Research on Large-scale Firmware Function Security Detection Method Based on SimHash

Abstract

The rapid development of the Internet of Things technology has made more and more physical devices connected to the Internet. Extensive code reuse and the use of third-party SDK libraries have resulted in a large number of homologous binary files in the firmware, making the correlation between device firmware stronger and stronger. Due to the huge amount of data, there is no fast search technology that enables analysts to compare and use the similarity of the required firmware function information efficiently. Therefore, how to obtain the information resources needed by analysts from massive data in a short time and build an index structure with small spatial complexity has become an urgent problem in the field of security detection. In response to the above problems, we propose a large-scale firmware function security detection method research technology based on SimHash. By analyzing and extracting representative firmware function features, we design and implement a SimHash-based firmware function database, which is used to match the similarity of massive firmware functions, quickly locate suspicious fragile firmware functions, and realize large-scale security detection of device firmware. In order to prove the effectiveness of our method, experiments are carried out on the real device firmware function library, and a similarity analysis of tens of millions of firmware function data can be completed in 5 seconds.