Risk Prediction of IoT Devices Based on Vulnerability Analysis

Oser, Pascal; Heijden, Rens W. van der; Lüders, S.; Kargl, Frank

doi:10.1145/3510360

Cited by 11 publications

(17 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Before presenting our evaluation, we first introduce details of the SAFER framework on which our evaluation builds. We also explain what enhancements we have introduced compared to the version described in [23]. Figure 1 shows an overview of SAFER and its components.…”

Section: Preliminariesmentioning

confidence: 99%

“…Figure 1 shows an overview of SAFER and its components. The SAFER framework implements various components to 1) identify [24,1] IoT devices, 2) gather vulnerability information for identified devices [23] , 3) score [23] this information and 4) display [22] results to support SAFER's users in making informed decisions regarding their devices' security.…”

Section: Preliminariesmentioning

confidence: 99%

“…In its last step, all information is aggregated and SAFER computes a Current Device Security Risk Indicator (CDSRI) and a Future Device Security Risk Indicator (FDSRI) based on past evidence. Previous works about SAFER describe its components [24,1,22] and the overall framework [23] but evaluate in particular the FDSRI with only few devices and less details.…”

Section: Preliminariesmentioning

confidence: 99%

“…This paper presents an in-depth and large-scale IoT device security assessment by utilizing the risk prediction & scoring component of the Security Assessment Framework for Embedded-device Risks (SAFER) [23]. SAFER is a highly-automated framework to identify devices on the network for estimating their current as well as future security risk based on publicly retrievable firmware information.…”

Section: Introductionmentioning

confidence: 99%

“…Oser et al [23] describe SAFER extensively, however the evaluation focuses on device identification and the authors only performed a preliminary evaluation of the risk metrics with 38 device models. They concluded that for their reduced data-set, current and future risk was predicted with almost 100 % accuracy.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices

Oser¹,

Engelmann²,

Lüders³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

IoT devices are present in many, especially corporate and sensitive, networks and regularly introduce security risks due to slow vendor responses to vulnerabilities and high difficulty of patching. In this paper, we want to evaluate to what extent the development of future risk of IoT devices due to new and unpatched vulnerabilities can be predicted based on historic information. For this analysis, we build on existing prediction algorithms available in the SAFER framework (prophet and ARIMA) which we evaluate by means of a large data-set of vulnerabilities and patches from 793 IoT devices. Our analysis shows that the SAFER framework can predict a correct future risk for 91 % of the devices, demonstrating its applicability. We conclude that this approach is a reliable means for network operators to efficiently detect and act on risks emanating from IoT devices in their networks.

show abstract

Section: Preliminariesmentioning

confidence: 99%