Abstract
Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system vulnerabilities. We introduce a real-world based classification of IoT systems. Then, we employ a SVM algorithm on selected subset of CVE database to classify “new” vulnerability records in this framework. The subset of interest consists of records that describe vulnerabilities of potential IoT devices of different applications, such as: home, industry, mobile controllers, networking, etc. The purpose of the classification is to develop and test an automatic system for recognition of vulnerable IoT devices and to test completes, sufficiency and reliability of CVE data in this respect.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Da Xu, L., He, W., Li, S.: Internet of things in industries: a survey. IEEE Trans. Industr. Inf. 10(4), 2233–2243 (2014)
Jalali, R., El-Khatib, K., McGregor, C.: Smart city architecture for community level services through the internet of things. In: 18th International Conference on Intelligence in Next Generation Networks (ICIN), pp. 108–113 (2015)
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutorials 17(4), 2347–2376 (2015)
The 7th Framework Programme funded European Research and Technological Development from 2007 until 2013; Internet of Things and Future Internet Enterprise Systems. http://cordis.europa.eu/fp7/ict/enet/projects_en.html. Accessed 10 May 2017
Architectural Reference Model for the IoT – (ARM). Introduction booklet. http://iotforum.org/wp-content/uploads/2014/09/120613-IoT-A-ARM-Book-Introduction-v7.pdf.. Accessed 10 May 2017
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., Kallitsis, M., Kumar, D.: Understanding the mirai botnet. In: 26th USENIX Security Symposium, USENIX Security, vol. 17, pp. 1093–1110 (2017)
Ling, Z., Liu, K., Xu, Y., Gao, C., Jin, Y., Zou, C., Fu, X., Zhao, W.: IoT security: an end-to-end view and case study. arXiv preprint arXiv:1805.05853 (2018)
S. in Silicon Lab: Iot security vulnerability database, August 2017. http://www.hardwaresecurity.org/iot/database
Obermaier, J., Hutle, M.: Analyzing the security and privacy of cloud-based video surveillance systems. In: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 22–28. ACM (2016)
Arias, O., Wurm, J., Hoang, K., Jin, Y.: Privacy and security in internet of things and wearable devices. IEEE Trans. Multi-Scale Comput. Syst. 1(2), 99–109 (2015)
Durumeric, Z., Li, F., Kasten, J., Amann, J., Beekman, J., Payer, M., Weaver, N., Adrian, D., Paxson, V., Bailey, M., Halderman, J.A.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)
Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J.A., Dukhovni, V., Käsper, E.: DROWN: breaking TLS using SSLv2. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 689–706 (2016)
Wang, J.A., Guo, M.: Vulnerability categorization using Bayesian networks. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4 (2010)
Na, S., Kim, T., Kim, H.: A study on the classification of common vulnerabilities and exposures using Naïve Bayes. In: Proceedings of International Conference on Broadband and Wireless Computing and Applications, pp. 657–662. Springer, Cham (2016)
Neuhaus, S., Zimmermann, T.: Security trend analysis with CVE topic models. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering, pp. 111–120. IEEE (2010)
Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., Zhao, X.: Automatic classification method for software vulnerability based on deep neural network. IEEE Access 7, 28291–28298 (2019)
MITRE: CVE Common Vulnerabilities and Exposures database (2020). https://cve.mitre.org/. Accessed 02 Jan 2020
NIST: Security Content Automation Protocol v 1.3 (2020). https://csrc.nist.gov/projects/security-content-automation-protocol/. Accessed 02 Jan 2020
NIST: Official Common Platform Enumeration (CPE) Dictionary (2020). https://csrc.nist.gov/projects/security-content-automation-protocol/. Accessed 02 Jan 2020
Vapnik, V.: Statistical Learning Theory. Wiley, New York (1998)
Liu, Z., Lv, X., Liu, K., Shi, S.: Study on SVM compared with the other text classification methods. In: Second International Workshop on Education Technology and Computer Science, vol. 1, pp. 219–222. IEEE (2010)
NLTK: Natural Language Toolkit. https://www.nltk.org/. Accessed 02 Jan 2020
Scikit-learn: Machine learning in Python. https://scikit-learn.org/stable/. Accessed 02 Jan 2020
Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Blinowski, G.J., Piotrowski, P. (2020). CVE Based Classification of Vulnerable IoT Systems. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Applications of Dependable Computer Systems. DepCoS-RELCOMEX 2020. Advances in Intelligent Systems and Computing, vol 1173. Springer, Cham. https://doi.org/10.1007/978-3-030-48256-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-48256-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-48255-8
Online ISBN: 978-3-030-48256-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)