A machine learning framework for inferring properties of embedded devices

IF 4.8 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Ad Hoc Networks Pub Date : 2025-05-23 DOI:10.1016/j.adhoc.2025.103907

Shariq Bashir

{"title":"A machine learning framework for inferring properties of embedded devices","authors":"Shariq Bashir","doi":"10.1016/j.adhoc.2025.103907","DOIUrl":null,"url":null,"abstract":"<div><div>Nowadays, the prevalence of Internet of Things (IoT) devices has increased in our homes and workplaces, providing us with more convenience. However, the security of these devices is often compromised. The objective of this paper is to assess the security of embedded IoT devices. Existing passive fingerprinting approaches are inapplicable in the configuration when the network traffic of devices connected to an IoT hub is inaccessible. We proposed a firmware analysis technique for analyzing devices’ security by inspecting their firmware contents. Our aim is not to identify unknown vulnerabilities, but only those that are already known. We also intend to investigate whether the software that is executing services is outdated or not. Precise information regarding the name and version of servers, as well as login credentials and passwords, can be obtained through the analysis of firmware. Having obtained this information, we have created an active identification technique that enables an attacker to deduce specific characteristics of a connected device, such as the name of the software employed for the HTTP server or usernames. Our method involves training a classifier using data extracted from firmware. The results of our experiments indicate that our approach is more effective and covert compared to a brute-force method. We scrutinized 5,204 firmware of devices using our approach. Our findings suggest that the level of exposure of connected devices has grown in recent years. As connected devices become more open to services, it increases the potential attack surface while reducing their security.</div></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":"177 ","pages":"Article 103907"},"PeriodicalIF":4.8000,"publicationDate":"2025-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870525001556","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Nowadays, the prevalence of Internet of Things (IoT) devices has increased in our homes and workplaces, providing us with more convenience. However, the security of these devices is often compromised. The objective of this paper is to assess the security of embedded IoT devices. Existing passive fingerprinting approaches are inapplicable in the configuration when the network traffic of devices connected to an IoT hub is inaccessible. We proposed a firmware analysis technique for analyzing devices’ security by inspecting their firmware contents. Our aim is not to identify unknown vulnerabilities, but only those that are already known. We also intend to investigate whether the software that is executing services is outdated or not. Precise information regarding the name and version of servers, as well as login credentials and passwords, can be obtained through the analysis of firmware. Having obtained this information, we have created an active identification technique that enables an attacker to deduce specific characteristics of a connected device, such as the name of the software employed for the HTTP server or usernames. Our method involves training a classifier using data extracted from firmware. The results of our experiments indicate that our approach is more effective and covert compared to a brute-force method. We scrutinized 5,204 firmware of devices using our approach. Our findings suggest that the level of exposure of connected devices has grown in recent years. As connected devices become more open to services, it increases the potential attack surface while reducing their security.

查看原文本刊更多论文

用于推断嵌入式设备属性的机器学习框架

如今，物联网（IoT）设备在我们的家庭和工作场所越来越普遍，为我们提供了更多的便利。然而，这些设备的安全性经常受到损害。本文的目的是评估嵌入式物联网设备的安全性。当连接到物联网集线器的设备的网络流量不可访问时，现有的被动指纹识别方法不适用。我们提出了一种固件分析技术，通过检测设备的固件内容来分析设备的安全性。我们的目标不是识别未知的漏洞，而是识别那些已知的漏洞。我们还打算调查正在执行服务的软件是否过时。通过对固件的分析，可以获得关于服务器名称和版本以及登录凭据和密码的精确信息。获得此信息后，我们创建了一种主动识别技术，使攻击者能够推断连接设备的特定特征，例如用于HTTP服务器或用户名的软件名称。我们的方法包括使用从固件中提取的数据来训练分类器。实验结果表明，与暴力破解方法相比，我们的方法更加有效和隐蔽。我们使用我们的方法仔细检查了5204个设备固件。我们的研究结果表明，近年来联网设备的暴露水平有所上升。随着连接的设备对服务越来越开放，它增加了潜在的攻击面，同时降低了它们的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ad Hoc Networks 工程技术-电信学

CiteScore

10.20

自引率

4.20%

发文量

131

审稿时长

4.8 months

期刊介绍： The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to: Mobile and Wireless Ad Hoc Networks Sensor Networks Wireless Local and Personal Area Networks Home Networks Ad Hoc Networks of Autonomous Intelligent Systems Novel Architectures for Ad Hoc and Sensor Networks Self-organizing Network Architectures and Protocols Transport Layer Protocols Routing protocols (unicast, multicast, geocast, etc.) Media Access Control Techniques Error Control Schemes Power-Aware, Low-Power and Energy-Efficient Designs Synchronization and Scheduling Issues Mobility Management Mobility-Tolerant Communication Protocols Location Tracking and Location-based Services Resource and Information Management Security and Fault-Tolerance Issues Hardware and Software Platforms, Systems, and Testbeds Experimental and Prototype Results Quality-of-Service Issues Cross-Layer Interactions Scalability Issues Performance Analysis and Simulation of Protocols.