A METHOD OF VULNERABILITY ANALYSIS IN WIRELESS INTERNET OF THINGS NETWORKS FOR SMART CITY INFRASTRUCTURES
DOI:
https://doi.org/10.37943/20VPSX8675Keywords:
internet of things, wireless networks, smart city infrastructure, attack, vulnerabilityAbstract
The article proposes an approach to information security vulnerability analysis and threat modeling in wireless Internet of Things networks for Smart City infrastructures. Currently, such infrastructures are becoming increasingly widespread in a variety of Smart City application areas, including industrial life support systems, pipelines, communication networks, and transportation systems. The wide coverage of end users, the critical nature of such infrastructures and the value of their inherent assets determine the increasing importance of solving problems of determining the security level of such infrastructures and the timely application of protective measures. The ultimate goal of the proposed approach is to assess the security of the infrastructure. This article analyses articles at the intersection of the subject area of vulnerability and attack analysis in information systems and networks and the area of Smart City infrastructure issues. The proposed approach includes the use of an analytical model of an intruder which, together with the analysis of the specification of a specific Smart City infrastructure, allows us to determine the current types of attacks. In order to obtain infrastructure security assessments, the CAPEC database of wireless network vulnerabilities and attack patterns is analysed. In this case, the main attributes of the attacks are identified, unified and transformed into a single format using the numerical values of the considered attributes. The feasibility of the proposed approach is also analysed and its main advantages and disadvantages are considered. In addition, the main areas of further activity and tasks related to testing and improving the proposed approach in practice are identified.
References
Sánchez, L., Elicegui, I., Cuesta, J., Muñoz, L., & Lanza, J. (2013). Integration of utilities infrastructures in a future internet enabled smart city framework. Sensors, 13(11), 14438-14465.
Serrano, W. (2018). Digital systems in smart city and infrastructure: Digital as a service. Smart cities, 1(1), 134-154.
Al-Hader, M., & Rodzi, A. (2009). The smart city infrastructure development & monitoring. Theoretical and Empirical Researches in Urban Management, 4(2 (11), 87-94.
Kasznar, A. P. P., Hammad, A. W., Najjar, M., Linhares Qualharini, E., Figueiredo, K., Soares, C. A. P., & Haddad, A. N. (2021). Multiple dimensions of smart cities’ infrastructure: A review. Buildings, 11(2), 73.
Nam, T., & Pardo, T. A. (2011, June). Conceptualizing smart city with dimensions of technology, people, and institutions. In Proceedings of the 12th annual international digital government research conference: digital government innovation in challenging times (pp. 282-291).
Stellios, I., Kotzanikolaou, P., & Psarakis, M. (2019). Advanced persistent threats and zero-day exploits in industrial Internet of Things. Security and Privacy Trends in the Industrial Internet of Things, 47-68.
Dvinsky, M. B., Drobyshev, I. A., Nepomnyaschaya, N. V., & Pavluchenko, T. V. (2017). Smart city.“smart” infrastructure, networks and communications.
Al-Hader, M., Rodzi, A., Sharif, A. R., & Ahmad, N. (2009, September). Smart city components architicture. In 2009 International Conference on Computational Intelligence, Modelling and Simulation (pp. 93-97). IEEE.
Theoharidou, M., Mylonas, A., & Gritzalis, D. (2012). A risk assessment method for smartphones. In Information Security and Privacy Research: 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings 27 (pp. 443-456). Springer Berlin Heidelberg.
Jing, Y., Ahn, G. J., Zhao, Z., & Hu, H. (2014, March). Riskmon: Continuous and automated risk assessment of mobile applications. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (pp. 99-110).
Kalinin, M., Krundyshev, V., & Zegzhda, P. (2021). Cybersecurity risk assessment in smart city infrastructures. Machines, 9(4), 78.
Lupton, B., Zappe, M., Thom, J., Sengupta, S., & Feil-Seifer, D. (2022, January). Analysis and prevention of security vulnerabilities in a smart city. In 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC) (pp. 0702-0708). IEEE.
Pertence, A. A., Mini, R. A., & Marques-Neto, H. T. (2020, September). Vulnerability Analysis of the Urban Transport System in the Context of Smart Cities. In 2020 IEEE International Smart Cities Conference (ISC2) (pp. 1-8). IEEE.
