Ihb: A Scalable And Efficient Scheme To Identify Homologous Binaries In Iot Firmwares

Due to the extensive code reuse and the widespread use of third-party SDKs, homologous binaries are widely found in IoT firmwares. Once a vulnerability is found in one firmware, other firmwares sharing the similar piece of codes are at high risk. Thus, homologous binary search is of great significance to IoT firmware security analysis. However, there are still no scalable and efficient homologous binary search methods for IoT firmwares. The time complexity of the state-of-the-art method is O(N), and it is not scalable for large-scale IoT firmwares. In this paper, we design, implement, and evaluate a scalable and efficient homologous binary search scheme (termed as IHB) for IoT firmwares with time complexity O(1). The main idea of our methodology is to leverage readable strings in binaries to calculate the similarities between different IoT firmwares. Furthermore, we employ a string filter and the string-based MinHash to achieve both accuracy and efficiency. We test both our scheme and the state-of-the-art methods on a real dataset containing 1024 binary files. The results show that our method is three orders of magnitude more efficient than the existing methods. Meanwhile, our method has a higher true positive rate (92.88%) and a lower false positive rate (2.83%). In the interest of open science, we also make our tools and datasets publicly available to seed future improvements.