2021
DOI: 10.3390/s21227579
|View full text |Cite
|
Sign up to set email alerts
|

Multi-Source Knowledge Reasoning for Data-Driven IoT Security

Abstract: Nowadays, there are different kinds of public knowledge bases for cyber security vulnerability and threat intelligence which can be used for IoT security threat analysis. However, the heterogeneity of these knowledge bases and the complexity of the IoT environments make network security situation awareness and threat assessment difficult. In this paper, we integrate vulnerabilities, weaknesses, affected platforms, tactics, attack techniques, and attack patterns into a coherent set of links. In addition, we pro… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
10
0
1

Year Published

2022
2022
2024
2024

Publication Types

Select...
6

Relationship

2
4

Authors

Journals

citations
Cited by 12 publications
(11 citation statements)
references
References 27 publications
0
10
0
1
Order By: Relevance
“…Wu et al expressed the relationships of attack scenarios in the SWRL rules and assessed potential threats by inferring vulnerabilities and their induced attacks [10]. Similarly, Zhang et al revealed the implicit relation based on the inference rules to discover vulnerable platforms in the IoT environments [18]. To some extent, ontology-based reasoning methods cannot meet the demands of cost computing and rule generation complexity when instances increase.…”
Section: Reasoning-based Security Analysismentioning
confidence: 99%
See 1 more Smart Citation
“…Wu et al expressed the relationships of attack scenarios in the SWRL rules and assessed potential threats by inferring vulnerabilities and their induced attacks [10]. Similarly, Zhang et al revealed the implicit relation based on the inference rules to discover vulnerable platforms in the IoT environments [18]. To some extent, ontology-based reasoning methods cannot meet the demands of cost computing and rule generation complexity when instances increase.…”
Section: Reasoning-based Security Analysismentioning
confidence: 99%
“…Algorithm 1: Continued ( 16) remove the last elements from cur_p_rela and cur_p_ent (17) end if (18) for each entity adj_ent and relation adj_rela adjacent to cur_ent do (19) if adj_ent is not in cur_p_ent then (20) DFS_SIM (adj_rela, adj_ent, cur_p_rela, cur_p_ent, p_vec, cur_sim, cur_len, e t , max_p_len, q_r_vec, cri_p_set) (21) end if (22) end for (23) remove the last elements from cur_p_rela and cur_p_ent (24) end function…”
Section: Algorithm 1: Critical Relation Path Depth-first Search With ...mentioning
confidence: 99%
“…Related ATT&CK Attack Technology. ATT&CK abstractly describes a framework composed of sequential attack tactics, each of which covers abundant attack techniques [43]. ATT&CK framework can help organizations predict the adversary's attack behavior, gain a comprehensive understanding of the attack techniques that attackers may use, and provide mitigation measures.…”
Section: Cyber Threat Intelligence-automated Assessment Model (Tiam)mentioning
confidence: 99%
“…Other papers have proposed IoT metrics for hardware, software, network, quality requirements, security requirements, etc. An example of the latter is the study by Zhang et al (2021) who proposed the IoT Security Threat Ontology (IoTSTO) as an IoT security ontology model to describe the elements of IoT security threats and threat analysis rules. Their model assists security managers in deploying IoT security solutions.…”
Section: Introductionmentioning
confidence: 99%