Abstract
The security of the Internet of Things (IoT) is a very important aspect of everyday life for people and industries, as well as hospitals, military, households and cities. Unfortunately, this topic is still too little researched and developed, which results in exposing users of Internet of Things to possible threats. One of the areas which should be addressed is the creation of a database of information about vulnerabilities and exploits in the Internet of Things; therefore, the goal of our activities under the VARIoT (Vulnerability and Attack Repository for IoT) project is to develop such a database and make it publicly available. The article presents the results of our research aimed at building this database, i.e., how the information about vulnerabilities is obtained, standardized, aggregated and correlated as well as the way of enhancing and selecting IoT related data. We have obtained and proved that existing databases provide various scopes of information and because of that a single and most comprehensive source of information does not exist. In addition, various sources present information about a vulnerability at different times—some of them are faster than others, and the differences in publication dates are significant. The results of our research show that aggregation of information from various sources can be very beneficial and has potential to enhance actionable value of information. We have also shown that introducing more sophisticated concepts, such as trust management and metainformation extraction based on artificial intelligence, could ensure a higher level of completeness of information as well as evaluate the usefulness and reliability of data.
Highlights
According to the Cambridge Online Dictionary [1], “Internet of Things” refers to the “objects with computing devices in them that are able to connect to each other and exchange data using the Internet”
The lack of a repository aggregating information about vulnerabilities and exploits of Internet of Things (IoT) devices, which could provide a high level of maturity, is a worrying problem currently; creation of such repository is the main focus of the article
All results show that the created database of vulnerabilities and exploits could be beneficial and useful to the community of IoT cybersecurity analysts, as it is as comprehensive as possible on the basis of public sources of such information
Summary
According to the Cambridge Online Dictionary [1], “Internet of Things” refers to the “objects with computing devices in them that are able to connect to each other and exchange data using the Internet”. All sorts of infected IoT devices can be used for distributed attacks on other digital services and assets Solving these problems is much more difficult due to the lack of rich common sources of actionable information about IoT vulnerabilities, known exploits and incidents recorded in the wild. Such services are necessary to support the proper response of vendors, service providers, mitigation activities of network owners, development of services increasing the security of end users as well as further research activities in the field of cybersecurity in the IoT world.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
