{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T03:43:15Z","timestamp":1773546195980,"version":"3.50.1"},"reference-count":115,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2020,2,6]],"date-time":"2020-02-06T00:00:00Z","timestamp":1580947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>With the prosperity of the Internet of Things (IoT) industry environment, the variety and quantity of IoT devices have grown rapidly. IoT devices have been widely used in smart homes, smart wear, smart manufacturing, smart cars, smart medical care, and many other life-related fields. With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users\u2019 privacy and property. This paper first describes the research background, including IoT architecture, device components, and attack surfaces. We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation. Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.<\/jats:p>","DOI":"10.3390\/fi12020027","type":"journal-article","created":{"date-parts":[[2020,2,7]],"date-time":"2020-02-07T03:13:27Z","timestamp":1581045207000},"page":"27","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":81,"title":["A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7462-9176","authenticated-orcid":false,"given":"Miao","family":"Yu","sequence":"first","affiliation":[{"name":"Institute of Network Science and Cyberspace, Tsinghua University, Beijing 100091, China"}]},{"given":"Jianwei","family":"Zhuge","sequence":"additional","affiliation":[{"name":"Institute of Network Science and Cyberspace, Tsinghua University, Beijing 100091, China"},{"name":"Beijing National Research Center for Information Science and Technology, Beijing 100000, China"}]},{"given":"Ming","family":"Cao","sequence":"additional","affiliation":[{"name":"China Information Technology Security Evaluation Center, Beijing 100085, China"}]},{"given":"Zhiwei","family":"Shi","sequence":"additional","affiliation":[{"name":"China Information Technology Security Evaluation Center, Beijing 100085, China"}]},{"given":"Lin","family":"Jiang","sequence":"additional","affiliation":[{"name":"China Luoyang Electronic Equipment Test Center, Luoyang 471000, China"}]}],"member":"1968","published-online":{"date-parts":[[2020,2,6]]},"reference":[{"key":"ref_1","unstructured":"Lueth, K.L. (2019, December 06). State of the IoT 2018: Number of IoT Devices Now at 7B\u2014Market Accelerating. Available online: https:\/\/iot-analytics.com\/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b\/."},{"key":"ref_2","unstructured":"Rawlinson, K. (2019, December 06). Internet of Things Research Study. Available online: https:\/\/www8.hp.com\/us\/en\/hp-news\/press-release.html?id=1744676."},{"key":"ref_3","unstructured":"Wikipedia (2019, December 06). Mirai(malware). Available online: https:\/\/en.wikipedia.org\/wiki\/Mirai_(malware)."},{"key":"ref_4","unstructured":"Trevor, H. (2019, December 06). Internet of Things (IoT) History. Available online: https:\/\/www.postscapes.com\/iot-history\/."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Gan, G., Lu, Z., and Jiang, J. (2011, January 16\u201318). Internet of things security analysis. Proceedings of the International Conference on Internet Technology and Applications, Wuhan, China.","DOI":"10.1109\/ITAP.2011.6006307"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Suo, H., Wan, J., Zou, C., and Liu, J. (2012, January 23\u201325). Security in the internet of things: A review. Proceedings of the International Conference on Computer Science and Electronics Engineering, Hangzhou, China.","DOI":"10.1109\/ICCSEE.2012.373"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Zhao, K., and Ge, L. (2013, January 14\u201315). A survey on the internet of things security. Proceedings of the 2013 Ninth International Conference on Computational Intelligence and Security, Leshan, China.","DOI":"10.1109\/CIS.2013.145"},{"key":"ref_8","unstructured":"Pescatore, J., and Shpantzer, G. (2014). Securing the Internet of Things Survey, SANS Institute."},{"key":"ref_9","first-page":"450","article-title":"Security issues in Internet of things (IoT): A survey","volume":"5","author":"Balte","year":"2018","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng."},{"key":"ref_10","first-page":"1","article-title":"IoT middleware: A survey on issues and enabling technologies","volume":"4","author":"Ngu","year":"2016","journal-title":"IEEE Int. Things J."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1250","DOI":"10.1109\/JIOT.2017.2694844","article-title":"A survey on security and privacy issues in Internet-of-Things","volume":"4","author":"Yang","year":"2017","journal-title":"IEEE Int. Things J."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1016\/j.jnca.2017.04.002","article-title":"Internet of Things security: A survey","volume":"88","author":"Alaba","year":"2017","journal-title":"J. Net. Comput. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., and Shieh, S. (2014, January 17\u201319). IoT security: Ongoing challenges and research opportunities. Proceedings of the 7th IEEE International Conference on Service-Oriented Computing and Applications, Matsue, Japan.","DOI":"10.1109\/SOCA.2014.58"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Mahmoud, R., Yousuf, T., Aloul, F., and Zualkernan, I. (2015, January 14\u201316). Internet of things (IoT) security: Current status, challenges and prospective measures. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK.","DOI":"10.1109\/ICITST.2015.7412116"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1109\/MSP.2017.3151346","article-title":"Internet of things security research: A rehash of old ideas or new intellectual challenges","volume":"15","author":"Fernandes","year":"2017","journal-title":"IEEE Secur. Priv."},{"key":"ref_16","unstructured":"Al-Garadi, M.A., Mohamed, A., Al-Ali, A., Du, X., and Guizani, M. (2018). A survey of machine and deep learning methods for internet of things (IoT) security. arXiv, Available online: https:\/\/arxiv.org\/abs\/1807.11023."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Alrawi, O., Lever, C., Antonakakis, M., and Monrose, F. (2019, January 19\u201323). Sok: Security evaluation of home-based iot deployments. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00013"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Xie, W., Jiang, Y., Tang, Y., Ding, N., and Gao, Y. (2017, January 15\u201317). Vulnerability detection in iot firmware: A survey. Proceedings of the IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS), Shenzhen, China.","DOI":"10.1109\/ICPADS.2017.00104"},{"key":"ref_19","first-page":"61","article-title":"A Survey of IoT Device Vulnerability Mining Techniques","volume":"4","author":"Zheng","year":"2019","journal-title":"J. Cyber Secur."},{"key":"ref_20","unstructured":"Samsung (2019, December 06). Samsung SmartThings. Available online: https:\/\/www.smartthings.com\/."},{"key":"ref_21","unstructured":"Google (2019, December 06). Google Weave Project. Available online: https:\/\/developers.google.com\/weave\/."},{"key":"ref_22","unstructured":"Apple Inc. (2019, December 06). Apple HomeKit. Available online: http:\/\/www.apple.com\/ios\/home\/."},{"key":"ref_23","unstructured":"Home, A. (2019, December 06). Home Assistant. Available online: https:\/\/www.home-assistant.io."},{"key":"ref_24","unstructured":"Mi Inc. (2019, December 06). IoT Developer Platform. Available online: https:\/\/iot.mi.com\/."},{"key":"ref_25","unstructured":"WiFi, A. (2019, December 06). WiFi. Available online: https:\/\/www.wi-fi.org\/."},{"key":"ref_26","unstructured":"Zigbee, A. (2019, December 06). Zigbee. Available online: https:\/\/zigbee.org\/."},{"key":"ref_27","unstructured":"(2019, December 06). Bluetooth Technology Website. Available online: https:\/\/www.bluetooth.com\/."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Liu, X., Zhou, Z., Diao, W., Li, Z., and Hang, K. (2015, January 12\u201316). When good becomes evil: Keystroke inference with smartwatch. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA.","DOI":"10.1145\/2810103.2813668"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Das, A., Borisov, N., and Caesar, M. (2014, January 3\u20137). Do you hear what i hear?: Fingerprinting smart devices through embedded acoustic components. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA.","DOI":"10.1145\/2660267.2660325"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Vasyltsov, I., and Lee, S. (2015, January 14). Entropy extraction from bio-signals in healthcare IoT. Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security, Singapore.","DOI":"10.1145\/2732209.2732213"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"McCann, D., Eder, K., and Oswald, E. (2015, January 21\u201325). Characterising and comparing the energy consumption of side channel attack countermeasures and lightweight cryptography on embedded device. Proceedings of the International Workshop on Secure Internet of Things (SIoT), Vienna, Austria.","DOI":"10.1109\/SIOT.2015.11"},{"key":"ref_32","unstructured":"Stokes, P., and SentinelOne (2019, December 06). Checkm8: 5 Things You Should Know about the New Ios Boot Rom Exploit. Available online: https:\/\/www.sentinelone.com\/blog\/checkm8-5-things-you-should-know-new-ios-boot-rom-exploit\/."},{"key":"ref_33","unstructured":"MITRE Corp (2019, December 06). Marvell WiFi. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=+Marvell+WiFi."},{"key":"ref_34","unstructured":"Paganini, P. (2019, December 06). Million of Telestar Digital GmbH IoT Radio Devices Can Be Remotely Hacked. Available online: https:\/\/securityaffairs.co\/wordpress\/91069\/hacking\/telestar-iot-radio-devices-hack.html."},{"key":"ref_35","unstructured":"MITRE Corp (2019, December 06). CVE-2019-13473. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-13473."},{"key":"ref_36","unstructured":"MITRE Corp (2019, December 06). CVE-2019-13474. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-13474."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Costa Gondim, J.J., de Oliveira Albuquerque, R., Clayton Alves Nascimento, A., Garc\u00eda Villalba, L.J., and Kim, T.H. (2016). A methodological approach for assessing amplified reflection distributed denial of service on the internet of things. Sensors, 16.","DOI":"10.3390\/s16111855"},{"key":"ref_38","unstructured":"Wikipedia (2019, December 06). Constrained Application Protocol. Available online: https:\/\/en.wikipedia.org\/wiki\/Constrained_Application_Protocol."},{"key":"ref_39","unstructured":"UPnP Corp (2019, December 06). UPnP Device Architecture 1.0. Available online: http:\/\/www.upnp.org\/specs\/arch\/UPnP-arch-DeviceArchitecture-v1.0-20080424.pdf."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Li, C., Cai, Q., Li, J., Liu, H., Zhang, Y., Gu, D., and Yu, Y. (2018, January 18\u201320). Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Stockholm, Sweden.","DOI":"10.1145\/3212480.3212496"},{"key":"ref_41","unstructured":"Zhou, W., Jia, Y., Yao, Y., Zhu, L., Guan, L., Mao, Y., and Zhang, Y. (2018). Phantom Device Attack: Uncovering the Security Implications of the Interactions among Devices, IoT Cloud, and Mobile Apps. arXiv."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Vasile, S., Oswald, D., and Chothia, T. (2018, January 12\u201314). Breaking All the Things\u2014A Systematic Survey of Firmware Extraction Techniques for IoT Devices. Proceedings of the International Conference on Smart Card Research and Advanced Applications, Montpellier, France.","DOI":"10.1007\/978-3-030-15462-2_12"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Zaddach, J., Bruno, L., Francillon, A., and Balzarotti, D. (2014, January 23\u201326). AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems\u2019 Firmwares. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Kammerstetter, M., Platzer, C., and Kastner, W. (2014, January 3\u20136). Prospect: Peripheral proxying supported embedded code testing. Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, Kyoto, Japan.","DOI":"10.1145\/2590296.2590301"},{"key":"ref_45","unstructured":"Koscher, K., Kohno, T., and Molnar, D. (2015, January 10\u201311). SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems. Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, DC, USA."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Muench, M., Nisi, D., Francillon, A., and Balzarotti, D. (2018, January 18). Avatar 2: A Multi-target Orchestration Platform. Proceedings of the Workshop on Binary Analysis Research (colocated with NDSS Symposium), San Diego, CA, USA.","DOI":"10.14722\/bar.2018.23017"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Woo, M., Brumley, D., and Egele, M. (2016, January 21\u201324). Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref_48","unstructured":"Bellard, F. (2005, January 10\u201315). QEMU, a fast and portable dynamic translator. Proceedings of the USENIX Annual Technical Conference, Anaheim, CA, USA."},{"key":"ref_49","unstructured":"Wikipedia (2019, December 06). Fuzzing. Available online: https:\/\/en.wikipedia.org\/wiki\/Fuzzing."},{"key":"ref_50","unstructured":"Wikipedia (2019, December 06). Taint Checking. Available online: https:\/\/en.wikipedia.org\/wiki\/Taint_checking."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1145\/360248.360252","article-title":"Symbolic execution and program testing","volume":"19","author":"King","year":"1976","journal-title":"Commun. ACM"},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Alimi, V., Vernois, S., and Rosenberger, C. (2014, January 21\u201325). Analysis of embedded applications by evolutionary fuzzing. Proceedings of the 2014 International Conference on High Performance Computing & Simulation (HPCS), Bologna, Italy.","DOI":"10.1109\/HPCSim.2014.6903734"},{"key":"ref_53","first-page":"417","article-title":"Analysis of HTTP protocol implementation in smart card embedded web server","volume":"2","author":"Kamel","year":"2013","journal-title":"Int. J. Inf. Netw. Security (IJINS)"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., and Shacham, H. (2010, January 16\u201319). Experimental security analysis of a modern automobile. Proceedings of the IEEE Symposium on Security and Privacy (SP), Berkeley, CA, USA.","DOI":"10.1109\/SP.2010.34"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Lee, H., Choi, K., Chung, K., Kim, J., and Yim, K. (2015, January 24\u201327). Fuzzing can packets into automobiles. Proceedings of the 29th International Conference on Advanced Information Networking and Applications, Gwangiu, Korea.","DOI":"10.1109\/AINA.2015.274"},{"key":"ref_56","unstructured":"Wikipedia (2019, December 06). CAN bus. Available online: https:\/\/en.wikipedia.org\/wiki\/CAN_bus."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W.C., Sun, M., Yang, R., and Zhang, K. (2018, January 18\u201321). Iotfuzzer: Discovering Memory Corruptions in Iot through App-Based Fuzzing. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2018.23159"},{"key":"ref_58","unstructured":"Costin, A., Zarras, A., and Francillon, A. (June, January 30). Automated dynamic firmware analysis at scale: A case study on embedded web interfaces. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, Xi\u2019an, China."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Srivastava, P., Peng, H., Li, J., Okhravi, H., Shrobe, H., and Payer, M. (2019, January 15). FirmFuzz: Automated IoT Firmware Introspection and Analysis. Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, London, UK.","DOI":"10.1145\/3338507.3358616"},{"key":"ref_60","unstructured":"Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., and Sun, L. (2019, January 14\u201316). FIRM-AFL: High-throughput greybox fuzzing of iot firmware via augmented process emulation. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_61","unstructured":"Zalewski, M. (2019, December 06). American Fuzzy Lop. Available online: http:\/\/lcamtuf.coredump.cx\/afl."},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Muench, M., Stijohann, J., Kargl, F., Francillon, A., and Balzarotti, D. (2018, January 18\u201321). What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2018.23166"},{"key":"ref_63","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., and Whelan, R. (2015, January 15). Repeatable reverse engineering with PANDA. Proceedings of the 5th Program Protection and Reverse Engineering Workshop, Los Angeles, CA, USA.","DOI":"10.1145\/2843859.2843867"},{"key":"ref_64","unstructured":"Costin, A., Zaddach, J., Francillon, A., and Balzarotti, D. (2014, January 20\u201322). A large-scale analysis of the security of embedded firmwares. Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA."},{"key":"ref_65","unstructured":"Davidson, D., Moench, B., Ristenpart, T., and Jha, S. (2013, January 14\u201316). FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. Proceedings of the 22nd USENIX Security Symposium (USENIX Security 13), Washington, DC, USA."},{"key":"ref_66","unstructured":"Celik, Z.B., Babun, L., Sikder, A.K., Aksu, H., Tan, G., McDaniel, P., and Uluagac, A.S. (2008, January 8\u201310). KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation(OSDI 2008), San Diego, CA, USA."},{"key":"ref_67","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., and Vigna, G. (2015, January 8\u201311). Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2015.23294"},{"key":"ref_68","unstructured":"Celik, Z.B., Babun, L., Sikder, A.K., Aksu, H., Tan, G., McDaniel, P., and Uluagac, A.S. (2018, January 15\u201317). Sensitive information tracking in commodity IoT. Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA."},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Cheng, K., Li, Q., Wang, L., Chen, Q., Zheng, Y., Sun, L., and Liang, Z. (2018, January 25\u201328). DTaint: Detecting the taint-style vulnerability in embedded device firmware. Proceedings of the 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), Luxembourg.","DOI":"10.1109\/DSN.2018.00052"},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Cui, A., and Stolfo, S.J. (2010, January 6\u201310). A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. Proceedings of the 26th Annual Computer Security Applications Conference, Austin, TX, USA.","DOI":"10.1145\/1920261.1920276"},{"key":"ref_71","doi-asserted-by":"crossref","unstructured":"Al-Alami, H., Ali, H., and Hussein, A.B. (2017, January 6\u20137). Vulnerability scanning of IoT devices in Jordan using Shodan. Proceedings of the 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), Amman, Jordan.","DOI":"10.1109\/IT-DREPS.2017.8277814"},{"key":"ref_72","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., and Halderman, J.A. (2015, January 12\u201316). A search engine backed by Internet-wide scanning. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA.","DOI":"10.1145\/2810103.2813703"},{"key":"ref_73","unstructured":"Knownsec, Inc. (2019, December 06). Zoomeye. Available online: https:\/\/www.zoomeye.org\/."},{"key":"ref_74","unstructured":"Li, Z., Lu, S., Myagmar, S., and Zhou, Y. (2004, January 6\u20138). CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code. Proceedings of the 6th Symposium on Operating System Design and Implementation (OSDI 2004), San Francisco, CA, USA."},{"key":"ref_75","doi-asserted-by":"crossref","unstructured":"Jang, J., Agrawal, A., and Brumley, D. (2012, January 20\u201323). ReDeBug: Finding unpatched code clones in entire os distributions. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2012.13"},{"key":"ref_76","unstructured":"Wikipedia (2019, December 06). N-gram. Available online: https:\/\/en.wikipedia.org\/wiki\/N-gram."},{"key":"ref_77","doi-asserted-by":"crossref","unstructured":"Myles, G., and Christian, C. (2005, January 13\u201317). K-gram based software birthmarks. Proceedings of the 2005 ACM Symposium on Applied Computing, Santa Fe, NM, USA.","DOI":"10.1145\/1066677.1066753"},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Khoo, W.M., Mycroft, A., and Anderson, R. (2013, January 18\u201319). Rendezvous: A search engine for binary code. Proceedings of the 10th Working Conference on Mining Software Repositories, San Francisco, CA, USA.","DOI":"10.1109\/MSR.2013.6624046"},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1007\/s11416-005-0002-9","article-title":"Malware phylogeny generation using permutations of code","volume":"1","author":"Karim","year":"2005","journal-title":"J. Comput. Virol."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1145\/2666356.2594343","article-title":"Tracelet-based code search in executables","volume":"49","author":"David","year":"2014","journal-title":"Acm Sigplan Notices"},{"key":"ref_81","doi-asserted-by":"crossref","unstructured":"Pewny, J., Schuster, F., Bernhard, L., Holz, T., and Rossow, C. (2014, January 8\u201312). Leveraging semantic signatures for bug search in binary programs. Proceedings of the 30th Annual Computer Security Applications Conference, New Orleans, LA, USA.","DOI":"10.1145\/2664243.2664269"},{"key":"ref_82","first-page":"7","article-title":"Control flow analysis","volume":"55","author":"Allen","year":"1970","journal-title":"ACM Sigplan Notices"},{"key":"ref_83","unstructured":"Dullien, T., and Rolles, R. (2005, January 1\u20133). Graph-based comparison of executable objects. Proceedings of the SSTIC\u201905, Rennes, France."},{"key":"ref_84","doi-asserted-by":"crossref","unstructured":"Bourquin, M., King, A., and Robbins, E. (2013, January 26). Binslayer: Accurate comparison of binary executables. Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop, Rome, Italy.","DOI":"10.1145\/2430553.2430557"},{"key":"ref_85","unstructured":"Egele, M., Woo, M., Chapman, P., and Brumley, D. (2014, January 20\u201322). Blanket execution: Dynamic similarity testing for program binaries and components. Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA."