Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases
The article’s primary purpose is to highlight the importance of cybersecurity for Internet of Things (IoT) devices. Due to the widespread use of such devices in everyone’s daily and professional lives, taking care of their security is essential. This security can be strengthened by raising awareness...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-11-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/22/10513 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850149289254191104 |
|---|---|
| author | Anna Felkner Jan Adamski Jakub Koman Marcin Rytel Marek Janiszewski Piotr Lewandowski Rafał Pachnia Wojciech Nowakowski |
| author_facet | Anna Felkner Jan Adamski Jakub Koman Marcin Rytel Marek Janiszewski Piotr Lewandowski Rafał Pachnia Wojciech Nowakowski |
| author_sort | Anna Felkner |
| collection | DOAJ |
| description | The article’s primary purpose is to highlight the importance of cybersecurity for Internet of Things (IoT) devices. Due to the widespread use of such devices in everyone’s daily and professional lives, taking care of their security is essential. This security can be strengthened by raising awareness about the vulnerabilities and risks of these devices among their manufacturers and users. Therefore, this paper shows the results of several years of work regarding building vulnerabilities and exploiting databases, with a particular focus on IoT devices. We highlight multiple unique features of our solution, such as aggregation, correlation, and enrichment of known vulnerabilities and exploits collected from 12 different sources, presentation of a timeline of threats, and combining vulnerability information with exploits. Our databases have more than 300,000 entries, which are the result of aggregating and correlating more than 1,300,000 entries from 12 different databases simultaneously, enriched with information from unstructured sources. We cover the innovative utilization of Artificial Intelligence (AI) to support data enrichment, examining the usage of the Light Gradient-Boosting Machine (LGBM) model to automatically predict vulnerability severity and Mistral7B to categorize vulnerable products, which, especially in the case of IoT devices, is critical due to the diversity of nomenclature. Social media and various unstructured sources are prominent places for gathering information. Retrieving data from them is much more complex than from structured databases, but the information there is normally supplied at a faster rate. Thus, we added Mastodon monitoring to enhance our threat timelines. |
| format | Article |
| id | doaj-art-284a39f2a6f3475bb024db447ab38933 |
| institution | OA Journals |
| issn | 2076-3417 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-284a39f2a6f3475bb024db447ab389332025-08-20T02:26:59ZengMDPI AGApplied Sciences2076-34172024-11-0114221051310.3390/app142210513Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability DatabasesAnna Felkner0Jan Adamski1Jakub Koman2Marcin Rytel3Marek Janiszewski4Piotr Lewandowski5Rafał Pachnia6Wojciech Nowakowski7Research and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandResearch and Academic Computer Network (NASK), Kolska 12, 01-045 Warsaw, PolandThe article’s primary purpose is to highlight the importance of cybersecurity for Internet of Things (IoT) devices. Due to the widespread use of such devices in everyone’s daily and professional lives, taking care of their security is essential. This security can be strengthened by raising awareness about the vulnerabilities and risks of these devices among their manufacturers and users. Therefore, this paper shows the results of several years of work regarding building vulnerabilities and exploiting databases, with a particular focus on IoT devices. We highlight multiple unique features of our solution, such as aggregation, correlation, and enrichment of known vulnerabilities and exploits collected from 12 different sources, presentation of a timeline of threats, and combining vulnerability information with exploits. Our databases have more than 300,000 entries, which are the result of aggregating and correlating more than 1,300,000 entries from 12 different databases simultaneously, enriched with information from unstructured sources. We cover the innovative utilization of Artificial Intelligence (AI) to support data enrichment, examining the usage of the Light Gradient-Boosting Machine (LGBM) model to automatically predict vulnerability severity and Mistral7B to categorize vulnerable products, which, especially in the case of IoT devices, is critical due to the diversity of nomenclature. Social media and various unstructured sources are prominent places for gathering information. Retrieving data from them is much more complex than from structured databases, but the information there is normally supplied at a faster rate. Thus, we added Mastodon monitoring to enhance our threat timelines.https://www.mdpi.com/2076-3417/14/22/10513Internet of ThingsIoTIoT securityvulnerabilitiesvulnerability databaseexploits |
| spellingShingle | Anna Felkner Jan Adamski Jakub Koman Marcin Rytel Marek Janiszewski Piotr Lewandowski Rafał Pachnia Wojciech Nowakowski Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases Applied Sciences Internet of Things IoT IoT security vulnerabilities vulnerability database exploits |
| title | Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases |
| title_full | Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases |
| title_fullStr | Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases |
| title_full_unstemmed | Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases |
| title_short | Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases |
| title_sort | vulnerability and attack repository for iot addressing challenges and opportunities in internet of things vulnerability databases |
| topic | Internet of Things IoT IoT security vulnerabilities vulnerability database exploits |
| url | https://www.mdpi.com/2076-3417/14/22/10513 |
| work_keys_str_mv | AT annafelkner vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT janadamski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT jakubkoman vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT marcinrytel vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT marekjaniszewski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT piotrlewandowski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT rafałpachnia vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases AT wojciechnowakowski vulnerabilityandattackrepositoryforiotaddressingchallengesandopportunitiesininternetofthingsvulnerabilitydatabases |