Vulnerability detection in SIoT applications: a fuzzing method on their binaries

Xiaogang Zhu, Sheng Wen, Alireza Jolfaei, Mohammad Sayad Haghighi*, Seyit Camtepe, Yang Xiang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

SIoT enables devices to communicate with each other automatically, which is not reliable when SIoT applications are vulnerable themselves. To improve the security of SIoT, different techniques have been employed so far, mainly to detect vulnerabilities in applications. Among the detection techniques, fuzzing is one of the most effective ones that can significantly improve the security of SIoT applications. However, the existing fuzzing methods have three problems. First of all, the schemes to instrument target binaries cause high memory overhead because they instrument at all edges to obtain the coverage information. Moreover, they introduce a severe problem called edge collision, i.e., two different edges are deemed the same during fuzzing. Thirdly, none of the existing fuzzers conduct fuzzing using path coverage because path coverage has high memory overhead. In this paper, we propose BECFuzz to resolve the above three problems. BECFuzz instruments at specific edges, and conducts fuzzing based on both edge coverage and path coverage, which greatly improves its effectiveness. We implement our BECFuzz based on two typical fuzzers which are widely recognised as baselines, AFL and AFLFast, and run experiments on 18 real-world programs. The results demonstrate that our method suppresses the state-of-art fuzzers in performance.

Original languageEnglish
Pages (from-to)970-979
Number of pages10
JournalIEEE Transactions on Network Science and Engineering
Volume9
Issue number3
Early online date13 Nov 2020
DOIs
Publication statusPublished - May 2022

Keywords

  • Computer bugs
  • Fuzzing
  • Image edge detection
  • Instruments
  • Internet of Things
  • Security
  • Social Internet of Things
  • Static analysis
  • Edge coverage
  • IoT applications
  • Path coverage

Fingerprint

Dive into the research topics of 'Vulnerability detection in SIoT applications: a fuzzing method on their binaries'. Together they form a unique fingerprint.

Cite this