Researchers propose an automated security assessment for the IoT
Engineering360 News Desk | September 26, 2021Because the internet of things (IoT) has been applied to a number of sectors — personal, social and business sectors, for instance — the amount of sensitive data has grown significantly, thereby increasing the risk of cybersecurity attacks.
As such, a recent paper from an international team of researchers recommends an end-to-end security assessment framework for IoT networks that assesses the vulnerability, natural language processing and machine learning techniques already used to process the vulnerability descriptions held in a vulnerability database.
The vulnerability metric, coupled with the network connectivity information, produces potential attack paths, and those demonstrating the highest security risks are visualized via a web-based user interface.
The end-to-end security assessment framework for IoT networks will be used in lieu of currently employed Hierarchical Attack Representation Model, which relies on the combination of many graphical security models. Yet, this approach is not fully automated.
According to the authors: “Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and potential vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.”
The paper, Automated Security Assessment for the Internet of Things, appears in the journal arXiv.