Boreas: Semantic-Aware Framework for Buffer Overflow Detection to Reduce Carbon Footprint in IoT Devices

The rapid development of the Industrial Internet of Things (IIoT) has raised concerns about device security and energy consumption. The widespread presence of buffer overflow (BOF) vulnerabilities in IoT devices not only threatens devices but also leads to increased carbon emissions. Traditional sta...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal Vol. 12; no. 17; pp. 34753 - 34767
Main Authors: Chen, Xiao, Sha, Letian, Gao, Qingguan, Xiao, Fu, Pan, Jiaye
Format: Journal Article
Language:English
Published: Piscataway IEEE 01.09.2025
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Abstract syntax tree (AST)
Accuracy
binary code similarity detection (BCSD)
Binary codes
buffer overflow (BOF)
Buffer overflows
Buffers
Carbon
Carbon footprint
Computer architecture
Deep learning
Devices
Emissions
encoder representations from transformer (BERT)
Energy consumption
Firmware
Flow graphs
Footprint analysis
Industrial applications
Industrial Internet of Things
Industrial Internet of Things (IIoT)
Internet of Things
Logic
Microprogramming
reaching definition analysis
Semantics
siamese network
Static analysis
Syntactics
ISSN:2327-4662, 2327-4662
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The rapid development of the Industrial Internet of Things (IIoT) has raised concerns about device security and energy consumption. The widespread presence of buffer overflow (BOF) vulnerabilities in IoT devices not only threatens devices but also leads to increased carbon emissions. Traditional static analysis methods suffer from low accuracy and high costs. Mainstream binary code similarity detection (BCSD) methods are mainly based on control flow graphs (CFGs) or instructions, which often fail to effectively capture semantic information. In this article, we propose Boreas, a semantic-aware BOF vulnerability detection framework to reduce the carbon footprint in IoT devices. The abstract syntax tree (AST) is employed to achieve precise semantic representation of multiarchitecture code. By considering the often-overlooked implicit data receiving points, Boreas comprehensively locates vulnerable binaries in firmware. By leveraging backward reaching definition analysis, Boreas removes extensive code irrelevant to BOF to simplify ASTs, enables cross-function/file detection and enhances interpretability for BCSD. Additionally, we develop a deep learning model AST-BERT for BCSD, which effectively transforms simplified ASTs into vectors. Based on the distance between target and vulnerable vectors, the accurate BOF detection is achieved. To evaluate the performance of Boreas, we construct a large-scale dataset containing real-world IoT firmware. Experiments show that Boreas outperforms state-of-the-art BCSD methods with the precision of 87.08% and leading static analysis tools with the F1-score of 88.81% in vulnerability detection. Finally, Boreas successfully discovers ten unknown critical vulnerabilities, all of which have been recognized by common vulnerabilities and exposure and covered by media.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2025.3574179