Abstract Widely deployed IoT devices expose serious security threats because the firmware in them contains vulnerabilities, which are difficult to detect due to two main factors: 1) The firmware’s code is usually not available; 2) A same vulnerability often exists in multiple firmware with different architectures and/or release versions. In this paper, we propose a novel neural network-based staged approach to inspect vulnerabilities in firmware, which first learns semantics in binary code and utilizes neural network model to screen out the potential vulnerable functions, then performs bipartite graph matching upon three-level features between two binary functions. We implement the approach in a tool called FIT and evaluation results show that FIT outperforms state-of-the-art approaches, i.e., Gemini, CVSSA and discovRE, on both effectiveness and efficiency. FIT also detects vulnerabilities in real-world firmware of IoT devices, such as D-Link routers. Moreover, we make our tool and dataset publicly available in the hope of facilitating further researches in the firmware security field.

中文翻译：

---

FIT：通过深度学习和二部匹配检查跨架构固件中的漏洞

摘要 广泛部署的物联网设备存在严重的安全威胁，因为其中的固件包含漏洞，由于两个主要因素而难以检测到这些漏洞：1) 固件代码通常不可用；2) 相同的漏洞通常存在于具有不同架构和/或发布版本的多个固件中。在本文中，我们提出了一种新的基于神经网络的分阶段检查固件漏洞的方法，该方法首先学习二进制代码中的语义并利用神经网络模型筛选出潜在的漏洞功能，然后对三级特征进行二部图匹配在两个二元函数之间。我们在称为 FIT 的工具中实施该方法，评估结果表明 FIT 优于最先进的方法，即 Gemini、CVSSA 和 discovRE，在有效性和效率上。FIT 还检测物联网设备（例如 D-Link 路由器）的实际固件中的漏洞。此外，我们公开了我们的工具和数据集，以期促进固件安全领域的进一步研究。