Fuzzy Hashing on Firmwares Images: A Comparative Analysis
IEEE Internet Computing
With the fast development of the Internet of Things (IoT) technology, there are more and more attacks against IoT devices, and IoT security issues have attracted considerable attention. Due to the widespread phenomenon that different IoT firmwares reuse the same code, code similarity comparison is an important technique for IoT security analysis. Fuzzy hashing generates fingerprints of files by converting them into intermediate expressions and hashing such expressions, evaluating the fingerprint similarity and thus evaluating the similarity of files that are not identical. In this paper, we analyze and compare today's most widely used fuzzy hashing tools, and classify them in detail. In addition, we also analyze the advantages and disadvantages of different algorithms used by these fuzzy hashing tools. Finally, we select a few of the most convincing fuzzy hashing tools, such as ssdeep and TLSH, for performance comparison by experimental analysis on real firmware datasets.
firmware, fuzzy hashing, homology, Internet of Things
D. He, X. Yu, S. Zhu, S. Chan and M. Guizani, "Fuzzy Hashing on Firmwares Images: A Comparative Analysis," in ,i>IEEE Internet Computing, doi: 10.1109/MIC.2022.3225811.
IR Deposit conditions:
OA version (pathway a) Accepted version
When accepted for publication, set statement to accompany deposit (see policy)
Must link to publisher version with DOI
Publisher copyright and source must be acknowledged