Skip to main content
SpringerLink
Log in

Determining Vulnerabilities of Pervasive IoT Devices and Their Geographic Distribution

  • Chapter
  • First Online:
Challenges in the IoT and Smart Environments

  • 559 Accesses

Abstract

Projections have it that by 2023 there will be a global per capita uptick of 1.2 of networked devices which aims at hitting 29 billion mark (https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741,490.html). This is a massive expansion of the attack surface, a land flowing with milk and honey for the nefarious hackers. With review showing research focus not being favourable toward vulnerability assessment of these connected devices, especially the Internet of Things (IoT), there is a danger of pandemic of security breaches in the near future. One effective way to circumvent this looming crisis is to craft a viable framework to implement on a real-time basis the identification or detection of these devices when they join a network and measure their vulnerability with a view to either mitigate or expunge from the network altogether. Using the capabilities of Python programming, the experiment retrieves device IPs from through a network analysis tool and automatically parses into Web Application Interface (WAI) capability of Nessus vulnerability scanner to both assess and score or rank the existing vulnerabilities and severity respectively. Results showed that the device vulnerability scoring or ranking will facilitate prompt remediation decision to secure the rest of the network against any potential breach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://www.akamai.com/uk/en/resources/vulnerability-management.jsp 2021

  2. Al-Fuqaha A, Guizani M, Mohammadi M (2015) Internet of things: a survey on enabling technologies, protocols, and applications—IEEE Journals & Magazine. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/7123563/

  3. Aneja S, Aneja N, Islam S (2018) IoT device fingerprint using deep learning. [online] Arxiv.org. https://arxiv.org/pdf/1902.01926

  4. Balbix (2021) CVSS base score explained. Balbix. [online] https://www.balbix.com/insights/base-cvss-scores/

  5. Barnaghi P, Wang W, Henson C, Taylor K (2012) Semantics for the internet of things. Int J Semant Web Inf Syst 8(1):1–21

    Article  Google Scholar 

  6. Burhan M, Rehman, Khan B (2021) https://www.researchgate.net/publication/327272757_IoT_Elements_Layered_Architectures_and_Security_Issues_A_Comprehensive_Survey

  7. Chen K, Zhang S, Li Z, Zhang Y, Deng Q, Ray S, Jin Y (2018) Internet-of-things security and vulnerabilities: taxonomy, challenges, and practice. [online] Semanticscholar.org. https://www.semanticscholar.org/paper/Internet-of-Things-Security-and-Vulnerabilities%3A-Chen-Zhang/da7f58eef3aeb6283aea13e7c18175156669454f

  8. Cisco (2021) Cisco annual internet report—Cisco annual internet report (2018–2023) White Paper. https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html

  9. Cvitić I, Vujić M, Husnjak S (2015) [online] Daaam.info. https://daaam.info/Downloads/Pdfs/proceedings/proceedings_2015/102.pdf

  10. FIRST—Forum of Incident Response and Security Teams (2021) CVSS V3.0 specification document. https://www.first.org/cvss/v3.0/specification-document

  11. Guo H, Heidemann J (2019) [online] Isi.edu. https://www.isi.edu/publications/trpublic/pdfs/isi-tr-726b.pdf

  12. Kolia C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: Mirai and other botnets. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/7971869

  13. Kotak J, Elovici Y (2021) Iot device identification using deep learning

    Google Scholar 

  14. LeCun Y, Bengio Y, Hinton G (2015) Deep learning. https://s3.us-east-2.amazonaws.com/hkg-website-assets/static/pages/files/DeepLearning.pdf

  15. Lee W (2019) Python® machine learning. https://learning.oreilly.com/library/view/python-machine-learning/9781119545637/

  16. Li S, Tryfonas T, Li H (2016) The internet of things: a security point of view. [online] Semanticscholar.org. https://www.semanticscholar.org/paper/The-Internet-of-Things%3A-a-security-point-of-view-Li-Tryfonas/54497abbdd4b5f18541a90fc50d215ad6d14db65

  17. Meidan Y, Bohadana M, Shabta A (2017) https://www.researchgate.net/publication/319736005_Detection_of_Unauthorized_IoT_Devices_Using_Machine_Learning_Techniques

  18. Miettinen M, Marchal S, Hafeez I (2016) Iot SENTINEL: automated device-type identification for security enforcement in Iot—IEEE Conference Publication. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/abstract/document/7980167/

  19. O’Hara J, Macfarlane R, Lo O (2019) Identifying vulnerabilities using internet-wide scanning data. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/8688018

  20. Passeri P (2021) 2020 Cyber attacks statistics. [online] HACKMAGEDDON. https://www.hackmageddon.com/2021/01/13/2020-cyber-attacks-statistics/

  21. Peng S, Pal S, Huang L (2020) Principles of internet of things Iot ecosystem. [S.L.]: Springer

    Google Scholar 

  22. Rizvi S, Orr R, Cox A, Ashokkumar P, Rizvi M (2021) Identifying the attack surface for Iot network

    Google Scholar 

  23. Rizvi S, Pipettiz R, Mcintyres N, Todd J (2021) (PDF) Threat model for securing internet of things (Iot) network at device-level. [online] ResearchGate. https://www.researchgate.net/publication/341884275_Threat_Model_for_Securing_Internet_of_Things_IoT_Network_at_Device-Level

  24. Samtani S (2018) CSDL|IEEE computer society. [online] Computer.org. https://www.computer.org/csdl/magazine/ex/2018/02/mex2018020063/13rRUyft7zb

  25. Samtani S, Yu S, Zhu H, Patton M, Matherly J, Chen H (2018) Identifying SCADA systems and their vulnerabilities on the internet of things: a text-mining approach. IEEE Intell Syst 33(2):63–73 (SANS Institute: Reading Room—Threats/Vulnerabilities, 2021)https://doi.org/10.1109/MIS.2018.111145022

  26. Shahid M, Blanc G, Zhang Z, Debar H (2018) IoT devices recognition through network traffic analysis. [online] Academia.edu. https://www.academia.edu/38420293/IoT_Devices_Recognition_Through_Network_Traffic_Analysis

  27. Suo H, Wan J, Zou C, Liu J (2012) Security in the internet of things: a review—IEEE Conference Publication. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/6188257

  28. Tenable® (2020) Nessus professional. https://www.tenable.com/products/nessus/nessus-professional

  29. Williams R, McMahon E, Samtani S (2017) Identifying vulnerabilities of consumer internet of things (Iot) devices: a scalable approach—IEEE Conference Publication. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/8004904.

  30. Xiaojiang X, Jian-li W, Ming-dong L (2021) Services and key technologies of the internet of things. [online] Semanticscholar.org. https://www.semanticscholar.org/paper/Services-and-Key-Technologies-of-the-Internet-of-Xiaojiang-Jian-li/3233bc706e9c0a1757de889ee5dfc19b0b358b32

  31. Xie W, Jiang Y, Ding N (2017) CSDL|IEEE computer society. [online] Computer.org. https://www.computer.org/csdl/proceedings-article/icpads/2017/212901a769/12OmNzZWbxb

  32. Yang K, Qiang L, Limin S (2019) http://static.tongtianta.site/paper_pdf/35365316-adba-11e9-b197-00163e08bb86.pdf

  33. Yu M, Zhuge J, Cao M, Jian L (2020) [online] Mdpi.com. https://www.mdpi.com/1999-5903/12/2/27/pdf

  34. Zhao K, Ge L (2013) A survey on the internet of things security. In: Proceedings of the 2013 ninth international conference on computational intelligence and security. [online] Dl.acm.org. https://dl.acm.org/doi/10.1109/CIS.2013.145

  35. Zheng Y, Wen H, Cheng K, Song ZW, Zhu HS, Sun LM (2019) A survey of IoT device vulnerability mining techniques

    Google Scholar 

  36. WonderHowTo (2016) Hack Like a pro: how to scan for vulnerabilities with Nessus. https://null-byte.wonderhowto.com/how-to/hack-like-pro-scan-for-vulnerabilities-with-nessus-0169971/

  37. Worldometers.info (2021) World population clock: 7.8 billion people (2021)—Worldometer. https://www.worldometers.info/world-population/

Download references

Author information

Authors and Affiliations

  1. Northumbria University London, London, UK

    Segun Awoniyi & Muhammad Ali Naqi Kazmi

Authors
  1. Segun Awoniyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Ali Naqi Kazmi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Ali Naqi Kazmi .

Editor information

Editors and Affiliations

  1. Hillary Rodham Clinton School of Law, Swansea University, Swansea, UK

    Reza Montasari

  2. Northumbria University, London, UK

    Hamid Jahankhani

  3. School of Mathematics and Computer Science, University of Wolverhampton, Wolverhampton, UK

    Haider Al-Khateeb

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Awoniyi, S., Kazmi, M.A.N. (2021). Determining Vulnerabilities of Pervasive IoT Devices and Their Geographic Distribution. In: Montasari, R., Jahankhani, H., Al-Khateeb, H. (eds) Challenges in the IoT and Smart Environments. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-87166-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-87166-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-87165-9

  • Online ISBN: 978-3-030-87166-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation