A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices

With the prosperity of the Internet of Things (IoT) industry environment, the variety and quantity of IoT devices have grown rapidly. IoT devices have been widely used in smart homes, smart wear, smart manufacturing, smart cars, smart medical care, and many other life-related fields. With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users’ privacy and property. This paper first describes the research background, including IoT architecture, device components, and attack surfaces. We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation. Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.

[1]  Longfei Wu,et al.  A Survey on Security and Privacy Issues in Internet-of-Things , 2017, IEEE Internet of Things Journal.

[2]  Vangelis Metsis,et al.  IoT Middleware: A Survey on Issues and Enabling Technologies , 2017, IEEE Internet of Things Journal.

[3]  Claire Le Goues,et al.  GenProg: A Generic Method for Automatic Software Repair , 2012, IEEE Transactions on Software Engineering.

[4]  Andrew Walenstein,et al.  Malware phylogeny generation using permutations of code , 2005, Journal in Computer Virology.

[5]  Atul Prakash,et al.  Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges? , 2017, IEEE Security & Privacy.

[6]  Giovanni Vigna,et al.  Mechanical Phish: Resilient Autonomous Hacking , 2018, IEEE Security & Privacy.

[7]  Jack W. Davidson,et al.  Xandra: An Autonomous Cyber Battle System for the Cyber Grand Challenge , 2018, IEEE Security & Privacy.

[8]  Frances E. Allen,et al.  Control-flow analysis , 2022 .

[9]  DavidYaniv,et al.  Tracelet-based code search in executables , 2014 .

[10]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..

[11]  L. Javier García-Villalba,et al.  A Methodological Approach for Assessing Amplified Reflection Distributed Denial of Service on the Internet of Things , 2016, Sensors.

[12]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[13]  OthmanMazliza,et al.  Internet of Things security , 2017 .

[14]  Jean-Louis Lanet,et al.  Analysis of HTTP Protocol Implementation in Smart Card Embedded Web Server , 2013 .