Proceedings of the
The Nineteenth International Conference on Computational Intelligence and Security (CIS 2023)
December 1 – 4, 2023, Haikou, China
A Method for Device Similarity Identification Based on Web Pages Similarity
1School of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), China; School of Cyber Engineering, Xidian University, China
ABSTRACT
With the increasing vulnerability of IoT devices due to inadequate security designs, they have become prime targets for cybercriminals. To identify these vulnerable devices, existing methods rely on analyzing real devices or their firmware images. However, the unavailability of firmware images and the high cost associated with acquiring real devices for security analysis make it challenging to rapidly and extensively scale these methods. In this paper, we present an approach that accelerates the identification of vulnerable devices on a large scale without requiring actual devices or firmware. Our approach is based on three key observations. Firstly, the same vulnerabilities or flaws tend to propagate among similar devices. Secondly, device manufacturers commonly provide frontend web pages to facilitate user device management and maintenance. The similarity in the backend code can be reflected in the frontend web pages. Thirdly, the web pages of similar devices exhibit strong resemblance, while those of different devices are markedly distinct. Our method extracts structural and stylistic features from device web pages, calculates similarity between the pages, and thereby establishes associations among similar devices. Our method achieves an F1 score of 0.83. Moreover, our research has revealed a total of 110 vulnerabilities across 23 discrete categories of similar devices originating from 19 different vendors, resulting in the discovery of 23 new vulnerability numbers (23 CNVDs).
Keywords: Internet of Things (IoT), Web pages similarity, Vulnerability discovery, Homogeneity analysis.
Download PDF
1School of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), China; School of Cyber Engineering, Xidian University, China
ABSTRACT
With the increasing vulnerability of IoT devices due to inadequate security designs, they have become prime targets for cybercriminals. To identify these vulnerable devices, existing methods rely on analyzing real devices or their firmware images. However, the unavailability of firmware images and the high cost associated with acquiring real devices for security analysis make it challenging to rapidly and extensively scale these methods. In this paper, we present an approach that accelerates the identification of vulnerable devices on a large scale without requiring actual devices or firmware. Our approach is based on three key observations. Firstly, the same vulnerabilities or flaws tend to propagate among similar devices. Secondly, device manufacturers commonly provide frontend web pages to facilitate user device management and maintenance. The similarity in the backend code can be reflected in the frontend web pages. Thirdly, the web pages of similar devices exhibit strong resemblance, while those of different devices are markedly distinct. Our method extracts structural and stylistic features from device web pages, calculates similarity between the pages, and thereby establishes associations among similar devices. Our method achieves an F1 score of 0.83. Moreover, our research has revealed a total of 110 vulnerabilities across 23 discrete categories of similar devices originating from 19 different vendors, resulting in the discovery of 23 new vulnerability numbers (23 CNVDs).
Keywords: Internet of Things (IoT), Web pages similarity, Vulnerability discovery, Homogeneity analysis.
Download PDF