An automated context-aware IoT vulnerability assessment rule-set generator

Hashmat, F, Abbas, SG, Hina, S ORCID:, Shah, GA, Bakhshi, T and Abbas, W 2022, 'An automated context-aware IoT vulnerability assessment rule-set generator' , Computer Communications, 186 , pp. 133-152.

Full text not available from this repository. (Request a copy)


While introducing unprecedented applications, Internet of Things (IoT) has simultaneously provoked acute security challenges, in the form of the vulnerabilities. Mainly because manufacturers overlook the security considerations and produce devices that could be exploited easily. Security systems used for the protection of IoT environment usually deploy traditional rulesets which lack distinct IoT vulnerability assessment elements and therefore are inadequate for providing security to IoT eco-system. Hence, due to the variety and volume of such devices, traditional security solutions need to be more robust for IoT settings. Contrary to the traditional rule-set, IoT device vulnerability identification requires distinct understanding of IoT-specific vulnerability vectors, based on their architecture, resource constrained nature, communication primitives and context awareness. This research work has proposed an automated context-aware IoT vulnerability assessment rule-set framework. Proposed system dynamically identifies IoT devices along with the services running on them, gathers their respective vulnerabilities, transform them into rules and enforce them into the security solutions. The proposed framework has been evaluated on a dataset of 49 IoT devices. According to the results, proposed framework automatically generated rules against all the vulnerabilities present in the network under consideration. Additionally, this research has proposed IoT vulnerability assessment rule-set elements which are necessary to be considered while designing any IoT vulnerability assessment rule-set. With the proposed mechanism, this research work intends to fill the missing lines of defense against rising IoT vulnerabilities. The proposed framework will benefit researchers, security analysts and manufacturers to devise reliable IoT security solutions.

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering
Journal or Publication Title: Computer Communications
Publisher: Elsevier
ISSN: 0140-3664
Depositing User: Dr. Sadaf Hina
Date Deposited: 15 Nov 2022 10:17
Last Modified: 15 Nov 2022 10:17

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)