# IoTHybridFuzzer
AI Summary
Purpose:
- Explain the IoTHybridFuzzer invention: hybrid (fuzzing + symbolic/concolic execution) firmware vulnerability detection. Basis of Patent 2 (10-2021-0040963, filed 2021.03.30).
Key points:
- Combines a mutation-based fuzzer with symbolic/concolic execution (constraint solver) to clear long/hard path constraints that stall pure mutation fuzzing.
- Goal: get the fuzzer's throughput while using symbolic execution selectively so resources are not exhausted.
- Filed patent (18 claims), not yet confirmed granted. See [[patents]].
Relevant when:
- Describing the owner's hybrid-fuzzing research; relating to the BugMiner reference paper.
Do not read full document unless:
- You need patent metadata ([[patents]]) or verbatim extraction (source).
Linked documents:
- [[patents]]
- [[iotfirmfuzz]]
- [[../../sources/academic/patents-uart-extract]]
Open Questions
- Detailed claim structure: drafts are .hwp (unreadable); summary is from the 출원서 PDF body only. Full claim wording — Needs confirmation.
- Whether the BugMiner paper (Electronics 2021, 10, 62) is the publication of this patent's method — overlap is thematic (target-oriented hybrid fuzzer + concolic execution) but not asserted. Needs confirmation.
- Final examination outcome (grant/reject) — Needs confirmation.
Details
Problem addressed:
- Per-vendor IoT firmware cannot be manually analyzed at scale. Prior fuzzing research over-focuses on emulation, and IoT firmware fuzzing underperforms general software fuzzing. When a constraint value is long or hard, a mutation-based fuzzer cannot solve it and wastes time repeatedly regenerating test cases at the same code location.
Insight:
- Symbolic execution resolves hard constraints quickly via a Constraint Solver, widening coverage into specific code regions. But it is resource-heavy, and exploring a whole program with symbolic execution alone exhausts resources.
Method (as claimed):
- A hybrid-fuzzing approach combining a (mutation-based) fuzzer with symbolic/concolic execution to detect firmware vulnerabilities. The fuzzer drives broad, fast exploration; symbolic/concolic execution is applied to break through the hard constraints the fuzzer gets stuck on, balancing usefulness and efficiency without the resource exhaustion of pure symbolic execution.
Patent linkage:
- Patent 2, official title "하이브리드 퍼징 기반의 펌웨어 취약점 검출 장치 및 방법" / "APPARATUS AND METHOD FOR DETECTING FIRMWARE VULNERABILIRY [sic] BASED ON HYBRID FUZZING", app no. 10-2021-0040963, filed 2021.03.30, 18 claims. Inventors: 윤주범, 김현욱, 김주환; applicant 세종대학교산학협력단. National R&D funding cited (IITP/IITP-related projects 2018-0-01423-004 and 2020-0-01602). See [[patents]] and source extract.
Relation to IoTFirmFuzz and BugMiner:
- Extends [[iotfirmfuzz]] (coverage-guided combined-emulation + PSO mutation) by adding symbolic/concolic execution. Conceptually aligned with the BugMiner reference paper (target-oriented hybrid fuzzer using dynamic symbolic execution), on which Hyunwook Kim is a listed co-author — see [[../../sources/academic/patents-uart-extract]].