IoT Application-Layer Protocol Vulnerability Detection using Reverse Engineering

Luo, Jianzhen; Shan, Chun; Cai, Jun; Liu, Yan

doi:10.3390/sym10110561

Cited by 13 publications

(4 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, consuming considerable amount of time. Luo et al [17], proposed a technique that performs reverse engineering of IoT protocols, to identify the message format of [18] verified the effectiveness graph-based analysis on a smart home system prototype. The prototype consisted of a smartphone controlling a smart light pulp and a Google home speaker.…”

Section: Detecting Iot Network Vulnerabilitiesmentioning

confidence: 98%

SIEM-based detection and mitigation of IoT-botnet DDoS attacks

Al-Duwairi

Al-Kahla

AlRefai

et al. 2020

IJECE

View full text Add to dashboard Cite

The Internet of Things (IoT) is becoming an integral part of our daily life including health, environment, homes, military, etc. The enormous growth of IoT in recent years has attracted hackers to take advantage of their computation and communication capabilities to perform different types of attacks. The major concern is that IoT devices have several vulnerabilities that can be easily exploited to form IoT botnets consisting of millions of IoT devices and posing significant threats to Internet security. In this context, DDoS attacks originating from IoT botnets is a major problem in today’s Internet that requires immediate attention. In this paper, we propose a Security Information and Event Management-based IoT botnet DDoS attack detection and mitigation system. This system detects and blocks DDoS attack traffic from compromised IoT devices by monitoring specific packet types including TCP SYN, ICMP and DNS packets originating from these devices. We discuss a prototype implementation of the proposed system and we demonstrate that SIEM based solutions can be configured to accurately identify and block malicious traffic originating from compromised IoT devices.

show abstract

Section: Detecting Iot Network Vulnerabilitiesmentioning

confidence: 98%

SIEM-based detection and mitigation of IoT-botnet DDoS attacks

Al-Duwairi

Al-Kahla

AlRefai

et al. 2020

IJECE

View full text Add to dashboard Cite

show abstract

“…Numerous attempts have been made to reverse the formats of messages sent by a network application, which is crucial for information security of IoT [8,9]. Studies undertaken for this purpose focus on (1) approaches based on network traces [10] and (2) approaches based on execution traces [11].…”

Section: Related Workmentioning

confidence: 99%

A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering

Luo

Chen

Wang

et al. 2019

Sensors

View full text Add to dashboard Cite

Protocol Reverse Engineering (PRE) is crucial for information security of Internet-of-Things (IoT), and message clustering determines the effectiveness of PRE. However, the quality of services still lags behind the strict requirement of IoT applications as the results of message clustering are often coarse-grained with the intrinsic type information hidden in messages largely ignored. Aiming at this problem, this study proposes a type-aware approach to message clustering guided by type information. The approach regards a message as a combination of n-grams, and it employs the Latent Dirichlet Allocation (LDA) model to characterize messages with types and n-grams via inferring the type distribution of each message. The type distribution is finally used to measure the similarity of messages. According to this similarity, the approach clusters messages and further extracts message formats. Experimental results of the approach against Netzob in terms of a number of protocols indicate that the correctness and conciseness can be significantly improved, e.g., figures 43.86% and 3.87%, respectively for the CoAP protocol.

show abstract

“…All of the aforementioned issues can be mitigated or avoided altogether with effective testing mechanisms for pub/sub brokers. In that regard, one of the most ideal and necessary testing techniques for pub/sub protocols is fuzzing (Luo et al, 2018;Praveen et al, 2023), which consists in generating and sending random inputs to a message broker. The output of the broker is then analyzed for potential weaknesses.…”

Section: Introductionmentioning

confidence: 99%

“…Third, it can mitigate implementation issues and zero-day attacks. These benefits are reasons why fuzz testing is considered the primary bug-finding technique for most software applications (Munea, Lim, et al, 2016;Munea, Luk Kim, et al, 2017;Luo et al, 2018;Boehme et al, 2021;Vinzenz and Oka, 2021).…”

Section: Introductionmentioning

confidence: 99%

Mechanisms to improve fuzz testing for message brokers

Rodriguez

View full text Add to dashboard Cite

Martins for their unconditional support and trust in me. Thank you to Inês Laccort for the friendship, encouragement, and support during the difficult times of my graduate studies. Thank you to Elenir Voi Xavier, my portuguese teacher and friend, for always believing in me. Thank you to Denise Dalcol for the friendship we have maintained after earning our Master's degrees.Thank you to CAPES and CNPq (grant 381249/2022-0) for the financial support, which was crucial for the completion of this thesis.Finally, thank you to everyone who has supported me on this incredible journey. I am truly honored and blessed to have known every single one of you, and to have represented my home country Honduras for the last couple of years.

show abstract

IoT Application-Layer Protocol Vulnerability Detection using Reverse Engineering

Cited by 13 publications

References 41 publications

SIEM-based detection and mitigation of IoT-botnet DDoS attacks

SIEM-based detection and mitigation of IoT-botnet DDoS attacks

A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering

Mechanisms to improve fuzz testing for message brokers

Contact Info

Product

Resources

About