Smart City Gnosys
Smart city article details
| Title | Risk Prediction Of Iot Devices Based On Vulnerability Analysis |
|---|---|
| ID_Doc | 46683 |
| Authors | Oser P.; Van Der Heijden R.W.; Lüders S.; Kargl F. |
| Year | 2022 |
| Published | ACM Transactions on Privacy and Security, 25, 2 |
| DOI | http://dx.doi.org/10.1145/3510360 |
| Abstract | Internet of Things (IoT) devices are becoming more widespread not only in areas such as smart homes and smart cities but also in research and office environments. The sheer number, heterogeneity, and limited patch availability provide significant challenges for the security of both office networks and the Internet in general. The systematic estimation of device risks, which is essential for mitigation decisions, is currently a skill-intensive task that requires expertise in network vulnerability scanning, as well as manual effort in firmware binary analysis.This article introduces SAFER,1 the Security Assessment Framework for Embedded-device Risks, which enables a semi-automated risk assessment of IoT devices in any network. SAFER combines information from network device identification and automated firmware analysis to estimate the current risk associated with the device. Based on past vulnerability data and vendor patch intervals for device models, SAFER extrapolates those observations into the future using different automatically parameterized prediction models. Based on that, SAFER also estimates an indicator for future security risks. This enables users to be aware of devices exposing high risks in the future.One major strength of SAFER over other approaches is its scalability, achieved through significant automation. To demonstrate this strength, we apply SAFER in the network of a large multinational organization, to systematically assess the security level of hundreds of IoT devices on large-scale networks.Results indicate that SAFER successfully identified 531 out of 572 devices leading to a device identification rate of 92.83 %, analyzed 825 firmware images, and predicted the current and future security risk for 240 devices. © 2022 Copyright held by the owner/author(s). |
| Author Keywords | CERN; device identification; firmware analysis; future risk; IoT; risk prediction; safer network; security risk assessment; vulnerability analysis |
Similar Articles
| Id | Similarity | Authors | Title | Published |
|---|---|---|---|---|
5283  | 0.889 | Wei Z.; Wei Q.; Geng Y.; Yang Y. | A Survey On Iot Security: Vulnerability Detection And Protection | Proceedings of 2024 International Conference on Artificial Intelligence of Things and Computing, AITC 2024 (2025) |
| 12772 | 0.875 | Abu Al-Haija Q.; Al Badawi A.; Bojja G.R. | Boost-Defence For Resilient Iot Networks: A Head-To-Toe Approach | Expert Systems, 39, 10 (2022) |
| 5719 | 0.872 | Aarthi S.; Krishna A.V.; Prasad M.H.; Nithish M.S. | A Unified Predictability For Bot Attack On Iot Devices And Its Platforms | AIP Conference Proceedings, 2405 (2022) |
| 36064 | 0.869 | Alfahaid A.; Alalwany E.; Almars A.M.; Alharbi F.; Atlam E.; Mahgoub I. | Machine Learning-Based Security Solutions For Iot Networks: A Comprehensive Survey | Sensors, 25, 11 (2025) |
| 21003 | 0.868 | Waseem Q.; Din W.I.S.W.; Fairooz T.; Baharin A.T. | Drift Management In Ml-Based Iot Device Classification: A Survey And Evaluation | International Journal on Advanced Science, Engineering and Information Technology, 15, 3 (2025) |
| 20855 | 0.868 | Binosi L.; Mazzini P.; Sanna A.; Carminati M.; Giacinto G.; Lazzeretti R.; Zanero S.; Polino M.; Coppa E.; Maiorca D. | Do You Trust Your Device? Open Challenges In Iot Security Analysis | Proceedings of the International Conference on Security and Cryptography (2024) |
| 13217 | 0.867 | Hussien M.S.; Sadek M.G.; Salem S.A. | Caf-Iot: A Cybersecurity Assessment Framework For Iot Devices | 2024 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2024 (2024) |
| 32898 | 0.866 | Kaur B.; Dadkhah S.; Shoeleh F.; Neto E.C.P.; Xiong P.; Iqbal S.; Lamontagne P.; Ray S.; Ghorbani A.A. | Internet Of Things (Iot) Security Dataset Evolution: Challenges And Future Directions | Internet of Things (Netherlands), 22 (2023) |
| 55462 | 0.866 | Abdulla H.; Al-Raweshidy H.; Awad W. | The Era Of Internet Of Things: Towards Better Security Using Machine Learning | 2023 International Conference on IT Innovation and Knowledge Discovery, ITIKD 2023 (2023) |
| 1448 | 0.866 | Muniswamy A.; Rathi R. | A Detailed Review On Enhancing The Security In Internet Of Things-Based Smart City Environment Using Machine Learning Algorithms | IEEE Access, 12 (2024) |