A Graph-Based Decision Support Model for Vulnerability Analysis in IoT Networks

  • Gemini George
  • Sabu M. ThampiEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


The Internet of Things (IoT) refers to the technological phenomenon that envisages reliable connection and secure exchange of data between the real-world devices and applications. However, the vulnerabilities residing in the IoT devices are identified as the potential entry points for the attackers, thereby causing a huge security threat to the IoT network. The attackers can further advance deep into the network by exploiting the relations among these vulnerabilities. In this work, we address the security issues in the IoT network due to the existence of vulnerabilities in the network devices. We propose a multi-attacker multi-target graphical model referred to as IoT Security Graph, representing the potential attackers, targets, and the vulnerability relations in the IoT network. As the graph is derived from the network, its analysis can reveal many security-relevant parameters of the network. Security analysts are keen in evaluating threats to critical resources in the network due to the presence of inherent vulnerabilities in the devices and in analyzing cost-effective security hardening options. To aid this, we introduce the Terminator Oriented Directed Acyclic Graph (TODAG) for each terminal node representing a potential target in the network. The TODAG for a given terminal node is a sub-graph of the IoT Security Graph of the underlying network and represents all the potential attack paths in the network that orient toward it. The proposal also includes the likelihood estimation of the dominant attack paths in the TODAG. The removal of such paths can significantly reduce the threat at the targets.



This work is sponsored by the Government of India through DST-Women Scientist Scheme(A) under order No. SR/WOS-A/ET-97/2016(G). The work is also supported by the Planning Board, Government of Kerala, India.


