A Deep Learning Approach to Discover Router Firmware Vulnerabilities

Abstract

An attack on Industrial IoT systems can cause severe damage to connected devices and their owners. Therefore, detecting router firmware vulnerabilities has become a critical issue. However, collecting a dataset of firmware samples is challenging as no open-source datasets are available online. A manual effort was required to verify the states of samples in both the Common Vulnerabilities and Exposures (CVE) and The National Vulnerability Database (NVD) databases as either vulnerable or benign. After verification, 1450 samples were collected. This paper investigates the effectiveness of using convolutional neural networks (CNNs) and computer vision techniques to analyze home router firmware. The collected firmware samples were read as an array of byte strings, divided into sub-arrays based on the image's dimensions, then layered on top of one another to produce the firmware images. The images were divided by manufacturer and used as inputs for various CNN models to test their accuracy. Three statistical filtering algorithms were used on each manufacturer's set to produce multiple versions of each set, totaling 24 datasets across four manufacturers, with six datasets per manufacturer (4 filtered images and two grayscale and RGB images). The image filter algorithms used include local binary pattern (LBP), histogram-oriented gradients (HOG), and Gabor filter used on the LBP and HOG sets. After testing all combinations of the filtered/normal datasets with the CNN training model, the HOG filter was the most accurate, with an average accuracy of 85.81% across all tests and models, with results as high as 97.94% when used with the appropriate CNN model.