{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,22]],"date-time":"2026-03-22T08:24:05Z","timestamp":1774167845420,"version":"3.50.1"},"publisher-location":"Cham","reference-count":58,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319934105","type":"print"},{"value":"9783319934112","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93411-2_6","type":"book-chapter","created":{"date-parts":[[2018,6,7]],"date-time":"2018-06-07T07:49:28Z","timestamp":1528357768000},"page":"114-138","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":41,"title":["BINARM: Scalable and Efficient Detection of Vulnerabilities in Firmware Images of Intelligent Electronic Devices"],"prefix":"10.1007","author":[{"given":"Paria","family":"Shirani","sequence":"first","affiliation":[]},{"given":"Leo","family":"Collard","sequence":"additional","affiliation":[]},{"given":"Basile L.","family":"Agba","sequence":"additional","affiliation":[]},{"given":"Bernard","family":"Lebel","sequence":"additional","affiliation":[]},{"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[]},{"given":"Lingyu","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Aiman","family":"Hanna","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,8]]},"reference":[{"key":"6_CR1","unstructured":"IEC 61850 - Communication Networks and Systems for Power Utility Automation. \n                      https:\/\/webstore.iec.ch\/publication\/6028\n                      \n                    . Accessed 2018"},{"key":"6_CR2","unstructured":"WIN32\/INDUSTROYER: A New Threat for Industrial Control Systems. \n                      https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/06\/Win32_Industroyer.pdf"},{"key":"6_CR3","unstructured":"NIST\/SEMATECH e-Handbook of Statistical Methods (2015). \n                      http:\/\/www.itl.nist.gov\/div898\/handbook\/"},{"key":"6_CR4","unstructured":"ARM Instruction Reference (2017). \n                      http:\/\/infocenter.arm.com\/help\/index.jsp?topic=\/com.arm.doc.dui0068b\/CIHEDHIF.html"},{"key":"6_CR5","unstructured":"Common Vulnerabilities and Exposures (2017). \n                      https:\/\/nvd.nist.gov\/"},{"key":"6_CR6","unstructured":"ICS-CERT: Critical Infrastructure Sectors (2017). \n                      https:\/\/www.dhs.gov\/critical-infrastructure-sectors"},{"key":"6_CR7","unstructured":"IDA Pro (2017). \n                      https:\/\/www.hex-rays.com\/products\/ida\/"},{"key":"6_CR8","unstructured":"NI PMU1_0_11.lvappimg (2017). \n                      http:\/\/digital.ni.com\/public.nsf\/allkb\/5391E8424944D0BC86257E45000B025C"},{"key":"6_CR9","unstructured":"ReadyNAS Firmware Image v6.1.6 (2017). \n                      http:\/\/www.downloads.netgear.com\/files\/GDC\/READYNAS-100\/ReadyNASOS-6.1.6-arm.zip"},{"key":"6_CR10","unstructured":"Security Intelligence (2017). \n                      https:\/\/securityintelligence.com\/attacks-targeting-industrial-control-systems-ics-up-110-percent\/"},{"issue":"2","key":"6_CR11","first-page":"8","volume":"21","author":"S Alrabaee","year":"2018","unstructured":"Alrabaee, S., Shirani, P., Wang, L., Debbabi, M.: FOSSIL: a resilient and efficient system for identifying FOSS functions in malware binaries. ACM Trans. Priv. Secur. (TOPS) 21(2), 8 (2018)","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"issue":"4","key":"6_CR12","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1145\/2896499","volume":"48","author":"J Caballero","year":"2016","unstructured":"Caballero, J., Lin, Z.: Type inference on executables. ACM Comput. Surv. (CSUR) 48(4), 65 (2016)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Chen, B., Dong, X., Bai, G., Jauhar, S., Cheng, Y.: Secure and efficient software-based attestation for industrial control devices with arm processors. In: ACSAC (2017)","DOI":"10.1145\/3134600.3134621"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Egele, M., Woo, M., Brumley, D.: Towards automated dynamic analysis for Linux-based embedded firmware. