一种面向大规模嵌入式设备固件的自动化分析平台
详细信息 查看官网全文
- 英文论文题名:A Large-scaleAutomated Analysis Platform of Embedded Device Firmware
- 论文作者:王猛涛 ; 刘中金 ; 常青 ; 陈昱 ; 石志强 ; 孙利民
- 年:2016
- 作者机构:物联网信息安全技术北京市重点实验室中国科学院信息工程研究所;中国科学院大学;国家计算机网络应急技术处理协调中心;
- 论文关键词:嵌入式设备固件 ; 自动化分析平台 ; CART决策树 ; 固件解码
- 英文论文关键词:Embedded device firmware ; Automated analysis platform ; CART Decision Tree ; Firmware-decode
- 会议召开时间:2016-06-24
- 会议录名称:2016年全国通信软件学术会议程序册与交流文集
- 语种:中文
- 分类号:TP23
- 学会代码:ZGTH
- 会议名称:2016年全国通信软件学术会议
- 会议地点:中国陕西西安
- 主办单位:中国通信学会
- 学会名称:中国通信学会
- 页数:7
- 文件大小:978k
- 原文格式:O
- 会议级别:全国
摘要
本文构建了一个面向大规模嵌入式设备固件的自动化分析平台,该平台能够对固件进行自动化分析,提取其文件系统、操作系统、内核版本、加密算法、CPU指令集等关键信息。针对固件解码成功的自动化判定难题,提出了一种基于CART决策树的判定算法。实验结果表明,该判定算法对于固件解码具有非常好的判定效果,判定准确率高达99.01%,召回率达到98.95%。
This paper constructed a large-scale automated analysis platfomi of embedded firmware to get file-system,operating system,kernel version,encryption algoritlim,CPU instructions information;and proposed a finnware-decode judging algorithm based on CART decision tree for the firmware decoding.The results showed that CART had higher precision rate of 99.01%and recall rate of 98.95%.
This paper constructed a large-scale automated analysis platfomi of embedded firmware to get file-system,operating system,kernel version,encryption algoritlim,CPU instructions information;and proposed a finnware-decode judging algorithm based on CART decision tree for the firmware decoding.The results showed that CART had higher precision rate of 99.01%and recall rate of 98.95%.
引文
[1]Mitchell,Robert,Chen,Ing-Ray.A Survey of Intr usion Detection Techniques for Cyber Physical Systems.ACM Computing Survey,2014,vol 46(4):55-84.
[2]彭勇,江常青,谢丰,戴忠华,熊琦,高洋.工业控制系统信息安全研究进展.清华大学学报(自然科学版),2012,52(10):1396-1408.
[3]李战宝,潘卓.透视“震网”病毒[J].信息网络安全,2011,09:230-232.
[4]梁宏,刘佳男,李勇.“火焰”病毒分析与防范[J].信息网络安全,2012,08:157-159.
[5]Sophia.乌克兰电网遭黑客入侵工控网络安全敲响警钟[J].信息安全与通信保密,2016,02:66-67.
[6]IEEE Standard Glossary of Software Engineerin g Terminology.IEEE Std 610.12-1990,pages 1-84,1990.
[7]陈培新,赵炯.嵌入式系统固件文件格式分析研究[J].计算机技术与发展,2009,02:45-47+51.
[8]黄飞.嵌入式Linux逆向解析技术研究[D].解放军信息工程大学,2010.
[9]Costin A,Zaddach J.Embedded Devices Security and Firmware Reverse Engineering.BlackHat U SA Workshop,2013.
[10]Costin A,Zaddach J,Francillon A,et al.A La rge-Scale Analysis of the Security of Embedde d Firmwares[J].Proceedings of Usenix Security Symposium,2014:95-110.
[11]Firmware.re:http://firmware.re/.
[12]FMK-Firmware Modification Kit.https://code.g oogle.com/p/firmware-mod-kit/.
[13]C.Heffner.Binwalk-A Firmware Analysis Tool.http://binwalk.org/.
[14]Tjaldur Software Governance Solutions.Binary A nalysis Tool(BAT).http://www.binaryanalysis.org.
[15]Python Scrapy:http://scrapy.org/.
[16]Breiman L,Friedman JH,Olshen RA,Stone CJ.Classificationand Regression Trees.CRC Press;1984.
[17]J.Labarere,J.-L.Bosson,D.Fournier,et al.Classificat ion and regression trees:Methods and applicati on[J].Journal d'Economie Medicale,2006,24(2):115-129.
[18]Rutkowski L,Jaworski M,Pietruczuk L,et al.Th e CART decision tree for mining data streams[J].Information Sciences,2014,266(5):1-15.
[19]LibSVM:http://vyww.csie.ntu.edu.tw/~cilin/.
[20]Chang C C,Lin C J.LIBSVM:A library for su pport vector machines[JJ.Acm Transactions on I ntelligent Systems&Technology,2011,2(3):389-396.
[2]彭勇,江常青,谢丰,戴忠华,熊琦,高洋.工业控制系统信息安全研究进展.清华大学学报(自然科学版),2012,52(10):1396-1408.
[3]李战宝,潘卓.透视“震网”病毒[J].信息网络安全,2011,09:230-232.
[4]梁宏,刘佳男,李勇.“火焰”病毒分析与防范[J].信息网络安全,2012,08:157-159.
[5]Sophia.乌克兰电网遭黑客入侵工控网络安全敲响警钟[J].信息安全与通信保密,2016,02:66-67.
[6]IEEE Standard Glossary of Software Engineerin g Terminology.IEEE Std 610.12-1990,pages 1-84,1990.
[7]陈培新,赵炯.嵌入式系统固件文件格式分析研究[J].计算机技术与发展,2009,02:45-47+51.
[8]黄飞.嵌入式Linux逆向解析技术研究[D].解放军信息工程大学,2010.
[9]Costin A,Zaddach J.Embedded Devices Security and Firmware Reverse Engineering.BlackHat U SA Workshop,2013.
[10]Costin A,Zaddach J,Francillon A,et al.A La rge-Scale Analysis of the Security of Embedde d Firmwares[J].Proceedings of Usenix Security Symposium,2014:95-110.
[11]Firmware.re:http://firmware.re/.
[12]FMK-Firmware Modification Kit.https://code.g oogle.com/p/firmware-mod-kit/.
[13]C.Heffner.Binwalk-A Firmware Analysis Tool.http://binwalk.org/.
[14]Tjaldur Software Governance Solutions.Binary A nalysis Tool(BAT).http://www.binaryanalysis.org.
[15]Python Scrapy:http://scrapy.org/.
[16]Breiman L,Friedman JH,Olshen RA,Stone CJ.Classificationand Regression Trees.CRC Press;1984.
[17]J.Labarere,J.-L.Bosson,D.Fournier,et al.Classificat ion and regression trees:Methods and applicati on[J].Journal d'Economie Medicale,2006,24(2):115-129.
[18]Rutkowski L,Jaworski M,Pietruczuk L,et al.Th e CART decision tree for mining data streams[J].Information Sciences,2014,266(5):1-15.
[19]LibSVM:http://vyww.csie.ntu.edu.tw/~cilin/.
[20]Chang C C,Lin C J.LIBSVM:A library for su pport vector machines[JJ.Acm Transactions on I ntelligent Systems&Technology,2011,2(3):389-396.