# BBDetector: Intelligent border binary detection in IoT device firmware based on a multidimensional feature model

**Authors:** Shudan Yue, Guimin Zhang, Qingbao Li, Wenbo Zhang, Xiaonan Li, Weihua Jiao, Fredrick Ishengoma, Mudassir Khan, Mudassir Khan, Mudassir Khan

PMC · DOI: 10.1371/journal.pone.0329469 · PLOS One · 2025-08-07

## TL;DR

BBDetector is a new method for detecting border binaries in IoT device firmware, improving accuracy and reducing false negatives.

## Contribution

Introduces BBDetector, a multidimensional feature model-based approach with ensemble learning for border binary detection in IoT firmware.

## Key findings

- BBDetector achieved 94.98% precision, 91.02% recall, and 92.84% F1 score on Dataset I.
- Detected 3.25 and 2.23 times more border binaries than Karonte and SaTC on Dataset II.
- Enhances vulnerability detection accuracy and reduces firmware analysis complexity.

## Abstract

In the field of firmware security analysis for Internet of Things (IoT) devices, border binary detection has become an important research focus. However, the existing methods for border binary detection have problems such as insufficient feature characterization, high false-negative rates, and low intelligence levels. To mitigate these issues, we introduce BBDetector, a border binary detection method based on a multidimensional feature model. First, we constructed the first known set of border binaries at a certain scale by collecting and analyzing a diverse set of real-world firmware. To characterize the features of border binaries comprehensively, we proposed a multidimensional feature model (MDFM). Next, we extracted the feature vectors of binaries via the MDFM and designed a novel stacking method to achieve border binary detection. This method involves ensemble learning, combining extreme gradient boosting, light gradient boosting machine, and categorical boosting as base learners with random forest as the meta-learner. Finally, a border binary detection model (XLC-R) was obtained by training with feature vectors. We tested and evaluated BBDetector on two datasets. The experimental results showed that XLC-R achieved a precision of 94.98%, a recall of 91.02%, and an F1 score of 92.84% for the constructed representative Dataset I. Additionally, BBDetector detected 3.25 times and 2.23 times more border binaries in Dataset II than did the state-of-the-art tools Karonte and SaTC, respectively. BBDetector provides an accurate method for border binary detection in IoT firmware security analysis, significantly enhancing the pertinence of vulnerability detection, dramatically reducing the complexity of firmware security analysis, and providing essential technical support for improving IoT device security.

## Full-text entities

- **Diseases:** XLC-R (MESH:C580424)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12331098/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12331098/full.md

## References

40 references — full list in the complete paper: https://tomesphere.com/paper/PMC12331098/full.md

---
Source: https://tomesphere.com/paper/PMC12331098