A Deep Learning Approach to Discover Router Firmware Vulnerabilities

Amjad Abu-Mahfouz, Saed Alrabaee, Mahmoud Khasawneh, Marton Gergely, Kim Kwang Raymond Choo

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Industrial Internet of Things (IoT)-connected devices are now nearly ubiquitous in the world, and routers are a central point for connecting these Industrial IoT devices. As a router's firmware controls the basic functions of Industrial IoT devices, it is considered the heart of IoT. An Industrial IoT cyberattack can cause huge damage to the connected devices and harm to their owners. Thus, router firmware vulnerability detection has recently become an emerging issue in this domain. As a result, an efficient and precise detection tool is a necessity to this domain. However, the firmware dataset collection is the most challenging step as there are no open-source datasets available online. A manual effort was required to verify the states of samples in both the Common Vulnerabilities and Exposures and the National Vulnerability Database databases as either vulnerable or benign. After verification, 1450 samples were collected. This article investigates the effectiveness of using convolutional neural networks (CNNs) and computer vision techniques to analyze home router firmware. The collected firmware samples were read as an array of byte strings, divided into subarrays based on the image's dimensions, and then layered on top of one another to produce the firmware images. The images were divided by manufacturer and used as inputs for various CNN models to test their accuracy. Three statistical filtering algorithms were used on each manufacturer's set to produce multiple versions of each set, totaling 24 datasets across four manufacturers, with six datasets per manufacturer (four filtered images and two grayscale and RGB images). The image filter algorithms used include local binary pattern (LBP), histogram of oriented gradients (HOG), and Gabor filter used on the LBP and HOG sets. After testing all the combinations of the filtered/normal datasets with the CNN training model, the HOG filter was the most accurate, with an average accuracy of 85.81% across all tests and models, with results as high as 97.94% when used with the appropriate CNN model.

Original languageEnglish
Pages (from-to)691-702
Number of pages12
JournalIEEE Transactions on Industrial Informatics
Volume20
Issue number1
DOIs
Publication statusPublished - Jan 1 2024

Keywords

  • Convolutional neural network (CNN)
  • Industrial Internet of Things cybersecurity
  • router firmware vulnerability

ASJC Scopus subject areas

  • Information Systems
  • Electrical and Electronic Engineering
  • Control and Systems Engineering
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'A Deep Learning Approach to Discover Router Firmware Vulnerabilities'. Together they form a unique fingerprint.

Cite this