},{"key":"ref_86","doi-asserted-by":"crossref","unstructured":"Gao, D., Reiter, M.K., and Song, D. (2008, January 20\u201322). Binhunt: Automatically finding semantic differences in binary programs. Proceedings of the International Conference on Information and Communications Security, Birmingham, UK.","DOI":"10.1007\/978-3-540-88625-9_16"},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Ming, J., Pan, M., and Gao, D. (2012, January 28\u201330). iBinHunt: Binary hunting with inter-procedural control flow. Proceedings of the International Conference on Information Security and Cryptology, Seoul, Korea.","DOI":"10.1007\/978-3-642-37682-5_8"},{"key":"ref_88","doi-asserted-by":"crossref","unstructured":"Pewny, J., Garmany, B., Gawlik, R., Rossow, C., and Holz, T. (2015, January 17\u201321). Cross-architecture bug search in binary executables. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2015.49"},{"key":"ref_89","doi-asserted-by":"crossref","unstructured":"Eschweiler, S., Yakdan, K., and Gerhards-Padilla, E. (2016, January 21\u201324). discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2016.23185"},{"key":"ref_90","doi-asserted-by":"crossref","unstructured":"Chandramohan, M., Xue, Y., Xu, Z., Liu, Y., Cho, C.Y., and Tan, H.B.K. (2016, January 13\u201318). Bingo: Cross-architecture cross-os binary search. Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, Seattle, WA, USA.","DOI":"10.1145\/2950290.2950350"},{"key":"ref_91","doi-asserted-by":"crossref","unstructured":"Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., and Yin, H. (2016, January 24\u201328). Scalable graph-based bug search for firmware images. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978370"},{"key":"ref_92","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/TPAMI.2007.250598","article-title":"Graph embedding and extensions: A general framework for dimensionality reduction","volume":"29","author":"Yan","year":"2007","journal-title":"IEEE Transact. Pattern Anal. Mach. Intell."},{"key":"ref_93","unstructured":"Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., and Song, D. (November, January 30). Neural network-based graph embedding for cross-platform binary code similarity detection. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA."},{"key":"ref_94","doi-asserted-by":"crossref","unstructured":"Liu, B., Huo, W., Zhang, C., Li, W., Li, F., Piao, A., and Zou, W. (2018, January 3\u20137). \u03b1Diff: Cross-version binary code similarity detection with DNN. Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering, Montpellier, France.","DOI":"10.1145\/3238147.3238199"},{"key":"ref_95","doi-asserted-by":"crossref","unstructured":"Gao, J., Yang, X., Fu, Y., Jiang, Y., and Sun, J. (2018, January 3\u20137). Vulseeker: A semantic learning based vulnerability seeker for cross-platform binary. Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering, Montpellier, France.","DOI":"10.1145\/3238147.3240480"},{"key":"ref_96","doi-asserted-by":"crossref","unstructured":"Gao, J., Yang, X., Fu, Y., Jiang, Y., Shi, H., and Sun, J. (2019, January 26\u201330). Vulseeker-pro: Enhanced semantic learning based binary vulnerability seeker with emulation. Proceedings of the 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Tallinn, Estonia.","DOI":"10.1145\/3236024.3275524"},{"key":"ref_97","unstructured":"Long, F., and Rinard, M. (2019, December 06). Prophet: Automatic Patch Generation via Learning from Successful Patches. Available online: https:\/\/core.ac.uk\/download\/pdf\/78062945.pdf."},{"key":"ref_98","doi-asserted-by":"crossref","unstructured":"Long, F., and Rinard, M. (2016, January 20\u201322). Automatic patch generation by learning correct code. Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, St. Petersburg, FL, USA.","DOI":"10.1145\/2837614.2837617"},{"key":"ref_99","doi-asserted-by":"crossref","unstructured":"Long, F., Amidon, P., and Rinard, M. (2017, January 4\u20138). Automatic inference of code transforms for patch generation. Proceedings of the 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany.","DOI":"10.1145\/3106237.3106253"},{"key":"ref_100","first-page":"54","article-title":"Genprog: A generic method for automatic software repair","volume":"38","author":"Nguyen","year":"2011","journal-title":"IEEE Trans. Soft. Eng."