网络与信息安全学报2025,Vol.11Issue(2):26-49,24.DOI:10.11959/j.issn.2096-109x.2025014
物联网设备固件自动化漏洞挖掘技术研究综述
Survey on automated vulnerability mining techniques for IoT device firmware
刘航天 1甘水滔 2张超 3张红旗 4孙文厚 5高子聪 6赵敏 2白雪6
作者信息
- 1. 信息工程大学,河南 郑州 450001||先进计算与智能工程国家级重点实验室,江苏 无锡 214084||清华大学,北京 100084
- 2. 先进计算与智能工程国家级重点实验室,江苏 无锡 214084
- 3. 清华大学,北京 100084||中关村实验室,北京 100190
- 4. 信息工程大学,河南 郑州 450001||河南省信息安全重点实验室,河南 郑州 450001
- 5. 清华大学,北京 100084
- 6. 信息工程大学,河南 郑州 450001
- 折叠
摘要
Abstract
With the wide application of IoT technology,IoT devices have exploded.In recent years,security inci-dents caused by IoT devices have occurred frequently,which makes the research of IoT device security become a hot spot.The security analysis of IoT device firmware has been conducted,with a focus on its black-box nature,net-work characteristics,and customization features.Challenges to automated vulnerability mining have been high-lighted,such as the closed-source firmware code,closed operating environment,complex network interactions,and highly customized hardware-software.Researchers have proposed a series of advanced technologies and methods to address these challenges.The existing literature was comprehensively analyzed,and the latest research progress in automated vulnerability mining technology for IoT device firmware was summarized from four aspects:black-box fuzzing,gray-box fuzzing,static program analysis,and firmware re-hosting.Based on the analysis of the cur-rent research status,existing challenges and deficiencies were pointed out,and future research directions and ideas were proposed,including the development trend of multi-technology organically combination,the application pros-pects of large language models in automated vulnerability mining,and the synchronous upgrade of vulnerability mining technology driven by the evolution of IoT technology.An in-depth analysis and summary of the current sta-tus and development trends of automated vulnerability mining technology for IoT device firmware were provided,offering valuable references for future research and applications in the industry.关键词
物联网设备/黑盒模糊测试/灰盒模糊测试/静态程序分析/固件重托管/大语言模型Key words
IoT device/black-box fuzzing/gray-box fuzzing/static program analysis/firmware re-hosting/large language model分类
信息技术与安全科学引用本文复制引用
刘航天,甘水滔,张超,张红旗,孙文厚,高子聪,赵敏,白雪..物联网设备固件自动化漏洞挖掘技术研究综述[J].网络与信息安全学报,2025,11(2):26-49,24.
