Netinfo Security ›› 2018, Vol. 18 ›› Issue (11): 81-88.doi: 10.3969/j.issn.1671-1122.2018.11.011

• 理论研究 • Previous Articles     Next Articles

Hazard Assessment of IoT Vulnerabilities Correlation Based on Risk Matrix

Xiaoxian REN1(), Jie CHEN2, Chenyang LI3, Yixian YANG3,4   

  1. 1. College of Computer Science and Technology, North China University of Technology, Beijing 100144, China
    2. Cyber Security Guard, Sichuan Provincial Public Security Department, Chengdu Sichuan 610000, China
    3. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China
    4. Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guizhou Guiyang 550025, China
  • Received:2018-09-20 Online:2018-11-10 Published:2020-05-11

Abstract:

With the rapid development and popularization of the Internet of Things(IoTs), the proportion of attacks on Internet of Things is increasing year by year. In order to scientifically evaluate the vulnerabilities of IoT system, this paper proposes a vulnerability correlation hazard assessment method. Unlike the traditional method of evaluating a single vulnerability in isolation, this vulnerability correlation assessment method uses the CVSS v3 evaluation index, based on the vulnerability correlation graph and the risk matrix, and takes into account the relationship between pre-order vulnerability node and pose-order vulnerability node and vulnerability itself. Experiments show that the method has effective guides for protection of cyberspace security and can avoid the IoT devices that have high correlation hazard vulnerabilities controlled by attackers to launch DDoS attacks or to become a blockchain mining tools.

Key words: IoT, vulnerability assessment, blockchain, correlation

CLC Number: