Hunting the Ghost: Towards Automatic Mining of IoT Hidden Services

Shuaike Dong; Siyu Shen; Zhou Li; Kehuan Zhang

arXiv:2505.06822·cs.CR·May 29, 2025

Hunting the Ghost: Towards Automatic Mining of IoT Hidden Services

Shuaike Dong, Siyu Shen, Zhou Li, Kehuan Zhang

PDF

Open Access

TL;DR

This paper presents an automated static analysis and symbolic execution tool designed to detect hidden, potentially malicious services in IoT device firmware, enhancing security by uncovering covert functionalities.

Contribution

The paper introduces a novel automated firmware analysis method combining static analysis and symbolic execution for identifying hidden IoT services.

Findings

01

Effective detection of suspicious hidden services in IoT firmware

02

Prototype successfully evaluated on real IoT firmware datasets

03

Tool demonstrates high accuracy and efficiency in uncovering covert services

Abstract

In this paper, we proposes an automatic firmware analysis tool targeting at finding hidden services that may be potentially harmful to the IoT devices. Our approach uses static analysis and symbolic execution to search and filter services that are transparent to normal users but explicit to experienced attackers. A prototype is built and evaluated against a dataset of IoT firmware, and The evaluation shows our tool can find the suspicious hidden services effectively.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Spam and Phishing Detection