Abstract

The aim of this paper was to enhance the process of diagnosing and detecting possible vulnerabilities within an Internet of Things (IoT) system by using a named entity recognition (NER)-based solution. In both research and practice, security system management experts rely on a large variety of heterogeneous security data sources, which are usually available in the form of natural language. This is challenging as the process is very time consuming and it is difficult to stay up to date with the constant findings in the areas of security threats, vulnerabilities, attacks, countermeasures, and risks. The proposed system is conceived as a semantic indexing solution of existing vulnerabilities and serves as an information tool for security management experts. By integrating the proposed system, the users can easily discover the potential vulnerabilities of their IoT devices. The proposed solution integrates ontologies and NER techniques in order to obtain a high rate of automation with the scope of reaching a self-maintained and up-to-date system in terms of vulnerabilities and common exposures knowledge. To achieve this, a total of 312 CVEs (common vulnerabilities and exposures) specific to the IoT field were identified. CVEs are arguably one of the most important cybersecurity resources nowadays, containing information about the latest discovered vulnerabilities. This set is further used as data corpus for an NER model designed to identify the main entities and relations that are relevant to IoT security. The goal is to automatically monitor cybersecurity information relevant to IoT, and filter and present it in an organized and structured framework based on users’ needs. The taxonomies specific to IoT security are implemented via a domain ontology, which is later used to process natural language. Relevant tokens are marked as entities and the relations between them identified. The text analysis solution is connected to a gateway which scans the environment and identifies the main IoT devices and communication technologies. The strength of the approach proposed within this research is that the designed semantic gateway is using context-aware searches in the modeled IoT security database and can identify possible vulnerabilities before they can be exploited.

Highlights

  • The IoT (Internet of Things) term was mentioned for the first time in 1999 [1], IoT technologies have been used for decades [2]

  • Technologies, especially those related to the speed of data transmission, have facilitated the introduction of many IoT devices that are used by the general public

  • The output of the system can be interrogated using the framework proposed in Section 5, in which a semantic security gateway was implemented for the purpose of describing the components and communication protocols used within a specific IoT system

Read more

Summary

Introduction

The IoT (Internet of Things) term was mentioned for the first time in 1999 [1], IoT technologies have been used for decades [2]. To reach the proposed objective, we gathered the main data regarding IoT-specific vulnerabilities The gateway automatically detects the connections of new IoT devices to the local network and saves the metadata into a local ontology Every time it is necessary, the gateway sends the gathered data to the NER solution that analyzes it, searches through the annotated documents, and returns relevant information about the specific components of the network. This information can be further used by security management experts to handle the IoT environment properly. Conclusions and future work are highlighted in the last section of this paper

Related Works
Security Vulnerabilities for IoT Technologies
Choosing
The Ontology
Data Storage
Validating the Model
Score for Entity
Data Output—API
Semantic Security Gateway
Limitations
Findings
Conclusions

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A Lightweight Vulnerability Mitigation Framework for IoT Devices
Noy Hadar ... Shachar Siboni
-
Noy Hadar, et. al.Noy Hadar ... Shachar Siboni
03 Nov 2017
Healthcare-Internet of Things and Its Components
Aman Tyagi
-
Aman TyagiAman Tyagi
23 Nov 2020
Development Status and Trend of IoT Communication Technology
Zhenhua Liu
-
Zhenhua LiuZhenhua Liu
01 Jan 2020
Automatic labeling of the elements of a vulnerability report CVE with NLP
Kensuke Sumoto ... Naohiko Tsuda
-
Kensuke Sumoto, et. al.Kensuke Sumoto ... Naohiko Tsuda
01 Aug 2022
View more papers

More From: Sensors

Paper Title
Journal
Date
Author
A New Deep Learning Methodology for Alarm Supervision in Marine Power Stations
José A Orosa ... José M Pérez-Canosa
Sensors | VOL. 24
José A Orosa, et. al.José A Orosa ... José M Pérez-Canosa
30 Oct 2024
Development of an Angular Stiffness Sensor to Measure Dental Implant Stability In Vitro
Weiwei Xu ... I Y Shen
Sensors | VOL. 24
Weiwei Xu, et. al.Weiwei Xu ... I Y Shen
30 Oct 2024
Photoacoustic Resonators for Non-Invasive Blood Glucose Detection Through Photoacoustic Spectroscopy: A Systematic Review
Md Rejvi Kaysir ... Dayan Ban
Sensors | VOL. 24
Md Rejvi Kaysir, et. al.Md Rejvi Kaysir ... Dayan Ban
30 Oct 2024
Embroidered Transmission Lines with Conductive Yarns: Challenges, Modeling, Fabrication, and Experimental Performance Assessment
Chrysanthi Angelaki ... Antonis A Alexandridis
Sensors | VOL. 24
Chrysanthi Angelaki, et. al.Chrysanthi Angelaki ... Antonis A Alexandridis
30 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.