More Web Proxy on the site http://driver.im/

research-article

Open access

A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware

Authors:

Raheem BeyahAuthors Info & Claims

ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 442 - 454

https://doi.org/10.1145/3533767.3534366

Published: 18 July 2022 Publication History

Abstract

As the core of IoT devices, firmware is undoubtedly vital. Currently, the development of IoT firmware heavily depends on third-party components (TPCs), which significantly improves the development efficiency and reduces the cost. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will turn back influence the security of IoT firmware. Currently, existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement FirmSec, which leverages syntactical features and control-flow graph features to detect the TPCs at version-level in firmware, and then recognizes the corresponding vulnerabilities. Based on FirmSec, we present the first large-scale analysis of the usage of TPCs and the corresponding vulnerabilities in firmware. More specifically, we perform an analysis on 34,136 firmware images, including 11,086 publicly accessible firmware images, and 23,050 private firmware images from TSmart. We successfully detect 584 TPCs and identify 128,757 vulnerabilities caused by 429 CVEs. Our in-depth analysis reveals the diversity of security issues for different kinds of firmware from various vendors, and discovers some well-known vulnerabilities are still deeply rooted in many firmware images. We also find that the TPCs used in firmware have fallen behind by five years on average. Besides, we explore the geographical distribution of vulnerable devices, and confirm the security situation of devices in several regions, e.g., South Korea and China, is more severe than in other regions. Further analysis shows 2,478 commercial firmware images have potentially violated GPL/AGPL licensing terms.

References

[1]

2015. Sasquatch. https://github.com/devttys0/sasquatch/

[2]

2016. yaffshiv. https://github.com/devttys0/yaffshiv

[3]

2022. Binary Analysis Next Generation (BANG). https://github.com/armijnhemel/binaryanalysis-ng

[4]

2022. BusyBox. https://busybox.net/

[5]

2022. Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/

[6]

2022. CVE Details. https://www.cvedetails.com/

[7]

2022. CVE-search. https://github.com/cve-search/cve-search

[8]

2022. CVSS: Common Vulnerability Scoring System SIG. https://www.first.org/cvss/

[9]

2022. Cyclomatic Complexity. https://en.wikipedia.org/wiki/Cyclomatic_complexity

[10]

2022. Edit Distance. https://en.wikipedia.org/wiki/Edit_distance

[11]

2022. JFFS2 filesystem extraction tool. https://github.com/sviehb/jefferson

[12]

2022. Maven Repository. https://mvnrepository.com/

[13]

2022. NATIONAL VULNERABILITY DATABASE. https://nvd.nist.gov/

[14]

2022. OpenSSL. https://www.openssl.org/

[15]

2022. Shellshock. https://en.wikipedia.org/wiki/Shellshock_(software_bug)

[16]

2022. Shodan. https://www.shodan.io/

[17]

National Security Agency. 2019. GHIDRA. https://github.com/NationalSecurityAgency/ghidra

[18]

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1093–1110. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

[19]

Michael Backes, Sven Bugiel, and Erik Derr. 2016. Reliable Third-Party Library Detection in Android and its Security Applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM, 356–367. https://doi.org/10.1145/2976749.2978333

Digital Library

[20]

Ulrich Bayer, Imam Habibi, Davide Balzarotti, and Engin Kirda. 2009. A View on Current Malware Behaviors. In 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET ’09, Boston, MA, USA, April 21, 2009, Wenke Lee (Ed.). USENIX Association. https://www.usenix.org/conference/leet-09/view-current-malware-behaviors

[21]

Thomas Bittman, Bob Gill, Tim Zimmerman, Ted Friedman, Neil MacDonald, and Karen Brown. 2021. Predicts 2022: The Distributed Enterprise Drives Computing to the Edge. https://www.gartner.com/en/documents/4007176

[22]

Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016. The Internet Society. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/towards-automated-dynamic-analysis-linux-based-embedded-firmware.pdf

[23]

Nassim Corteggiani, Giovanni Camurati, and Aurélien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 309–326. https://www.usenix.org/conference/usenixsecurity18/presentation/corteggiani

[24]

Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 95–110. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin

Digital Library

[25]

Andrei Costin, Apostolis Zarras, and Aurélien Francillon. 2016. Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, China, May 30 - June 3, 2016, Xiaofeng Chen, XiaoFeng Wang, and Xinyi Huang (Eds.). ACM, 437–448. https://doi.org/10.1145/2897845.2897900

Digital Library

[26]

Ang Cui. 2018. The Overlooked Problem of ‘N-Day’ Vulnerabilities. https://www.darkreading.com/vulnerabilities—threats/the-overlooked-problem-of-n-day-vulnerabilities/a/d-id/1331348

[27]

