A Heuristic Local-sensitive Program-Wide Diffing Method for IoT Binary Files

Abstract Code reuse brings vulnerabilities in third-party library to many Internet of Things (IoT) devices, opening them attacks such as distributed denial service. Program-wide binary diffing technology can help detect these IoT devices whose source codes are not public. Considering the architectures may vary, we propose a data-aware program-wide method across and optimization levels. We rely on defined anchor functions call relationship expand comparison scope within target file, reducing impact different result. To make result more accurate, extract semantic features that represent code by data flow dependence analysis. Earth mover distance is used calculate similarity two files based features. implemented proof-of-concept DAPDiff compared it with baseline BinDiff, TurboDiff Asm2vec. Experiments showed availability effectiveness our levels architectures. outperformed BinDiff recall precision 41.4% 9.2% average when making between standard real-world firmware files. This proves be applicable for vulnerability detection devices.