{"id":"https://openalex.org/W3207023396","doi":"https://doi.org/10.1109/tdsc.2021.3119970","title":"Understanding Security Risks of Embedded Devices Through Fine-Grained Firmware Fingerprinting","display_name":"Understanding Security Risks of Embedded Devices Through Fine-Grained Firmware Fingerprinting","publication_year":2021,"publication_date":"2021-10-15","ids":{"openalex":"https://openalex.org/W3207023396","doi":"https://doi.org/10.1109/tdsc.2021.3119970","mag":"3207023396"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2021.3119970","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3119970","pdf_url":"https://ieeexplore.ieee.org/ielx7/8858/9945627/09573428.pdf","source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/8858/9945627/09573428.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100429920","display_name":"Qiang Li","orcid":"https://orcid.org/0000-0001-9833-2836"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Qiang Li","raw_affiliation_strings":["School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018191078","display_name":"Dawei Tan","orcid":"https://orcid.org/0000-0003-1400-8129"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dawei Tan","raw_affiliation_strings":["School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101987046","display_name":"Xin Ge","orcid":"https://orcid.org/0000-0002-7190-2453"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Ge","raw_affiliation_strings":["School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100664241","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-9665-7511"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100382229","display_name":"Zhi Li","orcid":"https://orcid.org/0000-0001-7071-2976"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhi Li","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences (CAS), Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences (CAS), Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070828650","display_name":"Jiqiang Liu","orcid":"https://orcid.org/0000-0003-1147-4327"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiqiang Liu","raw_affiliation_strings":["School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China","institution_ids":["https://openalex.org/I21193070"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100429920"],"corresponding_institution_ids":["https://openalex.org/I21193070"],"apc_list":null,"apc_paid":null,"fwci":0.7695,"has_fulltext":true,"cited_by_count":12,"citation_normalized_percentile":{"value":0.71719138,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"19","issue":"6","first_page":"4099","last_page":"4112"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9792256355285645},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8546763062477112},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5999072790145874},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5583345293998718},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.43547454476356506},{"id":"https://openalex.org/keywords/microcode","display_name":"Microcode","score":0.4277832508087158},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3949468433856964}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9792256355285645},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8546763062477112},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5999072790145874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5583345293998718},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.43547454476356506},{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.4277832508087158},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3949468433856964}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tdsc.2021.3119970","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3119970","pdf_url":"https://ieeexplore.ieee.org/ielx7/8858/9945627/09573428.pdf","source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/114798","is_oa":true,"landing_page_url":"http://hdl.handle.net/10919/114798","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/f92e51e8-5930-4fab-9a96-3c072c8c3c51/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1109/tdsc.2021.3119970","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3119970","pdf_url":"https://ieeexplore.ieee.org/ielx7/8858/9945627/09573428.pdf","source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7099999785423279,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G7411430048","display_name":null,"funder_award_id":"61972024","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3207023396.pdf","grobid_xml":"https://content.openalex.org/works/W3207023396.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W1522250664","https://openalex.org/W1614298861","https://openalex.org/W1707806712","https://openalex.org/W1931817051","https://openalex.org/W1992114977","https://openalex.org/W2001637908","https://openalex.org/W2043118292","https://openalex.org/W2091939272","https://openalex.org/W2100136723","https://openalex.org/W2104599106","https://openalex.org/W2114398364","https://openalex.org/W2119812052","https://openalex.org/W2406734572","https://openalex.org/W2538865281","https://openalex.org/W2576376563","https://openalex.org/W2748868501","https://openalex.org/W2749008552","https://openalex.org/W2766411424","https://openalex.org/W2792078122","https://openalex.org/W2882992559","https://openalex.org/W2888774481","https://openalex.org/W2901909474","https://openalex.org/W2997915791","https://openalex.org/W3011215978","https://openalex.org/W3030689337","https://openalex.org/W3105926539","https://openalex.org/W4294170691","https://openalex.org/W6631155369","https://openalex.org/W6636510571","https://openalex.org/W6637554470","https://openalex.org/W6640497962","https://openalex.org/W6674822323","https://openalex.org/W6677217071","https://openalex.org/W6678042037","https://openalex.org/W6682691769","https://openalex.org/W6713987737","https://openalex.org/W6743493502","https://openalex.org/W6753952642"],"related_works":["https://openalex.org/W2364614178","https://openalex.org/W3188635106","https://openalex.org/W4365146673","https://openalex.org/W3081637964","https://openalex.org/W2392593410","https://openalex.org/W2354251310","https://openalex.org/W4367313059","https://openalex.org/W2364955482","https://openalex.org/W2766830182","https://openalex.org/W2145427796"],"abstract_inverted_index":{"An":[0],"increasing":[1],"number":[2],"of":[3,95,123,152,160,184],"embedded":[4,54],"devices":[5,55],"are":[6,32,56,133,180],"connecting":[7],"to":[8,15,26,48,87,111,135,148],"the":[9,36,42,117,121,150,153,172],"Internet,":[10],"ranging":[11],"from":[12,92],"cameras,":[13],"routers":[14],"printers,":[16],"while":[17],"an":[18],"adversary":[19],"can":[20],"exploit":[21],"security":[22,100,195],"flaws":[23],"already":[24],"known":[25,62],"compromise":[27],"those":[28],"devices.":[29],"Security":[30],"patches":[31,189],"usually":[33],"associated":[34],"with":[35,61],"device":[37,43,75,96,137,141],"firmware,":[38],"which":[39,156],"relies":[40],"on":[41,74,116],"vendors":[44],"and":[45,50,98,107,131,139,163,174,178],"products.":[46],"Due":[47],"compatibility":[49],"release-time":[51],"issues,":[52],"many":[53],"still":[57],"using":[58],"outdated":[59],"firmware":[60,79,90,125,142,154,173,185],"vulnerabilities":[63,76,138,186],"or":[64,190],"flaws.":[65],"In":[66],"this":[67],"article,":[68],"we":[69,82],"conduct":[70],"a":[71,84],"systematic":[72],"study":[73],"by":[77],"leveraging":[78],"fingerprints.":[80,143],"Specifically,":[81],"use":[83],"web":[85],"crawler":[86],"gather":[88],"9,716":[89],"images":[91],"official":[93],"websites":[94],"vendors,":[97],"347,685":[99],"reports":[101,170],"scattered":[102],"across":[103],"data":[104],"archives,":[105],"blogs,":[106],"forums.":[108],"We":[109,144,166],"propose":[110],"generate":[112],"fine-grained":[113],"fingerprints":[114],"based":[115],"subtle":[118],"differences":[119],"between":[120],"filesystems":[122],"various":[124],"images.":[126],"Furthermore,":[127],"machine":[128],"learning":[129],"algorithms":[130],"regex":[132],"used":[134],"identify":[136],"corresponding":[140],"perform":[145],"real-world":[146],"experiments":[147],"validate":[149],"performance":[151],"fingerprint,":[155],"yields":[157],"high":[158],"accuracy":[159],"91%":[161],"precision":[162],"90%":[164],"recall.":[165],"reveal":[167],"that":[168],"6,898":[169],"have":[171],"related":[175],"vulnerability":[176],"information,":[177],"there":[179],"more":[181],"than":[182],"10%":[183],"without":[187],"any":[188],"solutions":[191],"for":[192],"mitigating":[193],"underlying":[194],"risks.":[196]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2}],"updated_date":"2026-03-11T14:59:36.786465","created_date":"2025-10-10T00:00:00"}