Shudan Yue , Qingbao Li , Guimin Zhang , Xiaonan Li , Bocheng Xu , Song Tian
{"title":"NPFTaint:通过网络解析功能检测基于linux的物联网固件中高度可利用的漏洞","authors":"Shudan Yue , Qingbao Li , Guimin Zhang , Xiaonan Li , Bocheng Xu , Song Tian","doi":"10.1016/j.cose.2025.104679","DOIUrl":null,"url":null,"abstract":"<div><div>The security issues of IoT firmware have become increasingly prominent, particularly taint-style vulnerabilities arising from untrusted external inputs. Although existing solutions work to detect firmware vulnerabilities automatically, they still encounter limitations regarding the accuracy of taint source identification and the efficiency of vulnerability detection. Research has shown that the network parsing function call chain, a critical path for IoT firmware to process external input data, is a high-risk area for firmware vulnerabilities. Inferring the network parsing function accurately plays a crucial role in firmware vulnerability analysis. In this paper, we propose a static analysis method called NPFTaint, which extracts the structural, behavioral, and semantic features of network parsing functions and combines supervised machine learning methods to achieve the identification of network parsing functions. Additionally, unlike traditional forward/backward analysis methods that start from classical sources or sensitive sinks, NPFTaint takes network parsing functions as the entry points, first identifying sensitive sinks on their call chains, and then using value analysis and data dependency analysis of sink-to-source to achieve the detection of highly exploitable vulnerabilities. Experimental evaluations demonstrate that NPFTaint outperforms FITS in accuracy and efficiency when identifying network parsing functions. Regarding vulnerability detection, compared to Mango, NPFTaint not only identifies taint-style vulnerabilities effectively but also improves analysis efficiency, reducing sink analysis by 40.42% and decreasing alerts by 32.77%. This solution provides a more efficient and precise vulnerability detection method for IoT firmware security, contributing to the overall security of the IoT ecosystem.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104679"},"PeriodicalIF":5.4000,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"NPFTaint: Detecting highly exploitable vulnerabilities in Linux-based IoT firmware with network parsing functions\",\"authors\":\"Shudan Yue , Qingbao Li , Guimin Zhang , Xiaonan Li , Bocheng Xu , Song Tian\",\"doi\":\"10.1016/j.cose.2025.104679\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The security issues of IoT firmware have become increasingly prominent, particularly taint-style vulnerabilities arising from untrusted external inputs. Although existing solutions work to detect firmware vulnerabilities automatically, they still encounter limitations regarding the accuracy of taint source identification and the efficiency of vulnerability detection. Research has shown that the network parsing function call chain, a critical path for IoT firmware to process external input data, is a high-risk area for firmware vulnerabilities. Inferring the network parsing function accurately plays a crucial role in firmware vulnerability analysis. In this paper, we propose a static analysis method called NPFTaint, which extracts the structural, behavioral, and semantic features of network parsing functions and combines supervised machine learning methods to achieve the identification of network parsing functions. Additionally, unlike traditional forward/backward analysis methods that start from classical sources or sensitive sinks, NPFTaint takes network parsing functions as the entry points, first identifying sensitive sinks on their call chains, and then using value analysis and data dependency analysis of sink-to-source to achieve the detection of highly exploitable vulnerabilities. Experimental evaluations demonstrate that NPFTaint outperforms FITS in accuracy and efficiency when identifying network parsing functions. Regarding vulnerability detection, compared to Mango, NPFTaint not only identifies taint-style vulnerabilities effectively but also improves analysis efficiency, reducing sink analysis by 40.42% and decreasing alerts by 32.77%. This solution provides a more efficient and precise vulnerability detection method for IoT firmware security, contributing to the overall security of the IoT ecosystem.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"159 \",\"pages\":\"Article 104679\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-09-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825003682\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003682","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
NPFTaint: Detecting highly exploitable vulnerabilities in Linux-based IoT firmware with network parsing functions
The security issues of IoT firmware have become increasingly prominent, particularly taint-style vulnerabilities arising from untrusted external inputs. Although existing solutions work to detect firmware vulnerabilities automatically, they still encounter limitations regarding the accuracy of taint source identification and the efficiency of vulnerability detection. Research has shown that the network parsing function call chain, a critical path for IoT firmware to process external input data, is a high-risk area for firmware vulnerabilities. Inferring the network parsing function accurately plays a crucial role in firmware vulnerability analysis. In this paper, we propose a static analysis method called NPFTaint, which extracts the structural, behavioral, and semantic features of network parsing functions and combines supervised machine learning methods to achieve the identification of network parsing functions. Additionally, unlike traditional forward/backward analysis methods that start from classical sources or sensitive sinks, NPFTaint takes network parsing functions as the entry points, first identifying sensitive sinks on their call chains, and then using value analysis and data dependency analysis of sink-to-source to achieve the detection of highly exploitable vulnerabilities. Experimental evaluations demonstrate that NPFTaint outperforms FITS in accuracy and efficiency when identifying network parsing functions. Regarding vulnerability detection, compared to Mango, NPFTaint not only identifies taint-style vulnerabilities effectively but also improves analysis efficiency, reducing sink analysis by 40.42% and decreasing alerts by 32.77%. This solution provides a more efficient and precise vulnerability detection method for IoT firmware security, contributing to the overall security of the IoT ecosystem.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.