CAPEC. Common Attack Pattern Enumeration and Classification. A Community Resource for Identifying and Understanding Attacks. https://capec.mitre.org (accessed on 2024.10.04).
Butun, I., Österberg, P., & Song, H. (2019). Security of the Internet of Things: Vulnerabilities, attacks, and countermeasures. IEEE Communications Surveys & Tutorials, 22(1), 616-644.
Riera, T. S., Higuera, J. R. B., Higuera, J. B., Herraiz, J. J. M., & Montalvo, J. A. S. (2022). A new multi-label dataset for Web attacks CAPEC classification using machine learning techniques. Computers & Security, 120, 102788.
An, J. H., Wang, Z., & Joe, I. (2023). A CNN-based automatic vulnerability detection. EURASIP Journal on Wireless Communications and Networking, 2023(1), 41.
NIST. Official Common Platform Enumeration (CPE) Dictionary. https://nvd.nist.gov/products/cpe (accessed on 2024.10.04).
National Vulnerability Database. CPE Summary https://nvd.nist.gov/products/cpe/detail/F130C305-BFA4-4EB5-97F3-AB42E1CDB188 (accessed on 2024.10.12).
CVE. Common Vulnerabilities and Exposures. https://cve.mitre.org (accessed on 2024.10.04).
NIST. Product Integration using NVD CVSS Calculators. https://nvd.nist.gov/vuln-metrics/Calculator-Product-Integration (accessed on 2024.10.04).
National Vulnerability Database. CVE-2013-4772 Detail. https://nvd.nist.gov/vuln/detail/CVE-2013-4772 (accessed on 2024.10.12).
Common Vulnerabilities and Exposures. CVE-2013-4772. https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4772 (accessed on 2024.10.12).
Rae, A., & Wildman, L. (2003). A taxonomy of attacks on secure devices. In Australia Information Warfare and Security Conference. (pp. 251-264).
Abraham, D. G., Dolan, G. M., Double, G. P., & Stevens, J. V. (1991). Transaction security system. IBM systems journal, 30(2), 206-229.
Hussein, A. Y., Falcarin, P., & Sadiq, A. T. (2021). Enhancement performance of random forest algorithm via one hot encoding for IoT IDS. Periodicals of Engineering and Natural Sciences, 9(3), 579-591.
Yuan, H, Tang, Y, Sun, W, Liu, L (2020) A detection method for android application security based on TF-IDF and machine learning. PLOS ONE 15(9): e0238694.
An open source hyperparameter optimization framework to automate hyperparameter search. https://optuna.org (accessed on 2024.10.04).
Fang, Y., Liu, Y., Huang, C., & Liu, L. (2020). FastEmbed: Predicting vulnerability exploitation possibility based on ensemble machine learning algorithm. Plos one, 15(2), e0228439.
Nurbatsin, A., Kireyeva, A., Gamidullaeva, L., Abdykadyr, T. (2023). Spatial analysis and technological influences on smart city development in Kazakhstan. Journal of Infrastructure, Policy and Development, 8.
Urdabayev, M., Kireyeva, A., Vasa, L., Digel, I., Nurgaliyeva, K., Nurbatsin, A. (2024). Discovering smart cities’ potential in Kazakhstan: A cluster analysis. PLOS ONE, 19. e0296765.
Zhakiyev, N., Kalenova, A., Khamzina, A. (2022). The Energy Sector of the Capital of Kazakhstan: Status Quo and Policy towards Smart City. International Journal of Energy Economics and Policy, 12(4), 414–423.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Articles are open access under the Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish a manuscript in this journal agree to the following terms:
- The authors reserve the right to authorship of their work and transfer to the journal the right of first publication under the terms of the Creative Commons Attribution License, which allows others to freely distribute the published work with a mandatory link to the the original work and the first publication of the work in this journal.
- Authors have the right to conclude independent additional agreements that relate to the non-exclusive distribution of the work in the form in which it was published by this journal (for example, to post the work in the electronic repository of the institution or publish as part of a monograph), providing the link to the first publication of the work in this journal.
- Other terms stated in the Copyright Agreement.