Towards Automatically Connecting IoT Devices with Vulnerabilities in the Wild

IF 3.9 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Jinke Song, Shangfeng Wan, Min Huang, Jiqiang Liu, Limin Sun, Qiang Li
{"title":"Towards Automatically Connecting IoT Devices with Vulnerabilities in the Wild","authors":"Jinke Song, Shangfeng Wan, Min Huang, Jiqiang Liu, Limin Sun, Qiang Li","doi":"https://dl.acm.org/doi/10.1145/3608951","DOIUrl":null,"url":null,"abstract":"<p>With the increasing number of Internet of Things (IoT) devices connected to the internet, the industry and research community have become increasingly concerned about their security impact. Adversaries or hackers often exploit public security flaws to compromise IoT devices and launch cyber attacks. However, despite this growing concern, little effort has been made to investigate the detection of IoT devices and their underlying risks. To address this gap, this paper proposes to automatically establish relationships between IoT devices and their vulnerabilities in the wild. Specifically, we construct a deep neural network (DNN) to extract semantic information from IoT packets and generate fine-grained fingerprints of IoT devices. This enables us to annotate IoT devices in cyberspace, including their device type, vendor, and product information. We collect vulnerability reports from various security sources and extract IoT device information from these reports to automatically match vulnerabilities with the fingerprints of IoT devices. We implemented a prototype system and conducted extensive experiments to validate the effectiveness of our approach. The results show that our DNN model achieved a 98% precision rate and a 95% recall rate in IoT device fingerprinting. Furthermore, we collected and analyzed over 13,063 IoT-related vulnerability reports and our method automatically built 5,458 connections between IoT device fingerprints and their vulnerabilities. These findings shed light on the ongoing threat of cyber-attacks on IoT systems as both IoT devices and disclosed vulnerabilities are targets for malicious attackers.</p>","PeriodicalId":50910,"journal":{"name":"ACM Transactions on Sensor Networks","volume":"28 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2023-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Sensor Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/https://dl.acm.org/doi/10.1145/3608951","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

With the increasing number of Internet of Things (IoT) devices connected to the internet, the industry and research community have become increasingly concerned about their security impact. Adversaries or hackers often exploit public security flaws to compromise IoT devices and launch cyber attacks. However, despite this growing concern, little effort has been made to investigate the detection of IoT devices and their underlying risks. To address this gap, this paper proposes to automatically establish relationships between IoT devices and their vulnerabilities in the wild. Specifically, we construct a deep neural network (DNN) to extract semantic information from IoT packets and generate fine-grained fingerprints of IoT devices. This enables us to annotate IoT devices in cyberspace, including their device type, vendor, and product information. We collect vulnerability reports from various security sources and extract IoT device information from these reports to automatically match vulnerabilities with the fingerprints of IoT devices. We implemented a prototype system and conducted extensive experiments to validate the effectiveness of our approach. The results show that our DNN model achieved a 98% precision rate and a 95% recall rate in IoT device fingerprinting. Furthermore, we collected and analyzed over 13,063 IoT-related vulnerability reports and our method automatically built 5,458 connections between IoT device fingerprints and their vulnerabilities. These findings shed light on the ongoing threat of cyber-attacks on IoT systems as both IoT devices and disclosed vulnerabilities are targets for malicious attackers.

实现自动连接存在漏洞的物联网设备
随着越来越多的物联网(IoT)设备连接到互联网,业界和研究界越来越关注其安全影响。对手或黑客经常利用公共安全漏洞来破坏物联网设备并发动网络攻击。然而,尽管人们越来越关注这一问题,但很少有人去调查物联网设备的检测及其潜在风险。为了解决这一差距,本文提出在物联网设备及其漏洞之间自动建立关系。具体来说,我们构建了一个深度神经网络(DNN)来从物联网数据包中提取语义信息,并生成物联网设备的细粒度指纹。这使我们能够在网络空间中注释物联网设备,包括其设备类型,供应商和产品信息。我们从各种安全来源收集漏洞报告,并从中提取物联网设备信息,自动匹配漏洞与物联网设备指纹。我们实现了一个原型系统,并进行了大量的实验来验证我们方法的有效性。结果表明,我们的深度神经网络模型在物联网设备指纹识别中达到了98%的准确率和95%的召回率。此外,我们收集并分析了超过13063份与物联网相关的漏洞报告,我们的方法自动在物联网设备指纹与其漏洞之间建立了5458个连接。这些发现揭示了网络攻击对物联网系统的持续威胁,因为物联网设备和公开的漏洞都是恶意攻击者的目标。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACM Transactions on Sensor Networks
ACM Transactions on Sensor Networks 工程技术-电信学
CiteScore
5.90
自引率
7.30%
发文量
131
审稿时长
6 months
期刊介绍: ACM Transactions on Sensor Networks (TOSN) is a central publication by the ACM in the interdisciplinary area of sensor networks spanning a broad discipline from signal processing, networking and protocols, embedded systems, information management, to distributed algorithms. It covers research contributions that introduce new concepts, techniques, analyses, or architectures, as well as applied contributions that report on development of new tools and systems or experiences and experiments with high-impact, innovative applications. The Transactions places special attention on contributions to systemic approaches to sensor networks as well as fundamental contributions.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信