Modified graph-based algorithm to analyze security threats in IoT

Author:

Arat Ferhat1ORCID,Akleylek Sedat234ORCID

Affiliation:

1. Department of Software Engineering, Samsun University, Samsun, Turkey

2. Department of Computer Engineering, Ondokuz Mayis University Samsun, Samsun, Turkey

3. University of Tartu, Tartu, Estonia

4. Cyber Security and Information Technologies Research and Development Centre, Ondokuz Mayis University Samsun, Samsun, Turkey

Abstract

In recent years, the growing and widespread usage of Internet of Things (IoT) systems has led to the emergence of customized structures dependent on these systems. Industrial IoT (IIoT) is a subset of IoT in terms of applications and usage areas. IIoT presents many participants in various domains, such as healthcare, transportation, agriculture, and manufacturing. Besides the daily life benefits, IIoT technology provides major contributions via the Industrial Control System (ICS) and intelligent systems. The convergence of IoT and IIoT systems brings some integration and interoperability problems. In IIoT systems, devices interact with each other using information technologies (IT) and network space. However, these common usages and interoperability led to some security risks. To avoid security risks and vulnerabilities, different systems and protocols have been designed and published. Various public databases and programs identify and provide some of the security threats to make it easier for system administrators' missions. However, effective and long-term security detection mechanisms are needed. In the literature, there are numerous approaches to detecting security threats in IoT-based systems. This article presents two major contributions: First, a graph-based threat detection approach for IoT-based network systems is proposed. Threat path detection is one of the most critical steps in the security of IoT-based systems. To represent vulnerabilities, a directed acyclic graph (DAG) structure is constructed using threat weights. General threats are identified using Common Vulnerabilities and Exposures (CVE). The proposed threat pathfinding algorithm uses the depth first search (DFS) idea and discovers threat paths from the root to all leaf nodes. Therefore, all possible threat paths are detected in the threat graph. Second, threat path-reducing algorithms are proposed considering the total threat weight, hop length, and hot spot thresholds. In terms of available threat pathfinding and hot spot detecting procedures, the proposed reducing algorithms provide better running times. Therefore, all possible threat paths are founded and reduced by the constructed IoT-based DAG structure. Finally, simulation results are compared, and remarkable complexity performances are obtained.

Funder

ASELSAN A.Ş

Publisher

PeerJ

Subject

General Computer Science

Reference27 articles.

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3