An Automated Framework for Generating Attack Graphs Using Known Security Threats

Abstract

As the proliferation of IoT increases, the need for threat modeling and risk assessment becomes more important. This paper presents an automated framework by utilizing publicly known vulnerabilities and the analytical capabilities provided by MulVAL. The goal is to address the problem of immature IoT security and adopt a proactive approach to threat detection and prevention. The proposed solution is based on the creation of a customized search tool that focuses on the components utilized to build IoT devices. The framework was evaluated by applying it to well-known gadgets. Based on the results, there is a link between currently known IoT vulnerabilities and different attack techniques and graphs. The System Usability Scale (SUS) was utilized to examine the usability of the search tool. As a result, a survey was performed to establish the user experience with the tool. The findings show that the proposed solution is functional and usable.