Hanjun Dai, Bo Dai, and Le Song. 2016. Discriminative Embeddings of Latent Variable Models for Structured Data. In Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016, Maria-Florina Balcan and Kilian Q. Weinberger (Eds.) (JMLR Workshop and Conference Proceedings, Vol. 48). JMLR.org, 2702–2711. http://proceedings.mlr.press/v48/daib16.html

[28]

Yaniv David, Nimrod Partush, and Eran Yahav. 2018. FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018, Williamsburg, VA, USA, March 24-28, 2018, Xipeng Shen, James Tuck, Ricardo Bianchini, and Vivek Sarkar (Eds.). ACM, 392–404. https://doi.org/10.1145/3173162.3177157

Digital Library

[29]

Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C. 463–478. isbn:978-1-931971-03-4 https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/davidson

[30]

Steven H. H. Ding, Benjamin C. M. Fung, and Philippe Charland. 2019. Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, 472–489. https://doi.org/10.1109/SP.2019.00003

[31]

Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, and Wenke Lee. 2017. Identifying Open-Source License Violation and 1-day Security Risk at Large Scale. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 2169–2185. https://doi.org/10.1145/3133956.3134048

Digital Library

[32]

Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. 2014. The Matter of Heartbleed. In Proceedings of the 2014 Internet Measurement Conference, IMC 2014, Vancouver, BC, Canada, November 5-7, 2014, Carey Williamson, Aditya Akella, and Nina Taft (Eds.). ACM, 475–488. https://doi.org/10.1145/2663716.2663755

Digital Library

[33]

Sebastian Eschweiler, Khaled Yakdan, and Elmar Gerhards-Padilla. 2016. discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016. The Internet Society. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/discovre-efficient-cross-architecture-identification-bugs-binary-code.pdf

[34]

Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1237–1254. isbn:978-1-939133-17-5 https://www.usenix.org/conference/usenixsecurity20/presentation/feng

[35]

Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. 2016. Scalable Graph-based Bug Search for Firmware Images. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM, 480–491. https://doi.org/10.1145/2976749.2978370

Digital Library

[36]

Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gener. Comput. Syst., 29, 7, 1645–1660. https://doi.org/10.1016/j.future.2013.01.010

Digital Library

[37]

Craig Heffner. 2022. Binwalk. https://github.com/ReFirmLabs/binwalk

[38]

Armijn Hemel, Karl Trygve Kalleberg, Rob Vermaas, and Eelco Dolstra. 2011. Finding software license violations through binary code clone detection. In Proceedings of the 8th International Working Conference on Mining Software Repositories, MSR 2011 (Co-located with ICSE), Waikiki, Honolulu, HI, USA, May 21-28, 2011, Proceedings, Arie van Deursen, Tao Xie, and Thomas Zimmermann (Eds.). ACM, 63–72. https://doi.org/10.1145/1985441.1985453

Digital Library

[39]

Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, and Jeffrey M. Voas. 2017. DDoS in the IoT: Mirai and Other Botnets. Computer, 50, 7, 80–84. https://doi.org/10.1109/MC.2017.201

Digital Library

[40]

Martijn Koster, Gary Illyes, Henner Zeller, and Lizzi Harvey. 2022. Robots Exclusion Protocol. https://datatracker.ietf.org/doc/html/draft-koster-rep

[41]

Shancang Li, Li Da Xu, and Shanshan Zhao. 2015. The internet of things: a survey. Inf. Syst. Frontiers, 17, 2, 243–259. https://doi.org/10.1007/s10796-014-9492-7

Digital Library

[42]

Peiyu Liu, Shouling Ji, Xuhong Zhang, Qinming Dai, Kangjie Lu, Lirong Fu, Wenzhi Chen, Peng Cheng, Wenhai Wang, and Raheem Beyah. 2021. IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware. In 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Melbourne, Australia, November 15-19, 2021. IEEE, 805–816. https://doi.org/10.1109/ASE51524.2021.9678785

Digital Library

[43]

Chenyang Lyu, Shouling Ji, Xuhong Zhang, Hong Liang, Binbin Zhao, Kangjie Lu, and Raheem Beyah. 2022. EMS: History-Driven Mutation for Coverage-based Fuzzing. In 29rd Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, April 24-28, 2022. The Internet Society. https://www.ndss-symposium.org/wp-content/uploads/2022-162-paper.pdf

[44]

Marius Muench, Dario Nisi, Aurelien Francillon, and Davide Balzarotti. 2018. Avatar²: A Multi-target Orchestration Platform. In Workshop on Binary Analysis Research (BAR). http://s3.eurecom.fr/docs/bar18_muench.pdf

[45]

