A Deep Learning Approach to Discover Router Firmware Vulnerabilities

Industrial Internet of Things (IoT)-connected devices are now nearly ubiquitous in the world, and routers are a central point for connecting these Industrial IoT devices. As a router's firmware controls the basic functions of Industrial IoT devices, it is considered the heart of IoT. An Industrial IoT cyberattack can cause huge damage to the connected devices and harm to their owners. Thus, router firmware vulnerability detection has recently become an emerging issue in this domain. As a result, an efficient and precise detection tool is a necessity to this domain. However, the firmware dataset collection is the most challenging step as there are no open-source datasets available online. A manual effort was required to verify the states of samples in both the Common Vulnerabilities and Exposures and the National Vulnerability Database databases as either vulnerable or benign. After verification, 1450 samples were collected. This article investigates the effectiveness of using convolutional neural networks (CNNs) and computer vision techniques to analyze home router firmware. The collected firmware samples were read as an array of byte strings, divided into subarrays based on the image's dimensions, and then layered on top of one another to produce the firmware images. The images were divided by manufacturer and used as inputs for various CNN models to test their accuracy. Three statistical filtering algorithms were used on each manufacturer's set to produce multiple versions of each set, totaling 24 datasets across four manufacturers, with six datasets per manufacturer (four filtered images and two grayscale and RGB images). The image filter algorithms used include local binary pattern (LBP), histogram of oriented gradients (HOG), and Gabor filter used on the LBP and HOG sets. After testing all the combinations of the filtered/normal datasets with the CNN training model, the HOG filter was the most accurate, with an average accuracy of 85.81% across all tests and models, with results as high as 97.94% when used with the appropriate CNN model.