Cargando…
Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices
IoT devices are present in many, especially corporate and sensitive, networks and regularly introduce security risks due to slow vendor responses to vulnerabilities and high difficulty of patching. In this paper, we want to evaluate to what extent the development of future risk of IoT devices due to...
| Autores principales: | , , , |
|---|---|
| Lenguaje: | eng |
| Publicado: |
2022
|
| Materias: | |
| Acceso en línea: | http://cds.cern.ch/record/2836346 |
| _version_ | 1780975736459362304 |
|---|---|
| author | Oser, Pascal Engelmann, Felix Lüders, Stefan Kargl, Frank |
| author_facet | Oser, Pascal Engelmann, Felix Lüders, Stefan Kargl, Frank |
| author_sort | Oser, Pascal |
| collection | CERN |
| description | IoT devices are present in many, especially corporate and sensitive, networks and regularly introduce security risks due to slow vendor responses to vulnerabilities and high difficulty of patching. In this paper, we want to evaluate to what extent the development of future risk of IoT devices due to new and unpatched vulnerabilities can be predicted based on historic information. For this analysis, we build on existing prediction algorithms available in the SAFER framework (prophet and ARIMA) which we evaluate by means of a large data-set of vulnerabilities and patches from 793 IoT devices. Our analysis shows that the SAFER framework can predict a correct future risk for 91% of the devices, demonstrating its applicability. We conclude that this approach is a reliable means for network operators to efficiently detect and act on risks emanating from IoT devices in their networks. |
| id | cern-2836346 |
| institution | Organización Europea para la Investigación Nuclear |
| language | eng |
| publishDate | 2022 |
| record_format | invenio |
| spelling | cern-28363462023-01-31T09:45:56Zhttp://cds.cern.ch/record/2836346engOser, PascalEngelmann, FelixLüders, StefanKargl, FrankEvaluating the Future Device Security Risk Indicator for Hundreds of IoT Devicescs.CRComputing and ComputersIoT devices are present in many, especially corporate and sensitive, networks and regularly introduce security risks due to slow vendor responses to vulnerabilities and high difficulty of patching. In this paper, we want to evaluate to what extent the development of future risk of IoT devices due to new and unpatched vulnerabilities can be predicted based on historic information. For this analysis, we build on existing prediction algorithms available in the SAFER framework (prophet and ARIMA) which we evaluate by means of a large data-set of vulnerabilities and patches from 793 IoT devices. Our analysis shows that the SAFER framework can predict a correct future risk for 91% of the devices, demonstrating its applicability. We conclude that this approach is a reliable means for network operators to efficiently detect and act on risks emanating from IoT devices in their networks.arXiv:2209.03826oai:cds.cern.ch:28363462022-09-08 |
| spellingShingle | cs.CR Computing and Computers Oser, Pascal Engelmann, Felix Lüders, Stefan Kargl, Frank Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices |
| title | Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices |
| title_full | Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices |
| title_fullStr | Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices |
| title_full_unstemmed | Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices |
| title_short | Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices |
| title_sort | evaluating the future device security risk indicator for hundreds of iot devices |
| topic | cs.CR Computing and Computers |
| url | http://cds.cern.ch/record/2836346 |
| work_keys_str_mv | AT oserpascal evaluatingthefuturedevicesecurityriskindicatorforhundredsofiotdevices AT engelmannfelix evaluatingthefuturedevicesecurityriskindicatorforhundredsofiotdevices AT ludersstefan evaluatingthefuturedevicesecurityriskindicatorforhundredsofiotdevices AT karglfrank evaluatingthefuturedevicesecurityriskindicatorforhundredsofiotdevices |