Duc Cuong Nguyen, Erik Derr, Michael Backes, and Sven Bugiel. 2020. Up2Dep: Android Tool Support to Fix Insecure Code Dependencies. In ACSAC ’20: Annual Computer Security Applications Conference, Virtual Event / Austin, TX, USA, 7-11 December, 2020. ACM, 263–276. https://doi.org/10.1145/3427228.3427658

Digital Library

[46]

Ryan Paul. 2009. Cisco settles FSF GPL lawsuit, appoints compliance officer. https://arstechnica.com/information-technology/2009/05/cisco-settles-fsf-gpl-lawsuit-appoints-compliance-officer/

[47]

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, and Thorsten Holz. 2015. Cross-Architecture Bug Search in Binary Executables. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, 709–724. https://doi.org/10.1109/SP.2015.49

Digital Library

[48]

Marco Schwartz. 2016. Internet of Things with ESP8266. Packt Publishing Ltd.

[49]

Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8-11, 2015. The Internet Society. https://www.ndss-symposium.org/ndss2015/firmalice-automatic-detection-authentication-bypass-vulnerabilities-binary-firmware

[50]

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard A. Kemmerer, Christopher Kruegel, and Giovanni Vigna. 2009. Your botnet is my botnet: analysis of a botnet takeover. In Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009, Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 635–647. https://doi.org/10.1145/1653662.1653738

Digital Library

[51]

Hui Suo, Jiafu Wan, Caifeng Zou, and Jianqi Liu. 2012. Security in the Internet of Things: A Review. In 2012 International Conference on Computer Science and Electronics Engineering. 3, 648–651. https://doi.org/10.1109/ICCSEE.2012.373

Digital Library

[52]

Natali Tshuva. 2020. Third-Party IoT Vulnerabilities. https://www.darkreading.com/iot/third-party-iot-vulnerabilities-we-need-a-cybersecurity-paradigm-shift/a/d-id/1338333

[53]

HongRu Wang, ChunFang Li, LingFei Zhang, and MinYong Shi. 2018. Anti-Crawler strategy and distributed crawler based on Hadoop. In 2018 IEEE 3rd International Conference on Big Data Analysis (ICBDA). 227–231. https://doi.org/10.1109/ICBDA.2018.8367682

[54]

Qinying Wang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Yuhong Kan, Zhaowei Lin, Changting Lin, Shuiguang Deng, Alex X. Liu, and Raheem Beyah. 2021. MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 4205–4222. https://www.usenix.org/conference/usenixsecurity21/presentation/wang-qinying

[55]

Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qinran Lin, Baojun Liu, Haixin Duan, and Frank Li. 2022. Building an Open, Robust, and Stable Voting-Based Domain Top List. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association. https://www.usenix.org/conference/usenixsecurity22/presentation/xie

[56]

Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, and Dawn Song. 2017. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 363–376. https://doi.org/10.1145/3133956.3134018

Digital Library

[57]

Jonas Zaddach, Luca Bruno, Aurélien Francillon, and Davide Balzarotti. 2014. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society. https://www.ndss-symposium.org/ndss2014/avatar-framework-support-dynamic-security-analysis-embedded-systems-firmwares

[58]

Xian Zhan, Lingling Fan, Sen Chen, Feng Wu, Tianming Liu, Xiapu Luo, and Yang Liu. 2021. ATVHUNTER: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications. In 43rd IEEE/ACM International Conference on Software Engineering, ICSE 2021, Madrid, Spain, 22-30 May 2021. IEEE, 1695–1707. https://doi.org/10.1109/ICSE43902.2021.00150

Digital Library

[59]

Jiexin Zhang, Alastair R. Beresford, and Stephan A. Kollmann. 2019. LibID: reliable identification of obfuscated third-party Android libraries. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, Beijing, China, July 15-19, 2019, Dongmei Zhang and Anders Møller (Eds.). ACM, 55–65. https://doi.org/10.1145/3293882.3330563

Digital Library

[60]

Binbin Zhao, Shouling Ji, Wei-Han Lee, Changting Lin, Haiqin Weng, Jingzheng Wu, Pan Zhou, Liming Fang, and Raheem Beyah. 2022. A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Trans. Dependable Secur. Comput., 19, 3, 1826–1840. https://doi.org/10.1109/TDSC.2020.3037908

Cited By

Cheng YLi XMao ZFan WHuang WLiu W(2025)IoTBenchSL: A Streamlined Framework for the Efficient Production of Standardized IoT Benchmarks with Automated Pipeline ValidationElectronics10.3390/electronics1405085614:5(856)Online publication date: 21-Feb-2025
https://doi.org/10.3390/electronics14050856
Chen XYang CNan YZheng Z(2025)An Empirical Study of High-Risk Vulnerabilities in IoT SystemsIEEE Internet of Things Journal10.1109/JIOT.2024.350697612:2(1590-1601)Online publication date: 15-Jan-2025
https://doi.org/10.1109/JIOT.2024.3506976
Yu GAn JLyu JHuang WFan WCheng YSui A(2025)CrossCode2Vec: A unified representation across source and binary functions for code similarity detectionNeurocomputing10.1016/j.neucom.2024.129238620(129238)Online publication date: Mar-2025
https://doi.org/10.1016/j.neucom.2024.129238
Show More Cited By

Index Terms

A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Comprehensive IoT Firmware Characterization Based on a Large-Scale Firmware Dataset
ICCSIE '24: Proceedings of the 2024 9th International Conference on Cyber Security and Information Engineering

With the development of Internet of Things (IoT) technology, the number and complexity of IoT devices have increased rapidly. As the basic enabling software of IoT devices, firmware provides rich functions such as communication, collection and ...
A taxonomy of IoT firmware security and principal firmware analysis techniques
Abstract
Internet of Things (IoT) has come a long way since its inception. However, the standardization process in IoT systems for a secure IoT solution is still in its early days. Numerous quality review articles have been contributed by ...
Graphical abstract

Display Omitted
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
Currently, the development of Internet of Things (IoT) firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2022

808 pages

ISBN:9781450393799

DOI:10.1145/3533767

General Chair:
Sukyoung Ryu
KAIST, South Korea
,
Program Chair:
Yannis Smaragdakis
University of Athens, Greece

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 July 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '22

Sponsor:

SIGSOFT

ISSTA '22: 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

July 18 - 22, 2022

Virtual, South Korea

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
2,507
Total Downloads

Downloads (Last 12 months)979
Downloads (Last 6 weeks)114

Reflects downloads up to 09 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Cheng YLi XMao ZFan WHuang WLiu W(2025)IoTBenchSL: A Streamlined Framework for the Efficient Production of Standardized IoT Benchmarks with Automated Pipeline ValidationElectronics10.3390/electronics1405085614:5(856)Online publication date: 21-Feb-2025
https://doi.org/10.3390/electronics14050856
Chen XYang CNan YZheng Z(2025)An Empirical Study of High-Risk Vulnerabilities in IoT SystemsIEEE Internet of Things Journal10.1109/JIOT.2024.350697612:2(1590-1601)Online publication date: 15-Jan-2025
https://doi.org/10.1109/JIOT.2024.3506976
Yu GAn JLyu JHuang WFan WCheng YSui A(2025)CrossCode2Vec: A unified representation across source and binary functions for code similarity detectionNeurocomputing10.1016/j.neucom.2024.129238620(129238)Online publication date: Mar-2025
https://doi.org/10.1016/j.neucom.2024.129238
Kalinin MGribkov N(2024)Syntactic–Semantic Detection of Clone-Caused Vulnerabilities in the IoT DevicesSensors10.3390/s2422725124:22(7251)Online publication date: 13-Nov-2024
https://doi.org/10.3390/s24227251
Zhang YYu BZhou LYang Q(2024)Comprehensive IoT Firmware Characterization Based on a Large-Scale Firmware DatasetProceedings of the 2024 9th International Conference on Cyber Security and Information Engineering10.1145/3689236.3689262(35-40)Online publication date: 15-Sep-2024
https://dl.acm.org/doi/10.1145/3689236.3689262
Xiao HZhang YShen MLin CZhang CLiu SYang MLuo BLiao XXu JKirda ELie D(2024)Accurate and Efficient Recurring Vulnerability Detection for IoT FirmwareProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670275(3317-3331)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670275
Yu ZZhang WXu T(2024)Leveraging IR based sequence and graph features for source-binary code alignment2024 4th International Conference on Neural Networks, Information and Communication (NNICE)10.1109/NNICE61279.2024.10499062(175-180)Online publication date: 19-Jan-2024
https://doi.org/10.1109/NNICE61279.2024.10499062
Liu KYang MLing ZZhang YLei CLuo LFu X(2024)Samba: Detecting SSL/TLS API Misuses in IoT Binary ApplicationsIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621138(2029-2038)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621138
Bhattacharya TPeddi APonaganti SVeeramalla S(2024)A survey on various security protocols of edge computingThe Journal of Supercomputing10.1007/s11227-024-06678-681:1Online publication date: 18-Dec-2024
https://doi.org/10.1007/s11227-024-06678-6
Qamber HAl Mubarak M(2024)Enhancement of Marketing 5.0: Challenges and SolutionsInnovative and Intelligent Digital Technologies; Towards an Increased Efficiency10.1007/978-3-031-70399-7_21(295-308)Online publication date: 29-Dec-2024
https://doi.org/10.1007/978-3-031-70399-7_21
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten