Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices

Pascal Oser, Felix Theodor Engelmann, Stefan Lüders, Frank Kargl

Research output: Conference Article in Proceeding or Book/Report chapterArticle in proceedingsResearchpeer-review

Abstract

IoT devices are present in many, especially corporate and sensitive, networks and regularly introduce
security risks due to slow vendor responses to vulnerabilities and high difficulty of patching. In this paper, we
want to evaluate to what extent the development of future risk of IoT devices due to new and unpatched
vulnerabilities can be predicted based on historic information. For this analysis, we build on existing prediction
algorithms available in the SAFER framework (prophet and ARIMA) which we evaluate by means of a large
data-set of vulnerabilities and patches from 793 IoT devices. Our analysis shows that the SAFER framework
can predict a correct future risk for 91 % of the devices, demonstrating its applicability. We conclude that this
approach is a reliable means for network operators to efficiently detect and act on risks emanating from IoT
devices in their networks.
Original languageEnglish
Title of host publicationSecurity and Trust Management : 18th International Workshop, STM 2022
Publication date28 Sept 2022
Publication statusPublished - 28 Sept 2022

Keywords

  • IoT Security
  • Vulnerability Prediction
  • SAFER Framework
  • Risk Assessment
  • Patch Management

Fingerprint

Dive into the research topics of 'Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices'. Together they form a unique fingerprint.

Cite this