Skip to main content
SpringerLink
Log in

CVE Based Classification of Vulnerable IoT Systems

  • Conference paper
  • First Online:
Theory and Applications of Dependable Computer Systems (DepCoS-RELCOMEX 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1173))

Included in the following conference series:

Abstract

Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system vulnerabilities. We introduce a real-world based classification of IoT systems. Then, we employ a SVM algorithm on selected subset of CVE database to classify “new” vulnerability records in this framework. The subset of interest consists of records that describe vulnerabilities of potential IoT devices of different applications, such as: home, industry, mobile controllers, networking, etc. The purpose of the classification is to develop and test an automatic system for recognition of vulnerable IoT devices and to test completes, sufficiency and reliability of CVE data in this respect.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  Google Scholar 

  2. Da Xu, L., He, W., Li, S.: Internet of things in industries: a survey. IEEE Trans. Industr. Inf. 10(4), 2233–2243 (2014)

    Article  Google Scholar 

  3. Jalali, R., El-Khatib, K., McGregor, C.: Smart city architecture for community level services through the internet of things. In: 18th International Conference on Intelligence in Next Generation Networks (ICIN), pp. 108–113 (2015)

    Google Scholar 

  4. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutorials 17(4), 2347–2376 (2015)

    Article  Google Scholar 

  5. The 7th Framework Programme funded European Research and Technological Development from 2007 until 2013; Internet of Things and Future Internet Enterprise Systems. http://cordis.europa.eu/fp7/ict/enet/projects_en.html. Accessed 10 May 2017

  6. Architectural Reference Model for the IoT – (ARM). Introduction booklet. http://iotforum.org/wp-content/uploads/2014/09/120613-IoT-A-ARM-Book-Introduction-v7.pdf.. Accessed 10 May 2017

  7. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., Kallitsis, M., Kumar, D.: Understanding the mirai botnet. In: 26th USENIX Security Symposium, USENIX Security, vol. 17, pp. 1093–1110 (2017)

    Google Scholar 

  8. Ling, Z., Liu, K., Xu, Y., Gao, C., Jin, Y., Zou, C., Fu, X., Zhao, W.: IoT security: an end-to-end view and case study. arXiv preprint arXiv:1805.05853 (2018)

  9. S. in Silicon Lab: Iot security vulnerability database, August 2017. http://www.hardwaresecurity.org/iot/database

  10. Obermaier, J., Hutle, M.: Analyzing the security and privacy of cloud-based video surveillance systems. In: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 22–28. ACM (2016)

    Google Scholar 

  11. Arias, O., Wurm, J., Hoang, K., Jin, Y.: Privacy and security in internet of things and wearable devices. IEEE Trans. Multi-Scale Comput. Syst. 1(2), 99–109 (2015)

    Article  Google Scholar 

  12. Durumeric, Z., Li, F., Kasten, J., Amann, J., Beekman, J., Payer, M., Weaver, N., Adrian, D., Paxson, V., Bailey, M., Halderman, J.A.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)

    Google Scholar 

  13. Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J.A., Dukhovni, V., Käsper, E.: DROWN: breaking TLS using SSLv2. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 689–706 (2016)

    Google Scholar 

  14. Wang, J.A., Guo, M.: Vulnerability categorization using Bayesian networks. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4 (2010)

    Google Scholar 

  15. Na, S., Kim, T., Kim, H.: A study on the classification of common vulnerabilities and exposures using Naïve Bayes. In: Proceedings of International Conference on Broadband and Wireless Computing and Applications, pp. 657–662. Springer, Cham (2016)

    Google Scholar 

  16. Neuhaus, S., Zimmermann, T.: Security trend analysis with CVE topic models. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering, pp. 111–120. IEEE (2010)

    Google Scholar 

  17. Huang, G., Li, Y., Wang, Q., Ren, J., Cheng, Y., Zhao, X.: Automatic classification method for software vulnerability based on deep neural network. IEEE Access 7, 28291–28298 (2019)

    Article  Google Scholar 

  18. MITRE: CVE Common Vulnerabilities and Exposures database (2020). https://cve.mitre.org/. Accessed 02 Jan 2020

  19. NIST: Security Content Automation Protocol v 1.3 (2020). https://csrc.nist.gov/projects/security-content-automation-protocol/. Accessed 02 Jan 2020

  20. NIST: Official Common Platform Enumeration (CPE) Dictionary (2020). https://csrc.nist.gov/projects/security-content-automation-protocol/. Accessed 02 Jan 2020

  21. Vapnik, V.: Statistical Learning Theory. Wiley, New York (1998)

    MATH  Google Scholar 

  22. Liu, Z., Lv, X., Liu, K., Shi, S.: Study on SVM compared with the other text classification methods. In: Second International Workshop on Education Technology and Computer Science, vol. 1, pp. 219–222. IEEE (2010)

    Google Scholar 

  23. NLTK: Natural Language Toolkit. https://www.nltk.org/. Accessed 02 Jan 2020

  24. Scikit-learn: Machine learning in Python. https://scikit-learn.org/stable/. Accessed 02 Jan 2020

  25. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, Warsaw University of Technology, Nowowiejska 15/19, 00-665, Warsaw, Poland

    Grzegorz J. Blinowski & Paweł Piotrowski

Authors
  1. Grzegorz J. Blinowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paweł Piotrowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Grzegorz J. Blinowski .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Wojciech Zamojski

  2. Wrocław University of Science and Technology, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Wrocław University of Science and Technology, Wrocław, Poland

    Jarosław Sugier

  4. Wrocław University of Science and Technology, Wrocław, Poland

    Tomasz Walkowiak

  5. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Blinowski, G.J., Piotrowski, P. (2020). CVE Based Classification of Vulnerable IoT Systems. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Applications of Dependable Computer Systems. DepCoS-RELCOMEX 2020. Advances in Intelligent Systems and Computing, vol 1173. Springer, Cham. https://doi.org/10.1007/978-3-030-48256-5_9

Download citation

Publish with us

Policies and ethics

Search

Navigation