research-article

Dynamically-enabled Defense Effectiveness Evaluation of IoT Based on Vulnerability Analysis

Authors:

Linfeng ShenAuthors Info & Claims

ICMSSP '18: Proceedings of the 3rd International Conference on Multimedia Systems and Signal Processing

Pages 99 - 103

https://doi.org/10.1145/3220162.3220170

Published: 28 April 2018 Publication History

Get Access

Abstract

With the rapid development of Internet of Things(IoT), many security challenges have emerged. In order to have a quantitative evaluation of security defense capability of IoT system, this paper proposes an improved common vulnerability scoring system(CVSS) of IoT, which quantitatively evaluates the defense effectiveness of IoT: higher CVSS score indicates weaker security defense ability of IoT system. In this paper, dynamically-enabled defense technology is applied to enhance the security defense ability of IoT system. The dynamically-enabled defense technology improves the security defense capability of IoT system by changing states randomly. Through comparing the CVSS scores before and after random changes of system status, the paper uses the improved CVSS to analyze the defense effectiveness of IoT system quantitatively.

References

[1]

Yang Y, Peng H, Li L, et al. General Theory of Security and a Study Case in Internet of Things{J}. 2016:1--1.

Google Scholar

[2]

Shan C, Hui X, Da L, et al. A Vision of IoT: Applications, Challenges, and Opportunities With China Perspective{J}. IEEE Internet of Things Journal, 2014, 1(4):349--359.

Crossref

Google Scholar

[3]

John A. Stankovic. Research Directions for the Internet of Things{J}. IEEE Internet of Things Journal, 2014, 1(1):3--9.

Crossref

Google Scholar

[4]

Lan Y, Liu S P, Lin L, et al. Effectiveness Evaluation on Cyberspace Security Defense System{C}// International Conference on Network and Information Systems for Computers. IEEE, 2015:576--579.

Digital Library

Google Scholar

[5]

Keramati M, Akbari A, Keramati M. CVSS-based security metrics for quantitative analysis of attack graphs{C}// International Econference on Computer and Knowledge Engineering. IEEE, 2013:178--183.

Google Scholar

[6]

Younis A A, Malaiya Y K. Comparing and Evaluating CVSS Base Metrics and Microsoft Rating System{C}// IEEE International Conference on Software Quality, Reliability and Security. IEEE, 2015:252--261.

Digital Library

Google Scholar

[7]

Wang R, Gao L, Sun Q, et al. An Improved CVSS-based Vulnerability Scoring Mechanism{C}// Third International Conference on Multimedia Information NETWORKING and Security. IEEE, 2011:352--355.

Digital Library

Google Scholar

[8]

Salamat B, Jackson T, Wagner G, et al. Runtime Defense against Code Injection Attacks Using Replicated Execution{J}. Dependable & Secure Computing IEEE Transactions on, 2011, 8(4):588--601.

Digital Library

Google Scholar

[9]

Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vulnerability Discovery{M}. Electronic Industry Press, 2013.

Digital Library

Google Scholar

[10]

Wang S, Xia C, Gao J, et al. Vulnerability evaluation based on CVSS and environmental information statistics{C}// International Conference on Computer Science and Network Technology. 2015:1249--1252.

Google Scholar

[11]

Antunes N, Vieira M. Defending against Web Application Vulnerabilities{J}. Computer, 2012, 45(2):66--72

Digital Library

Google Scholar

Cited By

View all

Zhu HYang XWang BLee WYin JXu J(2020)Processing Continuous k Nearest Neighbor Queries in Obstructed Space with Voronoi DiagramsACM Transactions on Spatial Algorithms and Systems10.1145/34259557:2(1-27)Online publication date: 8-Dec-2020
https://dl.acm.org/doi/10.1145/3425955
Damiani MHachem FQuadri CRossini MGaito S(2020)On Location Relevance and Diversity in Human Mobility DataACM Transactions on Spatial Algorithms and Systems10.1145/34234047:2(1-38)Online publication date: 27-Oct-2020
https://dl.acm.org/doi/10.1145/3423404
Skaik RInkpen D(2020)Using Social Media for Mental Health SurveillanceACM Computing Surveys10.1145/342282453:6(1-31)Online publication date: 6-Dec-2020
https://dl.acm.org/doi/10.1145/3422824
Show More Cited By