},{"key":"ref_101","doi-asserted-by":"crossref","unstructured":"Kim, D., Nam, J., Song, J., and Kim, S. (2013, January 18\u201326). Automatic patch generation learned from human-written patches. Proceedings of the International Conference on Software Engineering, San Francisco, CA, USA.","DOI":"10.1109\/ICSE.2013.6606626"},{"key":"ref_102","unstructured":"Zhang, Y., Chen, Y., Bao, C., Xia, L., Zhen, L., Lu, Y., and Wei, T. (August, January 30). Adaptive kernel live patching: An open collaborative effort to ameliorate android n-day root exploits. Proceedings of the Black Hat USA, Las Vegas, NA, USA."},{"key":"ref_103","unstructured":"DARPA (2019, December 06). Cyber Grand Challenge. Available online: https:\/\/www.darpa.mil\/program\/cyber-grand-challenge."},{"key":"ref_104","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/MSP.2018.1870858","article-title":"Mechanical phish: Resilient autonomous hacking","volume":"16","author":"Shoshitaishvili","year":"2018","journal-title":"IEEE Secur. Priv."},{"key":"ref_105","unstructured":"Shoshitaishvili, Y., Weissbacher, M., Dresel, L., Salls, C., Wang, R., Kruegel, C., and Vigna, G. (November, January 30). Rise of the hacrs: Augmenting autonomous cyber reasoning systems with human assistance. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA."},{"key":"ref_106","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1109\/MSP.2018.1870876","article-title":"Xandra: An Autonomous Cyber Battle System for the Cyber Grand Challenge","volume":"16","author":"Melski","year":"2018","journal-title":"IEEE Secur. Priv."},{"key":"ref_107","doi-asserted-by":"crossref","unstructured":"Fernandes, E., Jung, J., and Prakash, A. (2016, January 22\u201326). Security analysis of emerging smart home applications. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2016.44"},{"key":"ref_108","unstructured":"Fernandes, E., Paupore, J., Rahmati, A., Simionato, D., Conti, M., and Prakash, A. (2016, January 10\u201312). Flowfence: Practical data protection for emerging iot application frameworks. Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA."},{"key":"ref_109","unstructured":"Jia, Y.J., Chen, Q.A., Wang, S., Rahmati, A., Fernandes, E., Mao, Z.M., and Prakash, A. (March, January 26). ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA."},{"key":"ref_110","unstructured":"Rahmati, A., Fernandes, E., Eykholt, K., and Prakash, A. (October, January 30). Tyche: A risk-based permission model for smart homes. Proceedings of the IEEE Cybersecurity Development (SecDev), Cambridge, MA, USA."},{"key":"ref_111","unstructured":"Tian, Y., Zhang, N., Lin, Y.H., Wang, X., Ur, B., Guo, X., and Tague, P. (2017, January 16\u201318). Smartauth: User-centered authorization for the internet of things. Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada."},{"key":"ref_112","doi-asserted-by":"crossref","unstructured":"Lee, S., Choi, J., Kim, J., Cho, B., Lee, S., Kim, H., and Kim, J. (2017, January 21\u201323). FACT: Functionality-centric access control system for IoT programming frameworks. Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, Indianapolis, IN, USA.","DOI":"10.1145\/3078861.3078864"},{"key":"ref_113","unstructured":"Cui, A., Costello, M., and Stolfo, S. (2013, January 24\u201327). When firmware modifications attack: A case study of embedded exploitation. Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA."},{"key":"ref_114","unstructured":"Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., and Bengio, Y. (2014, January 8\u201313). Generative adversarial nets. Proceedings of the Advances in Neural Information Processing Systems 27 (NIPS 2014), Montreal, QC, Canada."},{"key":"ref_115","doi-asserted-by":"crossref","unstructured":"Hiromoto, R.E., Haney, M., and Vakanski, A. (2017, January 21\u201323). A secure architecture for IoT with supply chain risk management. Proceedings of the 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Bucharest, Romania.","DOI":"10.1109\/IDAACS.2017.8095118"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/12\/2\/27\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T08:55:23Z","timestamp":1760172923000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/12\/2\/27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,6]]},"references-count":115,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2020,2]]}},"alternative-id":["fi12020027"],"URL":"https:\/\/doi.org\/10.3390\/fi12020027","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,6]]}}}