DeepAI AI Chat
Log In Sign Up

Automated Security Assessment for the Internet of Things

09/09/2021
by   Xuanyu Duan, et al.
The University of Adelaide
Deakin University
RMIT University
0

Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and potential vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90 accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

READ FULL TEXT

page 1

page 7

12/28/2019

How Secure Is Your IoT Network?

The proliferation of IoT devices in smart homes, hospitals, and enterpri...
07/14/2020

multiple layers of fuzzy logic to quantify vulnerabilies in iot

Quantifying vulnerabilities of network systems has been a highly controv...
08/10/2020

An Automated, End-to-End Framework for Modeling Attacks From Vulnerability Descriptions

Attack graphs are one of the main techniques used to automate the risk a...
05/23/2020

ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Low-power wide-area networks (LPWANs) are becoming an integral part of t...
09/24/2019

Ethical Hacking for IoT Security: A First Look into Bug Bounty Programs and Responsible Disclosure

The security of the Internet of Things (IoT) has attracted much attentio...
01/15/2021

Quantitative System-Level Security Verification of the IoV Infrastructure

The Internet of Vehicles (IoV) equips vehicles with connectivity to the ...