Firmware version detection method and vulnerability repair rate evaluation method of internet of things device

An Internet of Things device and firmware version technology, which is applied in version control, software maintenance/management, etc., can solve the problems of unusable, inability to realize large-scale online identification of the firmware version number of networked devices, and low detection accuracy, so as to achieve accurate detection, The effect of efficient firmware version detection

Active Publication Date: 2019-02-22
NAT UNIV OF DEFENSE TECH
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the fingerprint extraction of the web interface in this scheme must rely on the firmware simulation virtualization device, and the existing firmware simulation technology can only successfully simulate about 10% of the firmware, so it cannot be used for large-scale device firmware in the real network In fingerprint recognition, it is impossible to realize large-scale online identification of the firmware version number of networked devices, and the use of simulated devices for testing may not be consistent with the fingerprints of real devices, and its actual detection accuracy is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firmware version detection method and vulnerability repair rate evaluation method of internet of things device
  • Firmware version detection method and vulnerability repair rate evaluation method of internet of things device
  • Firmware version detection method and vulnerability repair rate evaluation method of internet of things device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The present invention will be further described below in conjunction with the accompanying drawings and specific preferred embodiments, but the protection scope of the present invention is not limited thereby.

[0045] Such as figure 1 , 2 As shown, the steps of the method for detecting the firmware version of the Internet of Things device in this embodiment include:

[0046] S1. Firmware image file library construction: respectively obtain firmware image files corresponding to various firmware versions of different device models and store them in the database to obtain a firmware image file library;

[0047] S2.Web root directory positioning: extract the file system therein after decompressing each firmware image file in the firmware image file library respectively, and determine the Web root directory of each file system;

[0048] S3. Firmware version feature library construction: traverse and search the web root directory to find all web static resources, extract t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a firmware version detection method and a vulnerability repair rate evaluation method of an Internet of Things device. The detection method comprises the following steps: S1, acquiring a firmware image file; 2, extracting that file system after decompressing the firmware image files, and determining the Web root directory of each file system; 3, searching Web static resources, respectively extracting eigenvalues of each Web static resource in various firmware versions under each device model, and constructing correspond firmware version characteristic tables; S4, obtaining the IP address list and firmware version characteristic table of the required device type, scanning fingerprint, extracting corresponding fingerprint, and identifying the firmware version number of the device; The evaluation method includes obtaining model version information of the target vulnerability, and calculating the repair rate of the target vulnerability according to the result of thedetection method. The invention has the advantages of simple realization method, high detection accuracy and efficiency, and the vulnerability repair rate evaluation without triggering the vulnerability.

Description

technical field [0001] The present invention relates to the technical field of Internet of Things devices, in particular to a method for detecting firmware versions of Internet of Things devices and a method for evaluating vulnerability repair rates. Background technique [0002] With the development of the Internet of Things, the number of Internet-connected devices has grown rapidly, with various types and manufacturers. Due to the loopholes in the devices, various security issues have also occurred frequently. Since networked devices are generally unattended, even if vulnerabilities are found, they cannot be repaired in time. Therefore, it is of great significance to evaluate the repair rate of known vulnerabilities in networked devices. If there is no version detection, the current traditional method is to use the vulnerability trigger code to write a scanning program, and use the vulnerability attack test to judge its repair status. However, it is illegal to conduct an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F8/71
CPCG06F8/71
Inventor 解炜蒋轶焜唐勇陈曙晖喻波杨强周旭
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap