Abstract
Projections have it that by 2023 there will be a global per capita uptick of 1.2 of networked devices which aims at hitting 29 billion mark (https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741,490.html). This is a massive expansion of the attack surface, a land flowing with milk and honey for the nefarious hackers. With review showing research focus not being favourable toward vulnerability assessment of these connected devices, especially the Internet of Things (IoT), there is a danger of pandemic of security breaches in the near future. One effective way to circumvent this looming crisis is to craft a viable framework to implement on a real-time basis the identification or detection of these devices when they join a network and measure their vulnerability with a view to either mitigate or expunge from the network altogether. Using the capabilities of Python programming, the experiment retrieves device IPs from through a network analysis tool and automatically parses into Web Application Interface (WAI) capability of Nessus vulnerability scanner to both assess and score or rank the existing vulnerabilities and severity respectively. Results showed that the device vulnerability scoring or ranking will facilitate prompt remediation decision to secure the rest of the network against any potential breach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://www.akamai.com/uk/en/resources/vulnerability-management.jsp 2021
Al-Fuqaha A, Guizani M, Mohammadi M (2015) Internet of things: a survey on enabling technologies, protocols, and applications—IEEE Journals & Magazine. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/7123563/
Aneja S, Aneja N, Islam S (2018) IoT device fingerprint using deep learning. [online] Arxiv.org. https://arxiv.org/pdf/1902.01926
Balbix (2021) CVSS base score explained. Balbix. [online] https://www.balbix.com/insights/base-cvss-scores/
Barnaghi P, Wang W, Henson C, Taylor K (2012) Semantics for the internet of things. Int J Semant Web Inf Syst 8(1):1–21
Burhan M, Rehman, Khan B (2021) https://www.researchgate.net/publication/327272757_IoT_Elements_Layered_Architectures_and_Security_Issues_A_Comprehensive_Survey
Chen K, Zhang S, Li Z, Zhang Y, Deng Q, Ray S, Jin Y (2018) Internet-of-things security and vulnerabilities: taxonomy, challenges, and practice. [online] Semanticscholar.org. https://www.semanticscholar.org/paper/Internet-of-Things-Security-and-Vulnerabilities%3A-Chen-Zhang/da7f58eef3aeb6283aea13e7c18175156669454f
Cisco (2021) Cisco annual internet report—Cisco annual internet report (2018–2023) White Paper. https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
Cvitić I, Vujić M, Husnjak S (2015) [online] Daaam.info. https://daaam.info/Downloads/Pdfs/proceedings/proceedings_2015/102.pdf
FIRST—Forum of Incident Response and Security Teams (2021) CVSS V3.0 specification document. https://www.first.org/cvss/v3.0/specification-document
Guo H, Heidemann J (2019) [online] Isi.edu. https://www.isi.edu/publications/trpublic/pdfs/isi-tr-726b.pdf
Kolia C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: Mirai and other botnets. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/7971869
Kotak J, Elovici Y (2021) Iot device identification using deep learning
LeCun Y, Bengio Y, Hinton G (2015) Deep learning. https://s3.us-east-2.amazonaws.com/hkg-website-assets/static/pages/files/DeepLearning.pdf
Lee W (2019) Python® machine learning. https://learning.oreilly.com/library/view/python-machine-learning/9781119545637/
Li S, Tryfonas T, Li H (2016) The internet of things: a security point of view. [online] Semanticscholar.org. https://www.semanticscholar.org/paper/The-Internet-of-Things%3A-a-security-point-of-view-Li-Tryfonas/54497abbdd4b5f18541a90fc50d215ad6d14db65
Meidan Y, Bohadana M, Shabta A (2017) https://www.researchgate.net/publication/319736005_Detection_of_Unauthorized_IoT_Devices_Using_Machine_Learning_Techniques
Miettinen M, Marchal S, Hafeez I (2016) Iot SENTINEL: automated device-type identification for security enforcement in Iot—IEEE Conference Publication. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/abstract/document/7980167/
O’Hara J, Macfarlane R, Lo O (2019) Identifying vulnerabilities using internet-wide scanning data. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/8688018
Passeri P (2021) 2020 Cyber attacks statistics. [online] HACKMAGEDDON. https://www.hackmageddon.com/2021/01/13/2020-cyber-attacks-statistics/
Peng S, Pal S, Huang L (2020) Principles of internet of things Iot ecosystem. [S.L.]: Springer
Rizvi S, Orr R, Cox A, Ashokkumar P, Rizvi M (2021) Identifying the attack surface for Iot network
Rizvi S, Pipettiz R, Mcintyres N, Todd J (2021) (PDF) Threat model for securing internet of things (Iot) network at device-level. [online] ResearchGate. https://www.researchgate.net/publication/341884275_Threat_Model_for_Securing_Internet_of_Things_IoT_Network_at_Device-Level
Samtani S (2018) CSDL|IEEE computer society. [online] Computer.org. https://www.computer.org/csdl/magazine/ex/2018/02/mex2018020063/13rRUyft7zb
Samtani S, Yu S, Zhu H, Patton M, Matherly J, Chen H (2018) Identifying SCADA systems and their vulnerabilities on the internet of things: a text-mining approach. IEEE Intell Syst 33(2):63–73 (SANS Institute: Reading Room—Threats/Vulnerabilities, 2021)https://doi.org/10.1109/MIS.2018.111145022
Shahid M, Blanc G, Zhang Z, Debar H (2018) IoT devices recognition through network traffic analysis. [online] Academia.edu. https://www.academia.edu/38420293/IoT_Devices_Recognition_Through_Network_Traffic_Analysis
Suo H, Wan J, Zou C, Liu J (2012) Security in the internet of things: a review—IEEE Conference Publication. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/6188257
Tenable® (2020) Nessus professional. https://www.tenable.com/products/nessus/nessus-professional
Williams R, McMahon E, Samtani S (2017) Identifying vulnerabilities of consumer internet of things (Iot) devices: a scalable approach—IEEE Conference Publication. [online] Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/8004904.
Xiaojiang X, Jian-li W, Ming-dong L (2021) Services and key technologies of the internet of things. [online] Semanticscholar.org. https://www.semanticscholar.org/paper/Services-and-Key-Technologies-of-the-Internet-of-Xiaojiang-Jian-li/3233bc706e9c0a1757de889ee5dfc19b0b358b32
Xie W, Jiang Y, Ding N (2017) CSDL|IEEE computer society. [online] Computer.org. https://www.computer.org/csdl/proceedings-article/icpads/2017/212901a769/12OmNzZWbxb
Yang K, Qiang L, Limin S (2019) http://static.tongtianta.site/paper_pdf/35365316-adba-11e9-b197-00163e08bb86.pdf
Yu M, Zhuge J, Cao M, Jian L (2020) [online] Mdpi.com. https://www.mdpi.com/1999-5903/12/2/27/pdf
Zhao K, Ge L (2013) A survey on the internet of things security. In: Proceedings of the 2013 ninth international conference on computational intelligence and security. [online] Dl.acm.org. https://dl.acm.org/doi/10.1109/CIS.2013.145
Zheng Y, Wen H, Cheng K, Song ZW, Zhu HS, Sun LM (2019) A survey of IoT device vulnerability mining techniques
WonderHowTo (2016) Hack Like a pro: how to scan for vulnerabilities with Nessus. https://null-byte.wonderhowto.com/how-to/hack-like-pro-scan-for-vulnerabilities-with-nessus-0169971/
Worldometers.info (2021) World population clock: 7.8 billion people (2021)—Worldometer. https://www.worldometers.info/world-population/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Awoniyi, S., Kazmi, M.A.N. (2021). Determining Vulnerabilities of Pervasive IoT Devices and Their Geographic Distribution. In: Montasari, R., Jahankhani, H., Al-Khateeb, H. (eds) Challenges in the IoT and Smart Environments. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-87166-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-87166-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-87165-9
Online ISBN: 978-3-030-87166-6
eBook Packages: Computer ScienceComputer Science (R0)