Index Terms

Dynamically-enabled Defense Effectiveness Evaluation of IoT Based on Vulnerability Analysis
1. Security and privacy
  1. Systems security
    1. Vulnerability management
      1. Vulnerability scanners

Recommendations

Dynamically enabled defense effectiveness evaluation of a home Internet based on vulnerability analysis and attack layer measurement

Smart devices in a home Internet, such as routers and cameras, suffer malicious attacks from hackers on a daily basis. Defenders should change system states dynamically to improve the system's defense ability. To quantify evaluation of defense ...
Source-End DDoS Defense in IoT Environments
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

While the Internet of Things (IoT) becomes increasingly popular and pervasive in everyday objects, IoT devices often remain unprotected and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. One could attempt to employ ...
Security Vulnerability Analysis for IoT Devices Raspberry Pi using PENTEST
Abstract
IoT device security is vital due to their involvement in collecting sensitive information from our environment. This study proves that IoT devices lack a defense mechanism to identify malicious or virus-infected files, making them vulnerable to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICMSSP '18: Proceedings of the 3rd International Conference on Multimedia Systems and Signal Processing

April 2018

168 pages

ISBN:9781450364577

DOI:10.1145/3220162

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 April 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

CCF-Venustech Hongyan Research Initiative
National Key R&D Program of China

Conference

ICMSSP '18

ICMSSP '18: 2018 3rd International Conference on Multimedia Systems and Signal Processing

April 28 - 30, 2018

Shenzhen, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
179
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhu HYang XWang BLee WYin JXu J(2020)Processing Continuous k Nearest Neighbor Queries in Obstructed Space with Voronoi DiagramsACM Transactions on Spatial Algorithms and Systems10.1145/34259557:2(1-27)Online publication date: 8-Dec-2020
https://dl.acm.org/doi/10.1145/3425955
Damiani MHachem FQuadri CRossini MGaito S(2020)On Location Relevance and Diversity in Human Mobility DataACM Transactions on Spatial Algorithms and Systems10.1145/34234047:2(1-38)Online publication date: 27-Oct-2020
https://dl.acm.org/doi/10.1145/3423404
Skaik RInkpen D(2020)Using Social Media for Mental Health SurveillanceACM Computing Surveys10.1145/342282453:6(1-31)Online publication date: 6-Dec-2020
https://dl.acm.org/doi/10.1145/3422824
Scott JTůma M(2020)Strengths and Limitations of Stretching for Least-squares Problems with Some Dense RowsACM Transactions on Mathematical Software10.1145/341255947:1(1-25)Online publication date: 8-Dec-2020
https://dl.acm.org/doi/10.1145/3412559
Matheu SHernández-Ramos JSkarmeta ABaldini G(2020)A Survey of Cybersecurity Certification for the Internet of ThingsACM Computing Surveys10.1145/341016053:6(1-36)Online publication date: 6-Dec-2020
https://dl.acm.org/doi/10.1145/3410160
Ranathunga DRoughan MNguyen H(2020)Mathematical Reconciliation of Medical Privacy PoliciesACM Transactions on Management Information Systems10.1145/339752012:1(1-18)Online publication date: 8-Dec-2020
https://dl.acm.org/doi/10.1145/3397520
Zaeem RBarber K(2020)The Effect of the GDPR on Privacy PoliciesACM Transactions on Management Information Systems10.1145/338968512:1(1-20)Online publication date: 8-Dec-2020
https://dl.acm.org/doi/10.1145/3389685
Chapin JRosenblum MDevine SLahiri TTeodosiu DGupta A(1995)HiveACM SIGOPS Operating Systems Review10.1145/224057.22405929:5(12-25)Online publication date: 3-Dec-1995
https://dl.acm.org/doi/10.1145/224057.224059
Bressoud TSchneider F(1995)Hypervisor-based fault toleranceACM SIGOPS Operating Systems Review10.1145/224057.22405829:5(1-11)Online publication date: 3-Dec-1995
https://dl.acm.org/doi/10.1145/224057.224058

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Dynamically enabled defense effectiveness evaluation of a home Internet based on vulnerability analysis and attack layer measurement

Source-End DDoS Defense in IoT Environments

Security Vulnerability Analysis for IoT Devices Raspberry Pi using PENTEST