APPARATUS AND METHOD FOR DETECTING FIRMWARE VULNERABILIRY BASED ON HYBRID FUZZING

摘要

A hybrid fuzzing-based firmware vulnerability detection apparatus and method are disclosed. According to an embodiment, a hybrid fuzzing-based firmware vulnerability detection device includes: a system mode emulator that provides a system mode emulation environment to firmware of any Internet of Things (IoT) device; a user mode emulator that provides a user mode emulation environment to a target process among one or more processes of the firmware running in the system mode emulation environment; a first testing unit that performs mutation-based fuzzing on the target process in the user mode emulation environment; and a second testing unit that, when a preset event occurs during the execution of the fuzzing, performs an operation for resolving the event generated based on the state of the target process at the time of occurrence of the event in the system mode emulation environment However, when the predetermined event occurs, the first testing unit stops the execution of the fuzzing and resumes the execution of the fuzzing based on the result of the operation to detect the vulnerability of the firmware.