Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases

The article’s primary purpose is to highlight the importance of cybersecurity for Internet of Things (IoT) devices. Due to the widespread use of such devices in everyone’s daily and professional lives, taking care of their security is essential. This security can be strengthened by raising awareness...

Full description

Saved in:
Bibliographic Details
Main Authors: Anna Felkner, Jan Adamski, Jakub Koman, Marcin Rytel, Marek Janiszewski, Piotr Lewandowski, Rafał Pachnia, Wojciech Nowakowski
Format: Article
Language:English
Published: MDPI AG 2024-11-01
Series:Applied Sciences
Subjects:
Online Access:https://www.mdpi.com/2076-3417/14/22/10513
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1850149289254191104
author Anna Felkner
Jan Adamski
Jakub Koman
Marcin Rytel
Marek Janiszewski
Piotr Lewandowski
Rafał Pachnia
Wojciech Nowakowski
author_facet Anna Felkner
Jan Adamski
Jakub Koman
Marcin Rytel
Marek Janiszewski
Piotr Lewandowski
Rafał Pachnia
Wojciech Nowakowski
author_sort Anna Felkner
collection DOAJ
description The article’s primary purpose is to highlight the importance of cybersecurity for Internet of Things (IoT) devices. Due to the widespread use of such devices in everyone’s daily and professional lives, taking care of their security is essential. This security can be strengthened by raising awareness about the vulnerabilities and risks of these devices among their manufacturers and users. Therefore, this paper shows the results of several years of work regarding building vulnerabilities and exploiting databases, with a particular focus on IoT devices. We highlight multiple unique features of our solution, such as aggregation, correlation, and enrichment of known vulnerabilities and exploits collected from 12 different sources, presentation of a timeline of threats, and combining vulnerability information with exploits. Our databases have more than 300,000 entries, which are the result of aggregating and correlating more than 1,300,000 entries from 12 different databases simultaneously, enriched with information from unstructured sources. We cover the innovative utilization of Artificial Intelligence (AI) to support data enrichment, examining the usage of the Light Gradient-Boosting Machine (LGBM) model to automatically predict vulnerability severity and Mistral7B to categorize vulnerable products, which, especially in the case of IoT devices, is critical due to the diversity of nomenclature. Social media and various unstructured sources are prominent places for gathering information. Retrieving data from them is much more complex than from structured databases, but the information there is normally supplied at a faster rate. Thus, we added Mastodon monitoring to enhance our threat timelines.
format Article
id doaj-art-284a39f2a6f3475bb024db447ab38933
institution OA Journals
issn 2076-3417
language English
publishDate 2024-11-01
publisher MDPI AG
record_format Article
series Applied Sciences
spelling doaj-art-284a39f2a6f3475bb024db447ab389332025-08-20T02:26:59ZengMDPI AGApplied Sciences2076-34172024-11-0114221051310.3390/app142210513Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability DatabasesAnna Felkner0Jan Adamski1Jakub Koman2Marcin Rytel3Marek Janiszewski4Piotr Lewandowski5Rafał Pachnia6Wojciech Nowakowski7Research and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandThe article’s primary purpose is to highlight the importance of cybersecurity for Internet of Things (IoT) devices. Due to the widespread use of such devices in everyone’s daily and professional lives, taking care of their security is essential. This security can be strengthened by raising awareness about the vulnerabilities and risks of these devices among their manufacturers and users. Therefore, this paper shows the results of several years of work regarding building vulnerabilities and exploiting databases, with a particular focus on IoT devices. We highlight multiple unique features of our solution, such as aggregation, correlation, and enrichment of known vulnerabilities and exploits collected from 12 different sources, presentation of a timeline of threats, and combining vulnerability information with exploits. Our databases have more than 300,000 entries, which are the result of aggregating and correlating more than 1,300,000 entries from 12 different databases simultaneously, enriched with information from unstructured sources. We cover the innovative utilization of Artificial Intelligence (AI) to support data enrichment, examining the usage of the Light Gradient-Boosting Machine (LGBM) model to automatically predict vulnerability severity and Mistral7B to categorize vulnerable products, which, especially in the case of IoT devices, is critical due to the diversity of nomenclature. Social media and various unstructured sources are prominent places for gathering information. Retrieving data from them is much more complex than from structured databases, but the information there is normally supplied at a faster rate. Thus, we added Mastodon monitoring to enhance our threat timelines.https://www.mdpi.com/2076-3417/14/22/10513Internet of ThingsIoTIoT securityvulnerabilitiesvulnerability databaseexploits
spellingShingle Anna Felkner
Jan Adamski
Jakub Koman
Marcin Rytel
Marek Janiszewski
Piotr Lewandowski
Rafał Pachnia
Wojciech Nowakowski
Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
Applied Sciences
Internet of Things
IoT
IoT security
vulnerabilities
vulnerability database
exploits
title Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
title_full Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
title_fullStr Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
title_full_unstemmed Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
title_short Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
title_sort vulnerability and attack repository for iot addressing challenges and opportunities in internet of things vulnerability databases
topic Internet of Things
IoT
IoT security
vulnerabilities
vulnerability database
exploits
url https://www.mdpi.com/2076-3417/14/22/10513
work_keys_str_mv AT annafelkner vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT janadamski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT jakubkoman vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT marcinrytel vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT marekjaniszewski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT piotrlewandowski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT rafałpachnia vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases
AT wojciechnowakowski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases