Evaluation of a Startup Program Identification for Efficient and Accurate IoT Security Investigations

Shimamoto, Yuta; Phinyodom, Jiratchaya; Yoshimoto, Ryota; Uekawa, Hiroyuki; Akiyama, Mitsuaki; Yamauchi, Toshihiro

doi:10.1007/978-981-95-0172-4_28

Permalink : https://ousar.lib.okayama-u.ac.jp/69473

ID	69473
Author	Shimamoto, Yuta Graduate School of Environmental, Life, Natural Science and Technology, Okayama University Phinyodom, Jiratchaya School of Engineering, Okayama University Yoshimoto, Ryota Graduate School of Environmental, Life, Natural Science and Technology, Okayama University Uekawa, Hiroyuki NTT Social Informatics Laboratories Akiyama, Mitsuaki NTT Social Informatics Laboratories Yamauchi, Toshihiro Faculty of Environmental, Life, Natural Science and Technology, Okayama University ORCID Kaken ID publons researchmap
Abstract	Not all file in firmware are executed while using Internet of Things (IoT) devices and hundreds to approximately a thousand executable and linkable format files exist in one firmware. Therefore, security investigations without prioritization may lead to investigate programs that are not executed while using IoT devices first. This has resulted in inefficient security investigations. To perform efficient security investigations, we proposed a method that can identify programs executed during the startup process. However, only two firmware were used for the evaluation which can only evaluate one of the two startup sequences in the OpenWrt-based firmware. In addition, security investigations to validate whether the proposed method addresses the problem of inefficient security investigations were limited to OpenWrt-based firmware. In this study, we use more firmware data for evaluation and validation. We use nine firmware not used in previous studies including startup methods that have not previously been used for evaluation. In addition, we increase the number of firmware used for validation to 225. The evaluation results demonstrate that the proposed method can identify with only few false positives. The validation demonstrates that efficiency can be improved and prioritizing investigations by considering the proposed method result is worthwhile.
Keywords	Internet of Things Firmware Startup script SysVinit
Note	This is an Conference paper of an article published by Springer Nature Singapore. MobiSec 2024 Communications in Computer and Information Science, volume 2597 This fulltext file will be available in Oct. 2026.
Published Date	2025-10-15
Publication Title	Mobile Internet Security
Publisher	Springer Nature Singapore
Start Page	417
End Page	431
ISSN	1865-0929
Content Type	Journal Article
language	English
OAI-PMH Set	岡山大学
Copyright Holders	© 2026 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
File Version	author
DOI	10.1007/978-981-95-0172-4_28
Related Url	isVersionOf https://doi.org/10.1007/978-981-95-0172-4_28
Citation	Shimamoto, Y., Phinyodom, J., Yoshimoto, R., Uekawa, H., Akiyama, M., Yamauchi, T. (2026). Evaluation of a Startup Program Identification for Efficient and Accurate IoT Security Investigations. In: Jo, H., Shin, S., Merlo, A., You, I. (eds) Mobile Internet Security. MobiSec 2024. Communications in Computer and Information Science, vol 2597. Springer, Singapore. https://doi.org/10.1007/978-981-95-0172-4_28