Fuzzy Hashing on Firmwares Images: A Comparative Analysis

Daojing He; Xiaohu Yu; Shanshan Zhu; Sammy Chan; Mohsen Guizani

doi:10.1109/MIC.2022.3225811

Fuzzy Hashing on Firmwares Images: A Comparative Analysis

Daojing He, Xiaohu Yu, Shanshan Zhu^*, Sammy Chan, Mohsen Guizani

^*Corresponding author for this work

Department of Electrical Engineering

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

2 Citations (Scopus)

Abstract

With the fast development of the Internet of Things (IoT) technology, there are more and more attacks against IoT devices, and IoT security issues have attracted considerable attention. Due to the widespread phenomenon that different IoT firmwares reuse the same code, code similarity comparison is an important technique for IoT security analysis. Fuzzy hashing generates fingerprints of files by converting them into intermediate expressions and hashing such expressions, evaluating the fingerprint similarity and thus evaluating the similarity of files that are not identical. In this paper, we analyze and compare today's most widely used fuzzy hashing tools, and classify them in detail. In addition, we also analyze the advantages and disadvantages of different algorithms used by these fuzzy hashing tools. Finally, we select a few of the most convincing fuzzy hashing tools, such as ssdeep and TLSH, for performance comparison by experimental analysis on real firmware datasets. © 2022 IEEE

Original language	English
Pages (from-to)	45-50
Journal	IEEE Internet Computing
Volume	27
Issue number	2
Online published	1 Dec 2022
DOIs	https://doi.org/10.1109/MIC.2022.3225811
Publication status	Published - Mar 2023

Funding

This research work was supported in part by the National Natural Science Foundation of China under Grant U1936120, in part by the National Key R&D Program of China under Grant, in part by the Fok Ying Tung Education Foundation of China under Grant 171058, and in part by the University Grants Committee of the Hong Kong Special Administrative Region, China, under Project CityU 11201421.

Research Keywords

firmware
fuzzy hashing
homology
Internet of Things

RGC Funding Information

RGC-funded

Access Output

10.1109/MIC.2022.3225811

https://ieeexplore.ieee.org/document/9968066

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{9b61798d21614f5788f306a9754f16fc,

title = "Fuzzy Hashing on Firmwares Images: A Comparative Analysis",

abstract = "With the fast development of the Internet of Things (IoT) technology, there are more and more attacks against IoT devices, and IoT security issues have attracted considerable attention. Due to the widespread phenomenon that different IoT firmwares reuse the same code, code similarity comparison is an important technique for IoT security analysis. Fuzzy hashing generates fingerprints of files by converting them into intermediate expressions and hashing such expressions, evaluating the fingerprint similarity and thus evaluating the similarity of files that are not identical. In this paper, we analyze and compare today's most widely used fuzzy hashing tools, and classify them in detail. In addition, we also analyze the advantages and disadvantages of different algorithms used by these fuzzy hashing tools. Finally, we select a few of the most convincing fuzzy hashing tools, such as ssdeep and TLSH, for performance comparison by experimental analysis on real firmware datasets. {\textcopyright} 2022 IEEE",

keywords = "firmware, fuzzy hashing, homology, Internet of Things",

author = "Daojing He and Xiaohu Yu and Shanshan Zhu and Sammy Chan and Mohsen Guizani",

year = "2023",

month = mar,

doi = "10.1109/MIC.2022.3225811",

language = "English",

volume = "27",

pages = "45--50",

journal = "IEEE Internet Computing",

issn = "1089-7801",

publisher = "IEEE",

number = "2",

}

TY - JOUR

T1 - Fuzzy Hashing on Firmwares Images

T2 - A Comparative Analysis

AU - He, Daojing

AU - Yu, Xiaohu

AU - Zhu, Shanshan

AU - Chan, Sammy

AU - Guizani, Mohsen

PY - 2023/3

Y1 - 2023/3

N2 - With the fast development of the Internet of Things (IoT) technology, there are more and more attacks against IoT devices, and IoT security issues have attracted considerable attention. Due to the widespread phenomenon that different IoT firmwares reuse the same code, code similarity comparison is an important technique for IoT security analysis. Fuzzy hashing generates fingerprints of files by converting them into intermediate expressions and hashing such expressions, evaluating the fingerprint similarity and thus evaluating the similarity of files that are not identical. In this paper, we analyze and compare today's most widely used fuzzy hashing tools, and classify them in detail. In addition, we also analyze the advantages and disadvantages of different algorithms used by these fuzzy hashing tools. Finally, we select a few of the most convincing fuzzy hashing tools, such as ssdeep and TLSH, for performance comparison by experimental analysis on real firmware datasets. © 2022 IEEE

AB - With the fast development of the Internet of Things (IoT) technology, there are more and more attacks against IoT devices, and IoT security issues have attracted considerable attention. Due to the widespread phenomenon that different IoT firmwares reuse the same code, code similarity comparison is an important technique for IoT security analysis. Fuzzy hashing generates fingerprints of files by converting them into intermediate expressions and hashing such expressions, evaluating the fingerprint similarity and thus evaluating the similarity of files that are not identical. In this paper, we analyze and compare today's most widely used fuzzy hashing tools, and classify them in detail. In addition, we also analyze the advantages and disadvantages of different algorithms used by these fuzzy hashing tools. Finally, we select a few of the most convincing fuzzy hashing tools, such as ssdeep and TLSH, for performance comparison by experimental analysis on real firmware datasets. © 2022 IEEE

KW - firmware

KW - fuzzy hashing

KW - homology

KW - Internet of Things

UR - http://www.scopus.com/inward/record.url?scp=85144027229&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85144027229&origin=recordpage

U2 - 10.1109/MIC.2022.3225811

DO - 10.1109/MIC.2022.3225811

M3 - RGC 21 - Publication in refereed journal

SN - 1089-7801

VL - 27

SP - 45

EP - 50

JO - IEEE Internet Computing

JF - IEEE Internet Computing

IS - 2

ER -

Fuzzy Hashing on Firmwares Images: A Comparative Analysis

Abstract

Funding

Research Keywords

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

GRF: Massive Access over an OFDM Platform

Cite this

Fuzzy Hashing on Firmwares Images: A Comparative Analysis

Abstract

Funding

Research Keywords

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Projects

GRF: Massive Access over an OFDM Platform

Cite this