Fei Kang scite author profile

The security situation of the Internet of Things (IoT) is particularly severe, and a large number of IoT devices are prone to vulnerabilities. In this study, we present FIRMCORN, the first vulnerability-oriented fuzzer for IoT firmware. Based on the novel technology of optimized virtual execution, FIRMCORN focuses on three typical problems of IoT firmware fuzzing: (1) high throughput required by fuzzing, (2) inaccuracy of emulation compared with real devices, and (3) instability of emulation due to lack of hardware. Here, we optimize the initial environment and the execution process of virtual execution to achieve faster, more accurate, and more stable fuzz testing. To improve the efficiency of vulnerability mining with FIRMCORN, a vulnerable-code search algorithm is designed to obtain the entry points of fuzzing according to the characteristics of IoT firmware; further, this vulnerability-oriented fuzzing is applied to IoT device firmware. Our evaluation results show that optimized virtual execution used by FIRMCORN can significantly improve the throughput, accuracy, and stability compared with conventional virtual execution. FIRMCORN runs for only 2 hours to mine two 0-day vulnerabilities on a machine. Thus, compared with the current state-of-the-art IoT firmware fuzzing framework, FIRMCORN can more effectively mine vulnerabilities in real-world devices.

show abstract

A New Equation to Evaluate Liquefaction Triggering Using the Response Surface Method and Parametric Sensitivity Analysis

Tang

Yang

Kang

2018

Sustainability

View full text Add to dashboard Cite

Liquefaction is one of the most damaging functions of earthquakes in saturated sandy soil. Therefore, clearly advancing the assessment of this phenomenon is one of the key points for the geotechnical profession for sustainable development. This study presents a new equation to evaluate the potential of liquefaction (PL) in sandy soil. It accounts for two new earthquake parameters: standardized cumulative absolute velocity and closest distance from the site to the rupture surface (CAV5 and rrup) to the database. In the first step, an artificial neural network (ANN) model is developed. Additionally, a new response surface method (RSM) tool that shows the correlation between the input parameters and the target is applied to derive an equation. Then, the RSM equation and ANN model results are compared with those of the other available models to show their validity and capability. Finally, according the uncertainty in the considered parameters, sensitivity analysis is performed through Monte Carlo simulation (MCS) to show the effect of the parameters and their uncertainties on PL. The main advantage of this research is its consideration of the direct influence of the most important parameters, particularly earthquake characteristics, on liquefaction, thus making it possible to conduct parametric sensitivity analysis and show the direct impact of the parameters and their uncertainties on the PL. The results indicate that among the earthquake parameters, CAV5 has the highest effect on PL. Also, the RSM and ANN models predict PL with considerable accuracy.

show abstract

Peertrap: An Unstructured P2P Botnet Detection Framework Based on SAW Community Discovery

Xing

Hui²,

Kang³

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Botnet has become one of the serious threats to the Internet ecosystem, and botnet detection is crucial for tracking and mitigating network threats on the Internet. In the evolution of emerging botnets, peer-to-peer (P2P) botnets are more dangerous and resistant because of their distributed characteristics. Among them, unstructured P2P botnets use custom protocols for communication, which can be integrated with legitimate P2P traffic. Moreover, their topological structure is more complex, and a complete topology cannot be obtained easily, making them more concealed and difficult to detect. The bot itself is a kind of overlay network, and research shows that the nodes with shared neighbors usually belong to a certain community. Aiming at unstructured P2P botnets and exploiting complex network theory, from the perspective of shared neighbor nodes, this article proposes a botnet detection framework called Peertrap based on self-avoiding random walks (SAW) community detection under the condition of incomplete topological information. Firstly, network traffic is converted into Netflow, by utilizing Apache Flink big data platform. Also, a P2P traffic cluster feature extraction rule is proposed for distinguishing P2P traffic from non-P2P traffic, and it is formulated by using the upstream and downstream traffic and address distribution threshold features. Then, the confidence between P2P clusters is calculated by the Jaccard coefficient to construct a shared neighbor graph, and the same type of P2P communities are mined by hierarchical clustering using SAW algorithm combined with PCA. Finally, two community attributes, mean address distribution degree and mean closeness degree, are used to distinguish botnets. Experiments are conducted on three unstructured P2P botnets datasets, Sality, Kelihos, and ZeroAccess, and the CTU classic datasets, and then good detection results can be achieved. The framework overcomes one of the most critical P2P botnet detection challenges. It can detect P2P bots with high accuracy in the presence of legitimate P2P traffic, incomplete information network topology, and C&C channel encryption. Our method embodies the typical application of complex network theory in botnet detection field, and it can detect botnets from different families in the network, with good parallelism and scalability.

show abstract

Protocol Reverse-Engineering Methods and Tools: A Survey

Shu¹,

Kang²,

Yang³

2022

Computer Communications

View full text Add to dashboard Cite

A random code generation method based on syntax tree layering model

Yu¹,

Shu²,

Xiong³

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Fei Kang

FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution

A New Equation to Evaluate Liquefaction Triggering Using the Response Surface Method and Parametric Sensitivity Analysis

Peertrap: An Unstructured P2P Botnet Detection Framework Based on SAW Community Discovery

Protocol Reverse-Engineering Methods and Tools: A Survey

A random code generation method based on syntax tree layering model

Contact Info

Product

Resources

About