware |
| title_full_unstemmed | Survey on automated vulnerability mining techniques for IoT device firmware |
| title_short | Survey on automated vulnerability mining techniques for IoT device firmware |
| title_sort | survey on automated vulnerability mining techniques for iot device firmware |
| topic | IoT device black-box fuzzing gray-box fuzzing static program analysis firmware re-hosting large language model |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025014 |
| work_keys_str_mv | AT liuhangtian surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT ganshuitao surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT zhangchao surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT zhanghongqi surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT sunwenhou surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT gaozicong surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT zhaomin surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware AT baixue surveyonautomatedvulnerabilityminingtechniquesforiotdevicefirmware |