Showing 1–1 of 1 results for author: Piotrowski, P

CVE based classification of vulnerable IoT systems

Authors: Grzegorz J. Blinowski, Paweł Piotrowski

Abstract: Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system vulnerabilities. We introduce a real-world based classification of IoT systems. Then, we employ a SVM algorithm on selected subset of CVE database to classify "ne… ▽ More Common Vulnerabilities and Exposures database (CVE) is one of the largest publicly available source of software and hardware vulnerability data and reports. In this work we analyze the CVE database in the context of IoT device and system vulnerabilities. We introduce a real-world based classification of IoT systems. Then, we employ a SVM algorithm on selected subset of CVE database to classify "new" vulnerability records in this framework. The subset of interest consists of records that describe vulnerabilities of potential IoT devices of different applications, such as: home, industry, mobile controllers, networking, etc. The purpose of the classification is to develop and test an automatic system for recognition of vulnerable IoT devices and to test completes, sufficiency and reliability of CVE data in this respect. △ Less

Submitted 30 June, 2020; originally announced June 2020.

Comments: A shorter version of this paper was published in Proc. of the DepCoS-RELCOMEX conference

Journal ref: Theory and Applications of Dependable Computer Systems, Proceedings of the Fifteenth International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, June 29 - July 3, 2020, Brunow, Poland; ISBN 978-3-030-48256-5