Traditional IOCs Meet Dynamic App-Device Interactions for IoT-Specific Threat Intelligence

While enjoying widespread popularity, IoT faces numerous threats using both the traditional (e.g., common vulnerabilities and exposures (CVEs) and common weakness enumerations (CWEs)) and IoT-specific (e.g., device-application interactions) attack vectors. Therefore, gathering threat intelligence fo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE internet of things journal 2024-10, Vol.11 (19), p.30571-30593
Hauptverfasser: Smolyakova, Sofya, Khodayarseresht, Ehsan, Majumdar, Suryadipta
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:While enjoying widespread popularity, IoT faces numerous threats using both the traditional (e.g., common vulnerabilities and exposures (CVEs) and common weakness enumerations (CWEs)) and IoT-specific (e.g., device-application interactions) attack vectors. Therefore, gathering threat intelligence for an IoT environment is equally essential if not more (compared to many other IT environments). However, extracting threat intelligence from an IoT deployment poses several unique challenges. First, most IoT implementations are not logging threat-related information and even if they are, their logging mechanisms require significant additional effort to turn those logs to a threat intelligence. Second, there is no clear definition of Indicators of Compromise (IOCs), which are the key inputs to threat intelligence, in the context of IoT; including how to combine IoT-specific IOCs, including that are involved with the dynamic app-device interactions. In this article, we propose IoTINT, a solution to obtain IoT-specific threat intelligence while addressing the above-mentioned challenges. Specifically, our key ideas are to first enable logging in IoT devices and apps without requiring any code instrumentation (in contrast to the existing approaches), then iteratively finding dynamic interactions between the IoT devices and their apps that are defined by the automation rules and result in various security threats, and finally, combine both the app-device interactions with traditional IOCs (such as CVEs and CWEs) to build a comprehensive threat intelligence for IoT. We implement IoTINT for the Samsung SmartThings, a major smart home platform, and evaluate its performance (e.g., 100% coverage in extracting threat intelligence within 11 s for ten realistic IoT attack scenarios).
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2024.3413351