Paper Info
Title
IoT Application-Layer Protocol Vulnerability Detection using Reverse Engineering.
Abstract
Fuzzing is regarded as the most promising method for protocol vulnerabilities discovering in network security of Internet of Things (IoT). However, one fatal drawback of existing fuzzing methods is that a huge number of test files are required to maintain a high test coverage. In this paper, a novel method based on protocol reverse engineering is proposed to reduce the amount of test files for fuzzing. The proposed method uses techniques in the field of protocol reverse engineering to identify message formats of IoT application-layer protocol and create test files by generating messages with error fields according to message formats. The protocol message treated as a sequence of bytes is assumed to obey a statistic process with change-points indicating the boundaries of message fields. Then, a multi-change-point detection procedure is introduced to identify change-points of byte sequences according to their statistic properties and divide them into segments according to their change-points. The message segments are further processed via a position-based occurrence probability test analysis to identify keyword fields, data fields and uncertain fields. Finally, a message generation procedure with mutation operation on message fields is applied to construct test files for fuzzing test. The results show that the proposed method can effectively find out the message fields and significantly reduce the amount of test files for fuzzing test.
Year
DOI
Venue
2018
10.3390/sym10110561
SYMMETRY-BASEL
Keywords
Field
DocType
vulnerability detection,IoT security,change-point detection,protocol reverse engineering
Application layer,Mathematical analysis,Internet of Things,Reverse engineering,Mathematics,Vulnerability detection,Distributed computing
Journal
Volume
Issue
Citations 
10
11
1
PageRank 
References 
Authors
0.37
26
4
Name
Order
Citations
PageRank
Jian-Zhen Luo151.16
Chun Shan232.42
Jun Cai337339.29
Yan Liu424173.08