  1. 1.
    Rivera, J., van der Meulen, R.: Gartner says 4.9 billion connected “things” will be in use in 2015, Gartner report (2014)Google Scholar
  2. 2.
    Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Futur. Gener. Comput. Syst. 82, 395–411 (2018)CrossRefGoogle Scholar
  3. 3.
    Gartner newsroom, press release on IoT security. Accessed 21 Mar 2018
  4. 4.
  5. 5.
    George, G., Thampi, S.M.: A graph-based security framework for securing industrial IoT networks from vulnerability exploitations. IEEE Access 6, 43586–43601 (2018)CrossRefGoogle Scholar
  6. 6.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDos in the IoT: mirai and other botnets. Computer 50(7), 80–84 (2017)CrossRefGoogle Scholar
  7. 7.
    Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, p. 5. ACM (2015)Google Scholar
  8. 8.
    Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 551–556. IEEE (2017)Google Scholar
  9. 9.
    Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system (CVSS) (2011).
  10. 10.
    National vulnerability database, August 2018.
  11. 11.
    Schneier, B.: Attack trees. Dr. Dobb’s J. 24, 21–29 (1999)Google Scholar
  12. 12.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of Symposium on Security and privacy, pp. 273–284. IEEE (2002)Google Scholar
  13. 13.
    Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of Symposium on Security and Privacy, pp. 156–165. IEEE (2000)Google Scholar
  14. 14.
    Cuppens, F., Ortalo, R.: LAMBDA: a language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000). Scholar
  15. 15.
    Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proceedings of the DARPA Information Survivability Conference Exposition II (DISCEX 2001), vol. 2, pp. 307–321. IEEE (2001)Google Scholar
  16. 16.
    Lippmann, R., Scott, C., Kratkiewicz, K., Artz, M., Ingols, K.W.: Network security planning architecture. Report, Massachusetts Institute of Technology (2007)Google Scholar
  17. 17.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th Conference on Computer and Communications Security, pp. 217–224. ACM (2002)Google Scholar
  18. 18.
    Byres, E.J., Franz, M., Miller, D.: The use of attack trees in assessing vulnerabilities in SCADA systems. In: Proceedings of the International Infrastructure Survivability Workshop. Citeseer (2004)Google Scholar
  19. 19.
    Pearl, J.: Fusion, propagation, and structuring in belief networks. Artif. Intell. 29(3), 241–288 (1986)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Dantu, R., Kolan, P.: Risk management using behavior based Bayesian networks. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 115–126. Springer, Heidelberg (2005). Scholar
  21. 21.
    Dantu, R., Kolan, P., Loper, K., Akl, R.G.: Classification of attributes and behavior in risk management using Bayesian networks (2007)Google Scholar
  22. 22.
    Dantu, R., Loper, K., Kolan, P.: Risk management using behavior based attack graphs. In: Proceedings of IEEE International Conference on Information Technology: Coding and Computing (ITCC), vol. 1, pp. 445–449 (2004)Google Scholar
  23. 23.
    Duda, R.O., Hart, P.E., Nilsson, N.J.: Subjective Bayesian methods for rule-based inference systems. In: Proceedings of the National Computer Conference and Exposition, 7–10 June 1976, pp. 1075–1082. ACM (1976)Google Scholar
  24. 24.
    Lauritzen, S.L., Spiegelhalter, D.J.: Local computations with probabilities on graphical structures and their application to expert systems. JSTOR 50, 157–224 (1988)MathSciNetzbMATHGoogle Scholar
  25. 25.
    Geman, S., Geman, D.: Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images. IEEE Trans. Pattern Anal. Mach. Intell. 6, 721–741 (1984)CrossRefGoogle Scholar
  26. 26.
    Kemeny, J.G., Snell, J.L., Knapp, A.W.: Denumerable Markov Chains: With a Chapter of Markov Random Fields by David Griffeath, vol. 40. Springer, New York (2012). Scholar
  27. 27.
    Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9(1), 61–74 (2012)CrossRefGoogle Scholar
  28. 28.
    Liu, Y., Man, H.: Network vulnerability assessment using Bayesian networks. In: Defense and Security, pp. 61–71. International Society for Optics and Photonics (2005)Google Scholar
  29. 29.
    Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th Workshop on Quality of Protection, pp. 23–30. ACM (2008)Google Scholar
  30. 30.
    Romero-Mariona, J., Hallman, R., Kline, M., San Miguel, J., Major, M., Kerr, L.: Security in the industrial internet of things-the C-SEC approach. In: Proceedings of the International Conference on Internet of Things and Big Data, vol. 1, pp. 421–428 (2016)Google Scholar
  31. 31.
    Ge, M., Hong, J.B., Guttmann, W., Kim, D.S.: A framework for automating security analysis of the internet of things. J. Netw. Comput. Appl. 83, 12–27 (2017)CrossRefGoogle Scholar
  32. 32.
    Wang, H., Chen, Z., Zhao, J., Di, X., Liu, D.: A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow. IEEE Access 6, 8599–8609 (2018)CrossRefGoogle Scholar
  33. 33.
    Abdulla, P.A., Cederberg, J., Kaati, L.: Analyzing the security in the GSM radio network using attack jungles. In: Margaria, T., Steffen, B. (eds.) ISoLA 2010. LNCS, vol. 6415, pp. 60–74. Springer, Heidelberg (2010). Scholar
  34. 34.
    Baca, D., Petersen, K.: Prioritizing countermeasures through the countermeasure method for software security (CM-Sec). In: Ali Babar, M., Vierimaa, M., Oivo, M. (eds.) PROFES 2010. LNCS, vol. 6156, pp. 176–190. Springer, Heidelberg (2010). Scholar
  35. 35.
    Edge, K.S., Dalton, G.C., Raines, R.A., Mills, R.F.: Using attack and protection trees to analyze threats and defenses to homeland security. In: Military Communications Conference (MILCOM), pp. 1–7. IEEE (2006)Google Scholar
  36. 36.
    Fung, C., et al.: Survivability analysis of distributed systems using attack tree methodology. In: Military Communications Conference (MILCOM), pp. 583–589. IEEE (2005)Google Scholar
  37. 37.
    Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 249, pp. 572–581 (1991)Google Scholar
  38. 38.
    Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: Proceedings of the 9th International Conference on Intelligent Transport System Telecommunications (ITST), Lille, France (2009)Google Scholar
  39. 39.
    Higuero, M.V., Unzilla, J.J., Jacob, E., Sáiz, P., Luengo, D.: Application of ‘Attack Trees’ technique to copyright protection protocols using watermarking and definition of a new transactions protocol secdp (secure distribution protocol). In: Roca, V., Rousseau, F. (eds.) MIPS 2004. LNCS, vol. 3311, pp. 264–275. Springer, Heidelberg (2004). Scholar
  40. 40.
    Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006). Scholar
  41. 41.
    Buoni, A., Fedrizzi, M., Mezei, J.: A Delphi-based approach to fraud detection using attack trees and fuzzy numbers. In: Proceedings of the IASK International Conferences, pp. 21–28 (2010)Google Scholar
  42. 42.
    Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008). Scholar
  43. 43.
    Li, X., Liu, R., Feng, Z., He, K.: Threat modeling-oriented attack path evaluating algorithm. Trans. Tianjin Univ. 15, 162–167 (2009)CrossRefGoogle Scholar
  44. 44.
    Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)CrossRefGoogle Scholar
  45. 45.
    Yager, R.R.: OWA trees and their role in security modeling using attack trees. Inf. Sci. 176(20), 2933–2959 (2006)MathSciNetCrossRefGoogle Scholar
  46. 46.
    Zhao, C., Yu, Z.: Quantitative analysis of survivability based on intrusion scenarios. In: Jin, D., Lin, S. (eds.) Advances in Electronic Engineering, Communication and Management Vol.2. LNEE, vol. 140, pp. 701–705. Springer, Heidelberg (2012). Scholar
  47. 47.
    Wang, J., Whitley, J.N., Phan, R.C.-W., Parish, D.J.: Unified parametrizable attack tree. Int. J. Inf. Secur. Res. 1(1), 20–26 (2011)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Center for Research and Innovation in Cyber Threat ResilienceIndian Institute of Information Technology and Management-KeralaThiruvananthapuramIndia
  2. 2.Cochin University of Science and TecnologyKochiIndia

Personalised recommendations