IVQFIoT: An intelligent vulnerability quantification framework for scoring internet of things vulnerabilities

Abstract

AbstractWith time smart services have become more domineering than ever before however, the pertinent security considerations fade to correspond with growing heterogeneity in the internet of things (IoT) devices and new technologies coupled with resource constraints, crafting IoT‐based systems more susceptible to cyber‐attacks. To ensure a secure IoT environment, pro‐active security mechanisms, like scanning vulnerabilities and prioritizing to remediate them timely, should be embedded in the system. Motivated by the facts, we in this paper, highlight the state of the art of several works trading with a common vulnerability scoring system (CVSS), its limitations, and the emendations recommended to conclude its maturity. CVSS is an industry standard that has been adopted worldwide to quantify the vulnerabilities in organizations for IT and IoT‐based systems. The vulnerabilities mathematical score coalesces with environmental knowledge for finding attack paths and apt score for prioritization. The specific functionality and exclusive dynamics of IoT and cyber‐physical systems in comparison to traditional computer networks, make the legacy cyber‐security exemplars unfit for these advanced networks. This paper studies the relevance of CVSS for smart systems and present an intelligent vulnerability quantification framework for IoT systems grounded on the CVSS v3.1 framework with threat intelligence and machine learning models. Further by applying blockchain technology in the proposed framework, the issues concerning security, lack of trust, and privacy possibly will resolve by hiring a smart contract.