Fuzzy Hashing on Firmwares Images: A Comparative Analysis

Authors

Daojing He, Harbin Institute of Technology
Xiaohu Yu, East China Normal University
Shanshan Zhu, East China Normal University
Sammy Chan, City University of Hong Kong
Mohsen Guizani, Mohamed Bin Zayed University of Artificial IntelligenceFollow

Document Type

Article

Publication Title

IEEE Internet Computing

Abstract

With the fast development of the Internet of Things (IoT) technology, there are more and more attacks against IoT devices, and IoT security issues have attracted considerable attention. Due to the widespread phenomenon that different IoT firmwares reuse the same code, code similarity comparison is an important technique for IoT security analysis. Fuzzy hashing generates fingerprints of files by converting them into intermediate expressions and hashing such expressions, evaluating the fingerprint similarity and thus evaluating the similarity of files that are not identical. In this paper, we analyze and compare today's most widely used fuzzy hashing tools, and classify them in detail. In addition, we also analyze the advantages and disadvantages of different algorithms used by these fuzzy hashing tools. Finally, we select a few of the most convincing fuzzy hashing tools, such as ssdeep and TLSH, for performance comparison by experimental analysis on real firmware datasets.

First Page

1

Last Page

6

DOI

10.1109/MIC.2022.3225811

Publication Date

12-1-2022

Keywords

firmware, fuzzy hashing, homology, Internet of Things

Comments

IR Deposit conditions:

OA version (pathway a) Accepted version

No embargo

When accepted for publication, set statement to accompany deposit (see policy)

Must link to publisher version with DOI

Publisher copyright and source must be acknowledged

Recommended Citation

D. He, X. Yu, S. Zhu, S. Chan and M. Guizani, "Fuzzy Hashing on Firmwares Images: A Comparative Analysis," in ,i>IEEE Internet Computing, doi: 10.1109/MIC.2022.3225811.