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23415"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Cheng, L., Tian, K., Yao, D.D.: Orpheus: enforcing cyber-physical execution semantics to defend against data-oriented attacks (2017)","DOI":"10.1145\/3134600.3134640"},{"key":"6_CR16","volume-title":"Introduction to Algorithms","author":"TH Cormen","year":"2009","unstructured":"Cormen, T.H.: Introduction to Algorithms. MIT Press, Cambridge (2009)"},{"key":"6_CR17","unstructured":"Costin, A., Zaddach, J., Francillon, A., Balzarotti, D., Antipolis, S.: A large-scale analysis of the security of embedded firmwares. In: USENIX Security (2014)"},{"issue":"6","key":"6_CR18","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1145\/2666356.2594343","volume":"49","author":"Yaniv David","year":"2014","unstructured":"David, Y., Yahav, E.: Tracelet-based code search in executables. In: ACM SIGPLAN Notices, vol. 49, pp. 349\u2013360. ACM (2014)","journal-title":"ACM SIGPLAN Notices"},{"key":"6_CR19","unstructured":"Davidson, D., Moench, B., Ristenpart, T., Jha, S.: FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: USENIX, Security, pp. 463\u2013478 (2013)"},{"issue":"1","key":"6_CR20","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/BF02294713","volume":"67","author":"E Dimitriadou","year":"2002","unstructured":"Dimitriadou, E., Dolni\u010dar, S., Weingessel, A.: An examination of indexes for determining the number of clusters in binary data sets. Psychometrika 67(1), 137\u2013159 (2002)","journal-title":"Psychometrika"},{"key":"6_CR21","first-page":"1","volume":"5","author":"T Dullien","year":"2005","unstructured":"Dullien, T., Rolles, R.: Graph-based comparison of executable objects (English version). SSTIC 5, 1\u20133 (2005)","journal-title":"SSTIC"},{"key":"6_CR22","unstructured":"Egele, M., Woo, M., Chapman, P., Brumley, D.: Blanket execution: dynamic similarity testing for program binaries and components. In: Usenix, Security, pp. 303\u2013317 (2014)"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Eschweiler, S., Yakdan, K., Gerhards-Padilla, E.: discovRe: Efficient cross-architecture identification of bugs in binary code. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23185"},{"key":"6_CR24","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier. White paper, vol. 5, p. 6. Symantec Corp., Security Response (2011)"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: CCS. ACM (2016)","DOI":"10.1145\/2976749.2978370"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of android malware using embedded call graphs. In: AISEC. ACM (2013)","DOI":"10.1145\/2517312.2517315"},{"key":"6_CR27","unstructured":"Griffin, C.: Graph theory: Penn state math 485 lecture notes (2011\u20132012). \n                      http:\/\/www.personal.psu.edu\/cxg286\/Math485.pdf"},{"key":"6_CR28","unstructured":"Groarke, D.G.R.: The Networked Grid 150: The End-to-end Smart Grid Vendor Ecosystem Report and Rankings (2013). \n                      https:\/\/www.greentechmedia.com\/research\/report\/the-networked-grid-150-report-and-rankings-2013"},{"key":"6_CR29","volume-title":"Data Mining: Concepts and Techniques","author":"J Han","year":"2011","unstructured":"Han, J., Pei, J., Kamber, M.: Data Mining: Concepts and Techniques. Elsevier, New York (2011)"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Hido, S., Kashima, H.: A linear-time graph kernel. In: ICDM (2009)","DOI":"10.1109\/ICDM.2009.30"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Huang, H., Youssef, A.M., Debbabi, M.: BinSequence: fast, accurate and scalable binary code reuse detection. In: ASIACCS. ACM (2017)","DOI":"10.1145\/3052973.3052974"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Ioffe, S.: Improved consistent sampling, weighted minhash and l1 sketching. In: ICDM (2010)","DOI":"10.1109\/ICDM.2010.80"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Khoo, W.M., Mycroft, A., Anderson, R.: Rendezvous: a search engine for binary code. In: MSR (2013)","DOI":"10.1109\/MSR.2013.6624046"},{"key":"6_CR34","unstructured":"Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: USENIX Security (2004)"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Kwon, Y., Kim, H.K., Koumadi, K.M., Lim, Y.H., Lim, J.I.: Automated vulnerability analysis technique for smart grid infrastructure. In: ISGT 2017 (2017)","DOI":"10.1109\/ISGT.2017.8085965"},{"issue":"3","key":"6_CR36","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"Ralph Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. In: IEEE SP (2011)","journal-title":"IEEE Security & Privacy Magazine"},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Liu, M., Zhang, Y., Li, J., Shu, J., Gu, D.: Security analysis of vendor customized code in firmware of embedded device. In: SecureComm (2016)","DOI":"10.1007\/978-3-319-59608-2_40"},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Luo, L., Ming, J., Wu, D., Liu, P., Zhu, S.: Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection. In: ACM SIGSOFT (2014)","DOI":"10.1145\/2635868.2635900"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Mackiewicz, R.: Overview of IEC 61850 and benefits. In: PSCE (2006)","DOI":"10.1109\/PES.2006.1709546"},{"key":"6_CR40","unstructured":"Nazario, J.: Blackenergy DDOS bot analysis. Arbor Networks (2007)"},{"key":"6_CR41","unstructured":"Neichin, G., Cheng, D., Haji, S., Gould, J., Mukerji, D., Hague, D.: 2010 US Smart Grid Vendor Ecosystem (2010)"},{"key":"6_CR42","doi-asserted-by":"crossref","unstructured":"Oliver, J., Cheng, C., Chen, Y.: TLSH-a locality sensitive hash. In: CTC (2013)","DOI":"10.1109\/CTC.2013.9"},{"key":"6_CR43","doi-asserted-by":"publisher","first-page":"1226","DOI":"10.1109\/TPAMI.2005.159","volume":"27","author":"H Peng","year":"2005","unstructured":"Peng, H., Long, F., Ding, C.: Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. IEEE TPAMI 27, 1226\u20131238 (2005)","journal-title":"IEEE TPAMI"},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Pewny, J., Garmany, B., Gawlik, R., Rossow, C., Holz, T.: Cross-architecture bug search in binary executables. In: IEEE SP (2015)","DOI":"10.1109\/SP.2015.49"},{"key":"6_CR45","doi-asserted-by":"crossref","unstructured":"Rad, B.B., Masrom, M., Ibrahim, S.: Opcodes histogram for classifying metamorphic portable executables malware. In: ICEEE (2012)","DOI":"10.1109\/ICeLeTE.2012.6333411"},{"key":"6_CR46","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: DIMVA (2008)"},{"key":"6_CR47","unstructured":"Series, I.: Business blackout. \n                      https:\/\/www.lloyds.com\/~\/media\/files\/news-and-insight\/risk-insight\/2015\/business-blackout\/business-blackout20150708.pdf"},{"key":"6_CR48","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1007\/978-3-319-60876-1_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Paria Shirani","year":"2017","unstructured":"Shirani, P., Wang, L., Debbabi, M.: BinShape: scalable and robust binary library function identification using function shape. In: DIMVA (2017)"},{"key":"6_CR49","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23294"},{"key":"6_CR50","doi-asserted-by":"crossref","unstructured":"Shu, X., Yao, D., Ramakrishnan, N.: Unearthing stealthy program attacks buried in extremely long execution paths. In: CCS. ACM (2015)","DOI":"10.1145\/2810103.2813654"},{"key":"6_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-75208-2_1","volume-title":"Smart Card Research and Advanced Applications","author":"O Shwartz","year":"2018","unstructured":"Shwartz, O., Mathov, Y., Bohadana, M., Elovici, Y., Oren, Y.: Opening Pandora\u2019s box: effective techniques for reverse engineering IoT devices. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 1\u201321. Springer, Cham (2018). \n                      https:\/\/doi.org\/10.1007\/978-3-319-75208-2_1"},{"key":"6_CR52","unstructured":"Slowinska, A., Stancescu, T., Bos, H.: Body armor for binaries: preventing buffer overflows without recompilation. In: USENIX Annual Technical Conference, pp. 125\u2013137 (2012)"},{"key":"6_CR53","unstructured":"Wang, T., Wei, T., Lin, Z., Zou, W.: Intscope: automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: NDSS (2009)"},{"key":"6_CR54","doi-asserted-by":"crossref","unstructured":"Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., Song, D.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 363\u2013376. ACM (2017)","DOI":"10.1145\/3133956.3134018"},{"key":"6_CR55","doi-asserted-by":"crossref","unstructured":"Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: AVATAR: a framework to support dynamic security analysis of embedded systems\u2019 firmwares. In: NDSS (2014)","DOI":"10.14722\/ndss.2014.23229"},{"key":"6_CR56","unstructured":"Zaddach, J., Costin, A.: Embedded devices security and firmware reverse engineering. Black-Hat USA (2013)"},{"key":"6_CR57","unstructured":"Zheng, Y., Ott, W., Gupta, C., Graur, D.: A scale-free method for testing the proportionality of branch lengths between two phylogenetic trees. arXiv preprint \n                      arXiv:1503.04120\n                      \n                     (2015)"},{"key":"6_CR58","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.ijcip.2016.12.002","volume":"16","author":"R Zhu","year":"2017","unstructured":"Zhu, R., Zhang, B., Mao, J., Zhang, Q., Tan, Y.-A.: A methodology for determining the image base of arm-based industrial control system firmware. Int. J. Crit. Infrastruct. Prot. 16, 26\u201335 (2017)","journal-title":"Int. J. Crit. Infrastruct. Prot."}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93411-2_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T03:18:25Z","timestamp":1583205505000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93411-2_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319934105","9783319934112"],"references-count":58,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93411-2_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saclay","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}