AI-Powered Binary Classification for IoT Firmware Analysis

Use Case:

Automated identification and classification of software components within firmware binaries to support vulnerability detection and reduce manual analysis overhead in large-scale IoT/IIoT security auditing workflows.

Outcome:

• Over 95% classification accuracy on known binaries
• Real-time identification of software components across multiple architectures
• Significant reduction in false positives through entropy-based feature extraction
• Modular and retrainable AI system deployable via Docker
• Future-proofed pipeline supporting model refinement and second-level classification

Ecosystem Support:

Enabled by StairwAI project’s AI matchmaking services; AI experts guided model design, feature engineering, and scalable ML deployment; experimentation conducted over 14,000 firmware images from 250+ vendors.

AI Relevance:

This success story showcases SME empowerment through: I) AI model training on massive, real-world datasets; II) API-ready deployment of AI microservices; III) integration of AI with existing DevSecOps pipelines; IV) transparent confidence metrics supporting explainability and trust in classification tasks.

Summary:

Binare Oy, a Finnish cybersecurity SME, faced the challenge of automating software component classification within IoT firmware—a process traditionally requiring time-intensive manual inspection. Through support from the StairwAI project, the company developed CySAI, an AI-powered module that performs binary classification of firmware components with high accuracy. CySAI leverages entropy-based data representations to feed classification models built in TensorFlow and Scikit-learn, resulting in exceptional accuracy (>95%) across diverse file types and processor architectures. The solution is packaged as a Docker container and integrates into the BINARE platform via CLI and common storage interfaces, allowing seamless operation in modern DevSecOps workflows.

The StairwAI ecosystem provided expert guidance in dataset engineering, feature design, and model selection. Experiments were conducted using a uniquely valuable dataset of 14,000+ firmware images, representing 250+ vendors. Notably, the system maintained high classification precision (often above 99%) on test binaries, and exposed failure cases involving previously unseen classes—highlighting the need for continual retraining with balanced datasets. With its modular retraining capabilities, real-time CLI operability, and roadmap for API exposure and performance optimization, CySAI is a concrete step toward democratizing AI in cybersecurity. This success story illustrates how SMEs can harness tailored AI support to transform data-rich challenges into robust, scalable solutions with clear industrial impact.