F Hashmat
An automated context-aware IoT vulnerability assessment rule-set generator
Hashmat, F; Abbas, SG; Hina, S; Shah, GA; Bakhshi, T; Abbas, W
Authors
SG Abbas
Dr Sadaf Hina S.Hina@salford.ac.uk
Lecturer in Computer Sci Cyber Security
GA Shah
T Bakhshi
W Abbas
Abstract
While introducing unprecedented applications, Internet of Things (IoT) has simultaneously provoked acute security challenges, in the form of the vulnerabilities. Mainly because manufacturers overlook the security considerations and produce devices that could be exploited easily. Security systems used for the protection of IoT environment usually deploy traditional rulesets which lack distinct IoT vulnerability assessment elements and therefore are inadequate for providing security to IoT eco-system. Hence, due to the variety and volume of such devices, traditional security solutions need to be more robust for IoT settings. Contrary to the traditional rule-set, IoT device vulnerability identification requires distinct understanding of IoT-specific vulnerability vectors, based on their architecture, resource constrained nature, communication primitives and context awareness. This research work has proposed an automated context-aware IoT vulnerability assessment rule-set framework. Proposed system dynamically identifies IoT devices along with the services running on them, gathers their respective vulnerabilities, transform them into rules and enforce them into the security solutions. The proposed framework has been evaluated on a dataset of 49 IoT devices. According to the results, proposed framework automatically generated rules against all the vulnerabilities present in the network under consideration. Additionally, this research has proposed IoT vulnerability assessment rule-set elements which are necessary to be considered while designing any IoT vulnerability assessment rule-set. With the proposed mechanism, this research work intends to fill the missing lines of defense against rising IoT vulnerabilities. The proposed framework will benefit researchers, security analysts and manufacturers to devise reliable IoT security solutions.
Citation
Hashmat, F., Abbas, S., Hina, S., Shah, G., Bakhshi, T., & Abbas, W. (2022). An automated context-aware IoT vulnerability assessment rule-set generator. Computer Communications, 186, 133-152. https://doi.org/10.1016/j.comcom.2022.01.022
Journal Article Type | Article |
---|---|
Acceptance Date | Jan 31, 2022 |
Online Publication Date | Feb 12, 2022 |
Publication Date | Feb 12, 2022 |
Deposit Date | Nov 15, 2022 |
Journal | Computer Communications |
Print ISSN | 0140-3664 |
Publisher | Elsevier |
Volume | 186 |
Pages | 133-152 |
DOI | https://doi.org/10.1016/j.comcom.2022.01.022 |
Publisher URL | http://doi.org/10.1016/j.comcom.2022.01.022 |
You might also like
CyberEntRel: Joint Extraction of Cyber Entities and Relations using Deep Learning
(2023)
Journal Article
Agentless approach for security information and event management in industrial IoT
(2023)
Journal Article
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search